Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Undetermined Threat: Sending More Packets than Recieving


  • Please log in to reply

#1
_JR_

_JR_

    Member

  • Member
  • PipPip
  • 11 posts
The problem:
My computer is sending more packets than it recieves. (About 10-15% more once I actually open a browser. When the computer is initially turned on but hasn't been touched, it sends about 60-70 packets and recieves about 10-15.) When I am not using the internet actively, the packets sent either slow to a crawl or stop completely. However, I know it isn't normal to send so many packets.

I can't imagine a non-malicious reason for this.

I am but a lowly humanities student with minor computing skills, but it seems that when I download 100 MB, I shouldn't be consistently sending more packets than I recieve. I fear that I am either part of a DDoS / DRDoS attack, or I am being monitored by some loathsome keystroke-recording program.

I reformatted my hard drive last night, and installed, updated, and ran all of these programs immediately:

Cleanup!
Ad-Aware
CWShredder
Spybot
SpywareBlaster
ewido
Trend Micro Online
Spyware Guard
ZoneAlarm Firewall
AVG antivirus
Trojanhunter

...but I am still sending packets galore, still at the 10-15% more-sent-than-recieved rate. (Fortunately, I can connect to the internet, which was well-nigh impossible before the reformat. Of course, I was also using Norton instead of AVG or ZL)

I am currently running Windows 2000, and have IE6.

So with much reluctance, here is my Hijack This log. Let me know what else I should do, please!

Logfile of HijackThis v1.99.1
Scan saved at 7:48:56 PM, on 5/18/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Documents and Settings\Jerry\My Documents\SecurityPrograms\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • 0

Similar Topics: Undetermined Threat: Sending More Packets than Recieving     x


#2
_JR_

_JR_

    Member

  • Member
  • PipPip
  • 11 posts
I also think this is relevant information:

According to ewido, my computer begins listening to a half-dozen ports on startup. That looks awfully fishy to me, though it isn't port 113. (I may be just a bit paranoid after reading http://www.grc.com/dos/grcdos.htm, but I don't think so.)

I can connect to the internet just fine, but I am afraid of two possibilities. (If anyone can put my mind at ease about these, I would greatly appreciate it.)

1. My computer is sending every keystroke I make to someone who is just waiting for me to enter a credit card #.
2. My computer is a small part of someone's DRDoS attack.

I really don't want either of these to be true, but I have no idea why else my computer would be sending more packets than it recieves, EVEN WHEN it is just downloading a big file.

Thanks for any help anyone can provide!

Sincerely,
Jerry
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured