Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Undetermined Threat: Sending More Packets than Recieving


  • Please log in to reply

#1
_JR_

_JR_

    Member

  • Member
  • PipPip
  • 11 posts
The problem:
My computer is sending more packets than it recieves. (About 10-15% more once I actually open a browser. When the computer is initially turned on but hasn't been touched, it sends about 60-70 packets and recieves about 10-15.) When I am not using the internet actively, the packets sent either slow to a crawl or stop completely. However, I know it isn't normal to send so many packets.

I can't imagine a non-malicious reason for this.

I am but a lowly humanities student with minor computing skills, but it seems that when I download 100 MB, I shouldn't be consistently sending more packets than I recieve. I fear that I am either part of a DDoS / DRDoS attack, or I am being monitored by some loathsome keystroke-recording program.

I reformatted my hard drive last night, and installed, updated, and ran all of these programs immediately:

Cleanup!
Ad-Aware
CWShredder
Spybot
SpywareBlaster
ewido
Trend Micro Online
Spyware Guard
ZoneAlarm Firewall
AVG antivirus
Trojanhunter

...but I am still sending packets galore, still at the 10-15% more-sent-than-recieved rate. (Fortunately, I can connect to the internet, which was well-nigh impossible before the reformat. Of course, I was also using Norton instead of AVG or ZL)

I am currently running Windows 2000, and have IE6.

So with much reluctance, here is my Hijack This log. Let me know what else I should do, please!

Logfile of HijackThis v1.99.1
Scan saved at 7:48:56 PM, on 5/18/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Documents and Settings\Jerry\My Documents\SecurityPrograms\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
_JR_

_JR_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I also think this is relevant information:

According to ewido, my computer begins listening to a half-dozen ports on startup. That looks awfully fishy to me, though it isn't port 113. (I may be just a bit paranoid after reading http://www.grc.com/dos/grcdos.htm, but I don't think so.)

I can connect to the internet just fine, but I am afraid of two possibilities. (If anyone can put my mind at ease about these, I would greatly appreciate it.)

1. My computer is sending every keystroke I make to someone who is just waiting for me to enter a credit card #.
2. My computer is a small part of someone's DRDoS attack.

I really don't want either of these to be true, but I have no idea why else my computer would be sending more packets than it recieves, EVEN WHEN it is just downloading a big file.

Thanks for any help anyone can provide!

Sincerely,
Jerry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP