Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Something is downloading data.

Started by Diego8 , Jul 25 2005 08:55 PM

  • Please log in to reply

#1
Diego8
Posted 25 July 2005 - 08:55 PM

Diego8

    Member

  • Member
  • PipPipPip
  • 189 posts
After being on-line for random time the process named "Generic Host Process for Win32 Services" (that's what ZonaAlarm says) starts downloading a huge amount of data.
I don't have Windows Update enabled, so it can't be that.
The same problem happened to me two weeks ago but just by running ewido, spybot and hijackthis i could solve it.
This time i'm more protected than before but i can't get rid of it.
My antivirus is avas! 4.6 home edition.
Firewall is ZoneAlarm.
My anti-spyware software is Spyware Doctor. I reinstalled ewido i now i have both.
I did a full scan with ewido, ad-Aware, spybot, spyware doctor and they didn't find anything suspicious, just a few cookies.
I also don't know where it came from because yesterday everything was ok.

Is there a way of getting rid of this spyware?

Thanks in advance.
  • 0

Advertisements

#2
Diego8
Posted 26 July 2005 - 10:13 AM

Diego8

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 189 posts
I found new "clues".
At the temp file there was a file named "BIT1.tmp" it's size was something like 10.125 KB.
I deleted it, in fact i deleted the entire foled.
This file is created again when the malware starts downloading data.
Also ZonaAlarm says that Generic Host Proccess for Win32 Services is listening to TCP ports 3002 and 3003.

Thanks.
  • 0

#3
Diego8
Posted 27 July 2005 - 08:49 AM

Diego8

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 189 posts
I have been digging around the Internet for that file, BIT1.tmp . Seems to be something in the registry called BITS related to it. I did a search for that and found the description "Background Intelligent Transfer Service".
I deleted this tmp file and one of the registry keys named BITS.
I don't know if that was the solution but now the connection is acting "normally".

I ran all sorts of antispyware software and non of them detected it.
BITS is a malware or is part of non-destructive software?

Thanks.

Edited by Diego8, 27 July 2005 - 08:50 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP