Re: Uncontrolled Downloads

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Fri, 1 Sep 2006 19:45:01 -0700, liddlem <liddlem@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

"Chuck" wrote:

On Fri, 1 Sep 2006 09:34:02 -0700, liddlem <liddlem@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Hi Folks

I have recently discovered that each time I boot my PC, my internet
connection is activated and it just begins uploading & downloading like
crazy. Abour 25mb per hour.

I am running Windows Defender & Norton Antivirus, Norton Anti-Spam and
Norton Interet security.

I tried putting a sniffer onto my internet connection, but that isnt giving
me much. I found this link (
a-61-9-129-166.deploy.akamaitechnologies.com:http) and after doing a "whois"
on these guys, I have tried blocking all their servers in my firewall. That
did not help

After monitoring what services are running, I found that if I turn off one
instance of svchost (to which the following services were linked - AudioSrv,
Browser, Dhcp, dmserver, ERSvc,EventSystem,
FastUserSwitchingCompatibility,helpsvc, lanmanserver,
lanmanworkstation,Netman, Nla, RasMan, Schedule, seclogon,SENS, SharedAccess,
ShellHWDetection,TapiSrv, Themes, TrkWks, W32Time, winmgmt,wscsvc, wuauserv)
then the download stopped.

When I started them manually, the problem seemed to go away.....But one
cannot stop and start services manually each time that the PC is fired up.

I have spend 5 days searching the net for information on this kind of thing
and I still have no answer. I called Norton (and $70 later) they still could
not help me. Then someone told me that IE6 had reports of this problem,
perhaps I should install IE7.

No problem - Yesterday I downloaded IE7 and it looked like my problem was
solved........until this evening!

PLEASE can someone point me in the right direction? My next step is to
format and start again.


Akamai is a legitimate content management provider, that is used heavily by
Norton / Symantec for distribution of updates. If you're seeing traffic from
Akamai, check out the actual program that's using the CPU, or generating the
traffic. I'd bet one of the Norton products is getting updates.

You need intelligent use of TCPView and / or Port Explorer, to identify the
actual program. Not the Svchost process.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#TCPView
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS

Thanks Chuck
I am using TCPview - Thats how I determined that Akamaitechnlogies.com might
have something to do with the problem.

While trawling through other posts here, I noticed that you pointed someone
in the direction of "Shields up". - Very handy tool-Thanks for the pointer.
My PC came out tops on all the tests - Admittedly, that was AFTER I has shut
down the one instance of svchost.exe.

I later realised that I had not rebooted since adding "AKAMAI.COM" to my
firewalls blocked list.
I rebooted and it seems that the problem has gone away - at least for the
time being that is!
The question is....."Is AKAMIA.COM and AKAMIATECHNOLOGIES.COM the same
crowd?" TCPview showed "akamaitechnologies" but the WHOIS pointed me to
"AKAMAI.COM"

--
Lots2Learn

Well, you need to start by checking the spelling very carefully. It's always
possible that there's a hacker using a name spelled differently. "akamai.com"
is legit; "akamia.com" isn't. I'm getting a blank on both
"AKAMIATECHNOLOGIES.COM" and "AKAMAITECHNOLOGIES.COM" though.

Now "Shields Up" is a controversial tool, with its value based upon security by
obscurity.
<http://nitecruzr.blogspot.com/2005/05/security-by-obscurity.html>
http://nitecruzr.blogspot.com/2005/05/security-by-obscurity.html

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.

Relevant Pages

  • Re: Uncontrolled Downloads
    ... connection is activated and it just begins uploading & downloading like ... I am running Windows Defender & Norton Antivirus, ... I tried putting a sniffer onto my internet connection, ...
    (microsoft.public.windowsxp.network_web)
  • IE6 says the page cannot be displayed. Mozilla works fine?
    ... No programs that I use that use the internet will ... had gotten a virus or trojan from downloading files off my p2p program. ... I could reinstall windows but then that'd mean I would ... a DL speed of 10-40kb/s wireless connection that only works half the time. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: XP firewall
    ... I'm using XP Home Firewall but heard it does not stop ... My Norton PF2002 went out on ... I suspect I'm on my last version of Norton Internet Security ... application will use your browser to make an Internet connection (if you ...
    (microsoft.public.windowsxp.newusers)
  • Re: Bandwidth limiting router?
    ... the connection with limewire and torrents and asking people to restrict ... the internet is paying into the internet fund but I am getting complaints ... someone was downloading on our office BB network. ... I found that difficult to do when I tried it (also a Netgear router) as you ...
    (uk.comp.homebuilt)
  • Re: Intrusion Attack
    ... Is there any harm even if Norton Blocks them..... ... how does your PC connect to the Internet? ... do you have or use a WiFi connection? ... from Don Kelloway of Commodon Communications ...
    (comp.security.firewalls)