Re: Sending millions of packets
From: J (Jesse_at_nospam.LogicalArts.com)
Date: 10/10/04
- Next message: Fred Marshall: "Re: winxp network win 98 drops"
- Previous message: Richard: "Re: ARP request and Netbios"
- In reply to: Chuck: "Re: Sending millions of packets"
- Next in thread: Chuck: "Re: Sending millions of packets"
- Reply: Chuck: "Re: Sending millions of packets"
- Reply: Hans-Georg Michna: "Re: Sending millions of packets"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 10 Oct 2004 16:28:50 -0400
Thank you for your time.
(comments at bottom)
>
> >Sunday 2:10pm
> >
> >Laptop XP PRO, SP2
> >
> >Millions of packets are sent when starting the computer.
> >
> >Been on for 40 minutes now, sent 313,532,612,754 packets.
> >received 28.
> >
> >Disable the connection and start again: 40 seconds 146 million packets
sent.
> >
> >The network icon in the try displays activity but ZoneAlarm does not show
> >actual access to the network.
> >
> >I had uninstalled ZA before installing SP2. I installed ZA to check for
> >spyware of some sort.
> >
> >I had completed scans with Spybot, Ad-Aware and NAV2004. Items were found
> >but no virues/trojans.
> >
> >Any thoughts?
> >
> >J
> >
>
> Jesse,
>
> ZoneAlarm will detect network activity by specific applications. Some
crapware
> (adware, spyware, viruses) may use system functions to send and receive,
and ZA
> will look the other way.
>
> How current is your virus protection? Try one or more of these free
online
> virus scans, which should complement your current protection:
> <http://www.bitdefender.com/scan/license.php>
> <http://www.pandasoftware.com/activescan>
> <http://www.ravantivirus.com/scan/>
> <http://security.symantec.com/ssc/home.asp>
> <http://housecall.trendmicro.com/housecall/start_corp.asp>
>
> Now check for, and learn to defend against, additional problems - adware,
> crapware, spyware. Have you downloaded these programs before? Download
them
> again, as the latest version may be needed to keep up with the current
level of
> malware being attempted constantly - get the absolutely most current
version of
> each product listed. They're all free - and most pretty small, so they
download
> quickly enough.
>
> Start by downloading each of the following additional free tools:
> AdAware <http://www.lavasoftusa.com/>
> CWShredder <http://www.majorgeeks.com/download4086.html>
> CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
> <http://www.majorgeeks.com/download4113.html>
> HijackThis <http://www.majorgeeks.com/download.php?det=3155>
> LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
> Spybot S&D <http://www.safer-networking.org/index.php?page=download>
> Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
>
> Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> downloaded file there. AdAware and Spybot S&D have install routines - run
them.
> The other downloaded programs can be copied into, and run from, any
convenient
> folder.
>
> First, run Stinger. Have it remove any problems found.
>
> Next, close all Internet Explorer and Outlook windows, and run
> CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter
fix all
> problems found.
>
> Next, run AdAware. First update it ("Check for updates now"), configure
for
> full scan (<http://forum.aumha.org/viewtopic.php?t=5877>), then scan.
When
> scanning finishes, remove all Critical Objects found.
>
> Next, run Spybot S&D. First update it ("Search for updates"), then run a
scan
> ("Check for problems"). Trust Spybot, and delete everything ("Fix
Problems")
> that is displayed in Red.
>
> Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save
the
> HJT Log.
> <http://forums.spywareinfo.com/index.php?showtopic=227>
> <http://www1.spywareinfo.com/articles/hijacked/prevent.php>
>
> Finally, have your HJT log interpreted by experts at one or more of the
> following security forums (and please post a link to your forum posts,
here):
> Aumha: <http://forum.aumha.org/index.php>
> Net-Integration: <http://forums.net-integration.net/>
> Spyware Info: <http://forums.spywareinfo.com/>
> Spyware Warrior: <http://spywarewarrior.com/index.php>
> Tom Coyote: <http://forums.tomcoyote.org/>
>
> If removal of any spyware affects your ability to access the internet
(some
> spyware builds itself into the network software, and its removal may
damage your
> network), run LSP-Fix and / or WinsockXPFIx.
>
> Finally, improve your chances for the future.
>
> Harden your browser. There are various websites which will check for
> vulnerabilities, here are three which I use.
> http://www.jasons-toolbox.com/BrowserSecurity/
> http://bcheck.scanit.be/bcheck/
> https://testzone.secunia.com/browser_checker/
>
> Block Internet Explorer ActiveX scripting from hostile websites
(Restricted
> Zone).
> <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
>
> Block known dangerous scripts from installing.
> <http://www.javacoolsoftware.com/spywareblaster.html>
>
> Block known spyware from installing.
> <http://www.javacoolsoftware.com/spywareguard.html>
>
> Make sure that the spyware detection / protection products that you use
are
> reliable:
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Harden your operating system. Check at least monthly for security
updates.
> http://windowsupdate.microsoft.com/
>
> Block possibly dangerous websites with a Hosts file. Three Hosts file
sources I
> use:
> http://www.accs-net.com/hosts/get_hosts.html
> http://www.mvps.org/winhelp2002/hosts.htm
> (The third is included, and updated, with Spybot (see above)).
>
> Maintain your Hosts file (merge / eliminate duplicate entries) with:
> eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> Hostess <http://accs-net.com/hostess/>
>
> Secure your operating system, and applications. Don't use, or leave
activated,
> any accounts with names or passwords with trivial (guessable) values.
Don't use
> an account with administrative authority, except when you're intentionally
doing
> administrative tasks.
>
> Use common sense. Yours. Don't install software based upon advice from
unknown
> sources. Don't install free software, without researching it carefully.
Don't
> open email unless you know who it's from, and how and why it was sent.
>
> Educate yourself. Know what the risks are. Stay informed. Read Usenet,
and
> various web pages that discuss security problems. Check the logs from the
> security products that you use regularly, look for things that don't
belong, and
> take action when necessary.
>
> And Jesse, I wouldn't bet that your email munging technique will fool too
many
> email address mining viruses. Learn to munge your email address properly,
to
> keep yourself a bit safer when posting to open forums. Protect yourself
and the
> rest of the internet - read this article.
> http://www.mailmsg.com/SPAM_munging.htm
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
Sunday 4:25pm EDT US
This is a client's computer. Doing the maintenance and update thang, I am
I use (and used) many of the programs you suggested: SB, ad-aware, hijack
this, CWShredder, CoolWWWSearch remover,..... all current versions and defs.
And Bazooka.
ZA at least can identify a program/process attempting network access. Ran
into Home Shopping, or some such last week, that identified itself at a
svchost process.
Various Google searches provided a number of newsgroup messages about the
network sending millions of packets.
Some fixed the problem by removing the netcard drivers and installing such
again. This did not help here.
I can see the packets-sent number increase while the network icon flashes.
But ZA displays NO activity.
I am suspecting this is not about spyware. But, none of the messages I found
described a clear resolution.
Just in case, running an online scan now.
I have had essentially no problems with my computers (6), used by me, the
wife, and the grandchildren.
But I have worked on a few this past year that were completely full of
stuff.
Today's problem computer had hotbar, and a few cookies.
And so on.
Thank you for the various pointers. Always too much to learn.
J
- Next message: Fred Marshall: "Re: winxp network win 98 drops"
- Previous message: Richard: "Re: ARP request and Netbios"
- In reply to: Chuck: "Re: Sending millions of packets"
- Next in thread: Chuck: "Re: Sending millions of packets"
- Reply: Chuck: "Re: Sending millions of packets"
- Reply: Hans-Georg Michna: "Re: Sending millions of packets"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
