Computer sending packets like a bastard

[doodler85]

Hey guys,

My roommate's computer is sending packets like a racehorse... in a few minutes, he's already sent 300 million of them. We suspected a virus, but even after a reformat, an installation of norton, the newest windows XP updates, etc... it's still doing it.

Do you guys have any ideas for locating the source of this problem and getting rid of it?

Thanks,

-David

 

[Uncle Bob]

http://forums.anandtech.com/me...6173&enterthread=y

 

[tyanni]

When you reformatted, did you make sure it was unplugged from the internet until after all of the latest patches were installed and your anti-virus software up and running? You can get infected via the net almost immediately these days if you are running an unpatched machine.

Tim

 

[lenjack]

Yeah...It took less than 1 minute for my comp to get infected when I went online before installing ZoneAlarm. Install ZoneAlarm (free version is fine) and check to see whats accessing the internet.

 

[doodler85]

Alright, I'll have him reinstall Zone Alarm.

It's amazing that he got infected so quickly. I had his computer unplugged the whole time, until we installed Norton 2004 and started getting Windows Updates. I read that most computers can get infected within 4 minutes of being freshly plugged into the internet, but I never thought it would actually happen! Damn!

Before we reformatted, his computer had traces of so many viruses, it was sickening. Zonealarm's internet lock couldn't even stop the packets from shooting out at a rate of billions per second. We restricted everything but svchost.exe and Common User Client... it was still to no avail.

I think he has a future-wrought hardware virus, brought to our plane by time-travelling, infuriated lawn gnomes :Q

I'll keep you posted.

Thanks,

-David

 

[doodler85]

So, uh, we formatted a second time, and never even connected to the internet until Norton and Zonealarm were installed, but he still has sent almost 2 trillion packets today.

Is it possible that windows is using a different packet size, or something? I can't figure out what would keep causing this problem.

Thanks again,

-David

 

[montag451]

have you got automatic windows update disabled? or enabled?

 

[doodler85]

It's enabled.

-David

 

[montag451]

disable it and see if the packets stop

 

[doodler85]

Hmmm. You might be right.

We haven't had the network problems that were occuring earlier, and the flurry of packets slows down and stops at around 250,000,000,000 - 350,000,000,000... but that's still a huge number.

Ehhhh. If you can't think of anything, it's not a big problem anymore, but I'm still curious as to its origins.

Thanks again again,

-David

 

[montag451]

If you can reset the connection just to see what it does over the next few minutes.
In a command prompt type:
NETSTAT
and see what comes up.
or:
Download analogx packet sniffer or network probe might do it:

http://netsecurity.about.com/c...s/a/aafreepacsniff.htm

see if there is anything else that

 

[mechBgon]

Is he installing warez or something that might be the source of infection? Is the OS itself legit? What version of Norton?

If you need to try again, use a legit Windows, keep it 100% isolated from any source of network connection (wired or otherwise), install Service Pack 2, install and configure Norton 2004 or 2005, update Norton offline using Intelligent Updater, make sure the Windows Firewall is enabled (Norton 2005 will disable it by default), and now you're at a point where you can safely connect to the network.

Get Norton's LiveUpdate, reboot, run LiveUpdate again, reboot as needed. Then get the latest Windows patches from Windows Update and run a Microsoft Baseline Security Analyzer scan.

Make sure Norton is using maximum Heuristics, and is scanning within compressed files, and don't install anything illegitimate or risky, and see how you do.

 

[montag451]

I knew it.......

is it a bird, is it a plane, no ----- its mechbgon...... to the rescue

 

[mechBgon]

Able to leap large pizzas in a single bound! :Q

 

[doodler85]

mech,

Well... Windows XP and ZAP were legit, but the copy of Norton 2004 wasn't.

I plan to purchase either Norton 2005 or PC Cillin in the near future, since copies on both my desktop and laptop are about to (or already) expired.

I'll get him to install Service Pack 2 and see what happens.

I really appreciate all the time you guys are donating to me and my army of nuns. I hope that someday I'll be able to say something useful on this forum

-David

 

[mechBgon]

LOL, warez'd antivirus!!! :roll: HOW dumb can people be?! The mind boggles

Ok... heh... start from the top, then, but don't install the warez'd Norton, or warez of any sort. I think it would be safer to have no antivirus software than a warez antivirus(?) software. Before connecting the network, get SP2 installed, enable its firewall, fully enable Data Execution Prevention like this picture, and then grab a free 15-day trialware of McAfee VirusScan 9.0 to get rolling with.

Also, if your pal is going to be doing stupid stuff, then make him a Limited-class account to do the stupid stuff with. They're significantly harder to subvert.

 

[boomerang]

Norton's got some decent prices on 3 user NAV 2005 with an upgrade rebate. If you have one legit copy to qualify, and a third user, it may be the way to go price wise.

 

[montag451]

or just try AVGFREE from www.grisoft.com

Good, free, and a smaller footprint.