I have DU Meter and it is showing that something is downloading at a constant 25kB/sec... It has been doing this for who knows how long, I just now noticed it. I even restarted and when windows loads back up, the mysterious download starts again... Any programs out there to tell me what the hell's going on? I ran spybot, to no avail...
Very weird thing going on here.....
- Thread starter Dolemite69
- Start date
FPort, a tool from Foundstone (www.foundstone.com), will show you what programs are using what network ports and who they're connected to.
Edit: can't seem to connect to thier site at the moment, but if you google on "fport" you'll probably come up with several site to get it from. It's free.
Edit: can't seem to connect to thier site at the moment, but if you google on "fport" you'll probably come up with several site to get it from. It's free.
If it were that, wouldn't I have an icon in the taskbar?
I tried tcpview, but i'm not sure what it is telling me. I'm going to try fport...
Ok guys, it is STILL doing it... Basically it's been downloading at a constant 25kB/sec all freakin day. WHAT IS IT? That's a lot of data....
just do Ctrl-Alt-Del and close down all programs that aren't needed and see if the ah heck still does it!!
Run MS config and stop all un-necessary programs from starting up at startup...
use your firewall to block all ports and see if a request pops up to allow a program access to the net...
If you don't have a firewall then you had better get one!!! Same goes for antivirus.....lots of annoying little people out there!!
Try unplugging your net connection......is the program still claiming that 25KBps is being downloaded?
Is DUmeter monitoring the correct device....Home network etc???
I presume that you are using windows.....Do you have service packs??? updates up to date?
try loading in safe mode and see if this mystery transfer is still there....
You never know you may be supplying the world with mydoom or blaster!!!!!!
hope this helps
Run MS config and stop all un-necessary programs from starting up at startup...
use your firewall to block all ports and see if a request pops up to allow a program access to the net...
If you don't have a firewall then you had better get one!!! Same goes for antivirus.....lots of annoying little people out there!!
Try unplugging your net connection......is the program still claiming that 25KBps is being downloaded?
Is DUmeter monitoring the correct device....Home network etc???
I presume that you are using windows.....Do you have service packs??? updates up to date?
try loading in safe mode and see if this mystery transfer is still there....
You never know you may be supplying the world with mydoom or blaster!!!!!!
hope this helps
Typically, you won't get the icon in your tray until the download is finished.
If it is trying to download something large, (possibly SP2) then it could take a while to appear.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Do you have antivirus software (if so, what) and is it using up-to-date engine and definitions? Is it set up to play hardball (heuristics on, scanning within compressed files, no exemptions, no asking the user what to do before taking action)?
Do you have a router to be your perimeter firewall, and a software firewall on the computer? Are there other computers networked to yours? If you don't have a router, get one. Netgear RP614, Linksys BEFSR41 or similar. Enable WindowsXP's firewall or install basic free ZoneAlarm on your system.
I thought of Windows Automatic Updates too, and if you don't have SP2 then it's probably decided to go download it for you, but it's time to check your security out. Another good tool is Microsoft Baseline Security Analyzer. There are links to all that stuff if you follow the first link in my signature below.
Do you have a router to be your perimeter firewall, and a software firewall on the computer? Are there other computers networked to yours? If you don't have a router, get one. Netgear RP614, Linksys BEFSR41 or similar. Enable WindowsXP's firewall or install basic free ZoneAlarm on your system.
I thought of Windows Automatic Updates too, and if you don't have SP2 then it's probably decided to go download it for you, but it's time to check your security out. Another good tool is Microsoft Baseline Security Analyzer. There are links to all that stuff if you follow the first link in my signature below.
Ok folks. I am not on a network. This is the only computer. I have WinXP WITH SP2. I have Norton Antivirus with definitions updated a couple days ago. Windows Firewall is on. I also just installed Norton firewall. It still didn't stop the mystery download. I clicked on the option "block traffic" in Norton Firewall and although I could no longer browse the internet, the download continued. I've never seen anything like this... See the attached picture. The bottom right shows the constant download... 
desktop picture
desktop picture
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Right off the bat, I see you have PowerStrip installed. That's advertising-supported software. Have you run an anti-spyware scan?
Also, there are some viruses, that if they get the first punch in, they will load a stealthing driver that hides them from normal antivirus detection techniques (to paraphrase McAfee). Have your virus defs been pretty consistently up-to-date over time? Is Norton maxed out on heuristics, scanning inside compressed files and not allowing any exemptions? Have you run an actual exhaustive antivirus scan since the last update? I know I'm sounding a little alarmist, but it comes with my job as a basic IT dude
If you want to try an antispyware tool, use AdAware and Spybot Search & Destroy 1.3 and see what they come up with.
Also, there are some viruses, that if they get the first punch in, they will load a stealthing driver that hides them from normal antivirus detection techniques (to paraphrase McAfee). Have your virus defs been pretty consistently up-to-date over time? Is Norton maxed out on heuristics, scanning inside compressed files and not allowing any exemptions? Have you run an actual exhaustive antivirus scan since the last update? I know I'm sounding a little alarmist, but it comes with my job as a basic IT dude
If you want to try an antispyware tool, use AdAware and Spybot Search & Destroy 1.3 and see what they come up with.
yea, in my first post i mentioned i ran spybot but it didn't fix it. I'm at wits end, thinking i might have to do a fresh install.... It seems like there would be something out there to let you see what programs are using the network connection... i'm gonna run that tcpview again and get a screenshot for you guys to see...
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Try installing ZoneAlarm free version instead of the other firewalls. Tell it not to pre-configure access when you come to that prompt, so that EVERY program that wants to talk to the Internet has to get ZoneAlarm's ok. Take note of each proggie and let's see what you get. ZoneAlarm free version Or as you say, blast the whole Windows installation and take it from the top
If you have WinXP Professional, and you do start from the top, can I suggest making one Admin-class account that you use only when you need Administrator privileges, and then one Limited-class account for yourself, and more Limited-class accounts as needed for each other person that uses the PC. Limited privileges really put the brakes on a lot of Bad Stuff, whether from accidental, intentional or malicious sources.
The top link in my signature has a bunch of other suggestions, including enabling Data Execution Prevention on all software (instructions under the Ongoing Prevention header there, down the page a ways). Anyway, good luck, that sounds like a frustrating situation
If you have WinXP Professional, and you do start from the top, can I suggest making one Admin-class account that you use only when you need Administrator privileges, and then one Limited-class account for yourself, and more Limited-class accounts as needed for each other person that uses the PC. Limited privileges really put the brakes on a lot of Bad Stuff, whether from accidental, intentional or malicious sources.
The top link in my signature has a bunch of other suggestions, including enabling Data Execution Prevention on all software (instructions under the Ongoing Prevention header there, down the page a ways). Anyway, good luck, that sounds like a frustrating situation
so i uninstalled Norton Firewall, and installed Zone Alert. I did the "not pre-configure access" as mentioned by mechbgon, but it still downloaded. I also said stop all traffic through zone alarm, but it kept downloading. However, once I unpluged the network cable, everything went to zero, so i guess it's not a glitch, something's actually being downloaded. This is crazy..
I'd just backup/format. Are you sure the program is accurate? Either way, a complete re-format of the HD would take out whatever is downloading.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Is it possible that DUMeter is simply detecting all the random traffic off your Comcast connection (worms, script kiddies, etc)? If it's still in doubt, I'd drop the bomb on it and reinstall Windows, update to SP2 offline, and then see what happens. Let us know the outcome if you do, I'm curious now :Q
I've used DUmeter for years, and never seen this. Also, I've got a 200gig drive partitioned to 160/40 and the os is on the 40 side. Let's just hope that when i reformat/install windows that whatever is downloading is on the 40 side as well. I can't do it now though, no time. I wonder how much has downloaded already? 25k/s over at least 2-3 days... hmmmm....
thanks for all the help.
25k/s over at least 2-3 days... hmmmm....thanks for all the help.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter