Need help, something sending out a lot of data.

Toggle sidebar Toggle sidebar
B

btcomm1

Senior member
Sep 7, 2006
943
0
0
Is there a program that will capture network traffic AND tell me what application and or DLL is sending it? It seems like something must be spamming out traffic from this computer.

Ok, so I got a little closer, I found tcpview and found that something called non existant was sending out tons of spam email and I was able to end that process using tcpview however non existant does not tell me what file and or dll this virus is, has anyone run into it before?

An update on this issue:

It is not an EXE, I had task manager opened while ending the "non existant" process and no EXE's disappeared from the task manager.
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Based on some study of a rootkit-based Spambot I was checking out, I'd try some rootkit-detection/removal tools in conjunction with several antivirus scanners. some resources Also consider removing the drive from the computer, putting it into another computer, and running antivirus scans on it while it's "captive."


possible culprit: Trojan.Srizbi, which my (deliberately vulnerable) test system came down with when I rammed it into some pr0n sites (with pics disabled, if anyone wonders ;)).
 
B

btcomm1

Senior member
Sep 7, 2006
943
0
0
You were right, it looks like it was a couple of rootkits that were infecting the computer, I got rid of those and it stopped spamming the email, then I had to get rid of some more spyware on the system. This thing was very infected but good now.
 
M

montag451

Diamond Member
Dec 17, 2004
4,587
0
0
Hey Mech - don't mean to suck up to a mod or anything like that - but you've gone to town on your site.

NICE ONE
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: montag451
Hey Mech - don't mean to suck up to a mod or anything like that - but you've gone to town on your site.

NICE ONE
Click to expand...

Thanks! :) I just wish it depicted a build of a modern system, instead of that ancient-history AthlonXP rig :( but I can't afford to build a new system for the near future. But at least the security info doesn't cost anything to improve upon :)

 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Originally posted by: btcomm1
You were right, it looks like it was a couple of rootkits that were infecting the computer, I got rid of those and it stopped spamming the email, then I had to get rid of some more spyware on the system. This thing was very infected but good now.
Click to expand...
Obviously, this is a matter of OPINION, but I would never trust a PC that'd been infected by a rootkit. To say nothing of one that had a COUPLE of rootkits, plus spyware. I'd re-install the OS.
 
JEDIYoda

JEDIYoda

Lifer
Jul 13, 2005
33,986
3,320
126
On a side note there are firewalls that will actively monitor the traffic in and out and also tell you whats is sending the traffic in or out.....

Peace!!
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: JEDIYoda
On a side note there are firewalls that will actively monitor the traffic in and out and also tell you whats is sending the traffic in or out.....
Click to expand...

And they are fooled every day, unfortunately. Don't underestimate the bad guys.

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom