Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something on my laptop is eating 25gig a day of my data limit [Solved]

malware malware - virus trojan??????

  • This topic is locked This topic is locked

#46
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Ok here are the new text files

Attached Files


  • 0

Advertisements


#47
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, let's have a go at this. Run OTL per the instructions below. When it's complete, (a reboot may be necessary), have a look at the resulting log and if I've done this correctly, one file should have been moved and in the second line, one replaced. If there are no errors, have a look at Bit Meter and Net Limiter and see what's what. If there are errors, let me know and I'll figure out what I did wrong.

 

By the way, I did install Net Limiter on my W7 machine and what you did is exactly what I would have recommended. Also, it's not unusual that svchost.exe runs a high amount of bandwidth, but it should be in Kilo Bytes, not Mega Bytes.

 

 

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:

:Commands
[createrestorepoint]
 
:Files
C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe | C:\Windows\SysWOW64\svchost.exe /replace 
 
:commands
[resethosts]
[emptytemp]
[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 


  • 0

#48
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Ok here is the output file. I uninstalled bitmeter since I MetLimiter looked to be a better option... My data usage is sill running at that same high level on that same host process

Attached Files


  • 0

#49
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Unfortunately, the Replace file wasn't shown in the log. Did it reboot or ask you to reboot? If so did you do it? If not, do it now and regardless, re-run post #43 again so that I can see the svchost.exe files and assure that they look ok.

 

If that looks ok, then were going to see which application is using svchost.exe to eat up all this bandwidth. I'll have to get smart on Net Limiter to see how to do that.


  • 0

#50
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok it did reboot last time and I reran the OTL and attached the two text files.

Attached Files


  • 0

#51
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, let's try this. Download the svchost.exe analysis tool here.

 

I tried to give you a link that was easy to use. If it doesn't work, go here and work through the download. See if this doesn't add some clarity to what is using the bandwidth.


  • 0

#52
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok here is the output from that tool.

Attached Files


  • 0

#53
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Analysis will take a while. Likely tomorrow.


  • 0

#54
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok sounds good Thank you!


  • 0

#55
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Frankly, nothing untoward that I saw in the list.

 

I'd like to try a Clean Boot. A clean boot removes most (but not all) of the Startup components and uses a minimal amount of resources. Below are the instructions. Once you've achieved the Clean Boot, start either or both of your Activity Meters and see what you see. If things see good, try IE or FF or whatever you'd like to see if/how things work and let me know. There are also instructions farther below for Resetting the Computer after a Clean Boot.

 

How to perform a clean boot
Notes
  • You must log on to the computer as an administrator to be able to perform a clean boot.
  • Your computer may temporarily lose some functionality when you perform a clean boot. When you start the computer normally, the functionality returns. However, you may receive the original error message, or experience the original behavior if the problem still exists.
  • If the computer is connected to a network, network policy settings may prevent you from following these steps. We strongly recommend that you do not use the System Configuration utility to change the advanced boot options on the computer unless a Microsoft support engineer directs you to do this. Doing this may make the computer unusable.
Follow the following steps to perform a clean boot: Windows 8.1 and Windows 8 Windows 7 and Windows Vista
  1. Log on to the computer by using an account that has administrator rights.
  2. Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    2440068.png
  3. On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    2440069.png
  4. On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
    2440071.png

    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  5. Click OK, and then click Restart.

For more information about how to perform a clean boot in Windows 7 and Windows Vista, reference the Video: How to do a clean boot in Windows.

 

 
How to perform a clean boot in Windows
Select Product Version:
A clean boot is performed to start Windows by using a minimal set of drivers and startup programs. This helps eliminate software conflicts that occur when you install a program or an update or when you run a program in Windows 8.1, Windows 8, Windows 7, or Windows Vista. You may also troubleshoot or determine what conflict is causing the problem by performing a clean boot.
20x20_grey_plus.pngWhy software conflicts occur?
Note If you are using Windows XP, go to How to configure Windows XP to start in a "clean boot" state.
In this article sectionHeader-collapse.pngHow to perform a clean boot
Notes
  • You must log on to the computer as an administrator to be able to perform a clean boot.
  • Your computer may temporarily lose some functionality when you perform a clean boot. When you start the computer normally, the functionality returns. However, you may receive the original error message, or experience the original behavior if the problem still exists.
  • If the computer is connected to a network, network policy settings may prevent you from following these steps. We strongly recommend that you do not use the System Configuration utility to change the advanced boot options on the computer unless a Microsoft support engineer directs you to do this. Doing this may make the computer unusable.
Follow the following steps to perform a clean boot: Windows 8.1 and Windows 8 Windows 7 and Windows Vista
  1. Log on to the computer by using an account that has administrator rights.
  2. Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    2440068.png
  3. On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    2440069.png
  4. On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
    2440071.png

    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  5. Click OK, and then click Restart.
For more information about how to perform a clean boot in Windows 7 and Windows Vista, reference the Video: How to do a clean boot in Windows.
sectionHeader-expand.pngWhat is next when I have a clean boot environment? sectionHeader-collapse.pngHow to reset the computer to start normally after clean boot troubleshooting After you have finished troubleshooting, follow these steps to reset the computer to start normally. Windows 7 and Windows Vista
  1. Click Start, type msconfig.exe in the Start Search box, and then press Enter.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
  2. On the General tab, click the Normal Startup option, and then click OK.
  3. When you are prompted to restart the computer, click Restart.

 


  • 0

Advertisements


#56
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I reinstalled bitmeter so I could look at both bitmeter and NetLimiter when I brought my laptop back up. It was a good thing that I did because after I did the clean boot NetLimiter could not give me any information it gave an error messave that said it Failed to connect to NetLimiter service. The window came up but there was nothing in it to show any connections. BitMeter also gave an error when I brought it up but it came up and appeared to be normal. Unfortunately it showed that my data useage was still maxed out. Oddly enough it also showed more outgoing data for a short while and I have not seen that before. I attached a png of the bitmeter red is incomong and yellow is outcoming or at least that has been the way I was reading it. I will say that it seems to be taking it longer to show the data usage than before. Normally as soon as I connect the ethernet cabel it pegs but it is taking it at least a min and a half to start downloading, plus before the bitmeter was coming up instantly and now I am having to manually bring it up so it is really more than that before data starts to flow.

Attached Thumbnails

  • bitmeter after clean boot.gif

  • 0

#57
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

My apologies for my absence. Much drama at work and at home. I will be with you later today.


  • 0

#58
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I've called in reinforcements, hopefully I'll be back later today with news.


  • 0

#59
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Sounds Good, Hope all is well. I appreciate all your help!


  • 0

#60
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Still no good ideas from my end. Any news from your ISP that would indicate less usage?


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, malware - virus trojan??????

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP