Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Undetermined Threat: Sending More Packets than Recieving


  • Please log in to reply

#1
_JR_

_JR_

    Member

  • Member
  • PipPip
  • 11 posts
The problem:
My computer is sending more packets than it recieves. (About 10-15% more once I actually open a browser. When the computer is initially turned on but hasn't been touched, it sends about 60-70 packets and recieves about 10-15.) When I am not using the internet actively, the packets sent either slow to a crawl or stop completely. However, I know it isn't normal to send so many packets.

I can't imagine a non-malicious reason for this.

I am but a lowly humanities student with minor computing skills, but it seems that when I download 100 MB, I shouldn't be consistently sending more packets than I recieve. I fear that I am either part of a DDoS / DRDoS attack, or I am being monitored by some loathsome keystroke-recording program.

I reformatted my hard drive last night, and installed, updated, and ran all of these programs immediately:

Cleanup!
Ad-Aware
CWShredder
Spybot
SpywareBlaster
ewido
Trend Micro Online
Spyware Guard
ZoneAlarm Firewall
AVG antivirus
Trojanhunter

...but I am still sending packets galore, still at the 10-15% more-sent-than-recieved rate. (Fortunately, I can connect to the internet, which was well-nigh impossible before the reformat. Of course, I was also using Norton instead of AVG or ZL)

I am currently running Windows 2000, and have IE6.

So with much reluctance, here is my Hijack This log. Let me know what else I should do, please!

Logfile of HijackThis v1.99.1
Scan saved at 7:48:56 PM, on 5/18/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Documents and Settings\Jerry\My Documents\SecurityPrograms\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

Similar Topics: Undetermined Threat: Sending More Packets than Recieving     x


#2
_JR_

_JR_

    Member

  • Member
  • PipPip
  • 11 posts
I also think this is relevant information:

According to ewido, my computer begins listening to a half-dozen ports on startup. That looks awfully fishy to me, though it isn't port 113. (I may be just a bit paranoid after reading http://www.grc.com/dos/grcdos.htm, but I don't think so.)

I can connect to the internet just fine, but I am afraid of two possibilities. (If anyone can put my mind at ease about these, I would greatly appreciate it.)

1. My computer is sending every keystroke I make to someone who is just waiting for me to enter a credit card #.
2. My computer is a small part of someone's DRDoS attack.

I really don't want either of these to be true, but I have no idea why else my computer would be sending more packets than it recieves, EVEN WHEN it is just downloading a big file.

Thanks for any help anyone can provide!

Sincerely,
Jerry
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured