VIRUS? very odd behavioré.

[acid45]

Ive noticed that my computer has been downloading at a constant 40-50k/s for about 12hrs now , im not dling anything.

Ive scanned with my virus detection program (bitdefender) and ive found nothing... if anyone has any ideas of what this might be please reply or pm me thx.

 

[mechBgon]

Sounds suspicious, all right. Have you tried shutting down the system and restarting it? Do you have a hardware firewall-type unit (Linksys BEFSR41 or similar) or else a software firewall, or both? If you don't, then you can start with free ZoneAlarm Basic. This will ask questions about the network traffic trying to leave the system, and will block incoming traffic that you didn't initiate.

After that, you might try

[*]start by disabling System Restore and deleting all the SR files (how do I do that?).
[*]try McAfee's free Stinger tool. It's a limited-scope tool aimed at certain commonplace viruses and trojans. If it comes up clean, that does NOT mean the system is guaranteed virus-free.
[*]Update your Bitdefender virus definitions to the latest version if they're more than a few days old, max out all the scanning options such as heuristics and scanning within compressed files, then scan again
[*]If your virus-definition subscription has ceased, try Grisoft's AVG Free Edition and again, make sure to max out the scanning options and have it update to the latest virus database
[*]Get your system patched up at Windows Update

Good luck If all else fails, reformat and get your protections in place on the next go-around.

 

[vietofmars]

What site are you dl'ing from? Maybe the site is the bottleneck. Try one of those bandwidth speed testers.

 

[KB]

Are you running any P2P software like Kazaa and have leechers downloading your files?

The concern is that you are being used as an anonymous remailer or as an FTP site. Run another AV product scan on your system, like Stinger (mentioned above).

I would use a program like TCPview to see what process has what TCP port open and see if any processes doesn't look right to you. You can also check which process has an ESTABLISHED network connection and the ip address of the remote connection.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

 

[acid45]

Thx il give that a try, i checked in my linksys router options and i found that my DMZ thing was enabled so my computer was open to all... kinda odd. il try the scans and what not and il get back to you guys.

 

[Abhi]

Originally posted by: vietofmars
What site are you dl'ing from? Maybe the site is the bottleneck. Try one of those bandwidth speed testers.

Huh???? What you talking about? Did you read his post?

 

[acid45]

Ok i reformated all and everything was great for 1 day or so and then the same problem came back...


Anyway heres a list of runing process's if anyone sees anything not right please tell me thx

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SLEE503.exe
C:\Program Files\Steganos Security Suite 6\sss.exe
C:\Program Files\Steganos Security Suite 6\safe.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cerberus\Cerberus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe

 

[mechBgon]

Looks like spyware, the StyleXPSoft. Whatever you're installing, it's got a hook inside the bait Try Spyware Search & Destroy (make sure to update it) from here.

 

[Wolfie]

You may also want to post a hijackthis post and see what is running that shouldn't. It's a program that shows you what processes are running. Even if it's not showing up on your task manager.

Download HIJACKTHIS.
Go to CEXX and post on the forums you log file to see if those experts see something that shouldn't be on there. They are really good about finding something that shouldn't be there.

Just another protective messure.

Good luck...

Wolfie