Computer generating extremely high outbound traffic

[Zucarita9000]

I can't figure this one out. This computer is generating an inmense amount of outbound traffic in the network, completely saturating it. It's running Windows 2000, so no Windows Firewall avaiable.

Upon connecting the cable and getting an IP address from the DHCP server, the computer stars to send out information on ports 445, 135, 139 and 1433.

I've scaned for viruses and spyware and removed everything the apps found, but the problem is that I cannot update them! The internet connection gets so congested that nothing can connect to the outside.

To give you an idea, the amount of recieved packets in a period of 5 minutes is about 300. Sent packets goes beyond 5.000.

Blocking the ports on the router does nothing, and the outbound connection simply changes the ports.

I've just tried connecting again. These are the number after a 2 minute long network connection:

Received packets: 22
Sent packets: 2.133

This is insane. I don't know what the hell to do.

 

[nweaver]

download updates and burn to cd


install S/W firewall from CD

 

[OfficeLinebacker]

You obviously have some kind of malware or program trying to "phone home."

The part about being able to switch ports makes me think you have a program that is some kind of virus trying to do a DOS attack.

Have you used ad-aware and SpyBot S&D?

 

[Zucarita9000]

Originally posted by: OfficeLinebacker
Have you used ad-aware and SpyBot S&D?

Yes, both found some pests and I removed them. Wich firewall would you recommend? There are lots out there... I'm downloading TINY Firewall 2005 right now.

 

[OfficeLinebacker]

No-brainer. ZoneAlarm.

 

[n0cmonkey]

Nuke'em from orbit, it's the only way to be sure. aka. reinstall. Sounds like a bad case of the nasties.

 

[futuristicmonkey]

I don't know about 1433...but the rest are netbios ports...used for windows filesharing.

I noticed this on my small lan before - the byte/packet counter in the connection's properties would be off the scale, to remedy this I bound windows filesharing to netbeui, instead of tcp/ip.

Edit: Do the ports ever change from those ports you listed?

 

[Zucarita9000]

Ok, I think I got it. After exploring the firewall logs, the only process that was sending out information was "taskcntr.exe". I disabled the service and everything is fine now. This little bastard was spitting out packets like crazy.

Now I have to figure out how it got in there in the first place.

 

[spidey07]

sounds like a worm. lots of them scanned on those ports.

search trendmicro.com for that process name to see if you can find out what worm it is. it will have manual removal instructions.

 

[nweaver]

Originally posted by: n0cmonkey
Nuke'em from orbit, it's the only way to be sure. aka. reinstall. Sounds like a bad case of the nasties.

:thumbsup:

 

[orion23]

How can I monitor networking performance at home?
I have a wireless router and 3 pcs connected to it.
I would like to know how to monitor any kind of activity. How would I know the outbound performance?
TIA!