Re: unknown continuous bytes sent over Internet???

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 10/11/04 

Date: Mon, 11 Oct 2004 01:14:55 -0400

Larry, one possible explanation for this behavior is that you have inherited
an IP address previously used by someone who shared files via one of the
peer-to-peer engines.

You have the Internet Connection Firewall in XPSP1. You'd be better off
with the Windows Firewall in XPSP2, but both of them can be set to log
dropped packets.

Properties of your Internet connection, advanced tab, settings button (and
here I get lost, 'cause I'm on sp2)--advanced tab again, and logging
options.

The log can be looked at in Notepad or Excel. Take a look at what ports the
traffic is on, and do some research with Google about what those ports are
used for.

The other suggestions for firewalls are excellent suggestions, but all of
the firewalls, including the one you have already, can log the traffic being
dropped, and looking at those logs is the way to distinguish between a
genuine attack and this sort of routine accident.

"Larry Gagnon" <lagagnon@fakeuniserve.com> wrote in message
news:8ogjm01m77eknh8hl67oo85q6aohjr6kv5@4ax.com...
>I have a Compaq Presario 2100 Notebook running Windoxs XP Home Edition
> Service Pack 1. I have run full antivirus cleaning using AVG
> Anti_virus and have also recently cleaned all malware from the system
> with both SpyBot and AdAware.
>
> I use a dialup PPP connection to the Internet. Within a few seconds of
> connecting to the Internet the DialupNetworking status box shows a
> continuous stream of data being sent from my machine. This occurs when
> doing NOTHING! There are no active applications. I have checked all
> the running processes and the list seems to be all OK with no Trojans
> running. Network useage is about 85% when it should be close to zero!
>
> How can I check what is being sent and to who and why? Is it likely I
> still have a Trojan? Where do I go to from here - it is significantly
> slowing down my Internet experience. Any suggestions greatly
> appreciated.
>
> Larry Gagnon
> ***************
> remove "fake" from email address

Relevant Pages

  • Re: Win XP ICF - permit all traffic from one IP address?
    ... The firewall doesnt affect IPX traffic, ... > and connect directly to the Internet via a DSL ... > Now I would really like to have Internet Connection ... > way to add the equivalent of a "PERMIT ALL FROM IP ...
    (microsoft.public.security)
  • Re: New Document Template: Unable to connect to MS Office Online E
    ... I temporarily disable you firewall to eliminate that. ... non-Office 2007 Home and Student programs work fine accessing the internet. ... Microsoft Office Online. ... > Any suggestions as to where I change the default internet connection? ...
    (microsoft.public.word.application.errors)
  • Re: AOL & Windows XP firewall
    ... or switch to a real ISP that is compatible with the real ... both WinXP's built-in firewall and WinXP's Internet Connection Sharing ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Remote Procedure Call
    ... Because you accessed the internet without using a firewall or an Anti ... This stops the worm from running, so your system will not shut ... If you've disconnected your internet connection, ...
    (microsoft.public.windowsxp.general)
  • Re: IE Freezes when loading Microsofts home page
    ... background, *and* had installed all updates, it may well be infected, Larry. ... It is my work machine and has Windows firewall ... >> Before You Connect a New Computer to the Internet ...
    (microsoft.public.windows.inetexplorer.ie6.browser)