Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is downloading data.


  • Please log in to reply

#1
Diego8

Diego8

    Member

  • Member
  • PipPipPip
  • 189 posts
After being on-line for random time the process named "Generic Host Process for Win32 Services" (that's what ZonaAlarm says) starts downloading a huge amount of data.
I don't have Windows Update enabled, so it can't be that.
The same problem happened to me two weeks ago but just by running ewido, spybot and hijackthis i could solve it.
This time i'm more protected than before but i can't get rid of it.
My antivirus is avas! 4.6 home edition.
Firewall is ZoneAlarm.
My anti-spyware software is Spyware Doctor. I reinstalled ewido i now i have both.
I did a full scan with ewido, ad-Aware, spybot, spyware doctor and they didn't find anything suspicious, just a few cookies.
I also don't know where it came from because yesterday everything was ok.

Is there a way of getting rid of this spyware?

Thanks in advance.
  • 0

Advertisements


#2
Diego8

Diego8

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 189 posts
I found new "clues".
At the temp file there was a file named "BIT1.tmp" it's size was something like 10.125 KB.
I deleted it, in fact i deleted the entire foled.
This file is created again when the malware starts downloading data.
Also ZonaAlarm says that Generic Host Proccess for Win32 Services is listening to TCP ports 3002 and 3003.

Thanks.
  • 0

#3
Diego8

Diego8

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 189 posts
I have been digging around the Internet for that file, BIT1.tmp . Seems to be something in the registry called BITS related to it. I did a search for that and found the description "Background Intelligent Transfer Service".
I deleted this tmp file and one of the registry keys named BITS.
I don't know if that was the solution but now the connection is acting "normally".

I ran all sorts of antispyware software and non of them detected it.
BITS is a malware or is part of non-destructive software?

Thanks.

Edited by Diego8, 27 July 2005 - 08:50 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP