We help IT Professionals succeed at work.

virus/worms etc. question - something connects to the internet but I don't know what

delphiheaven
delphiheaven asked
on
Medium Priority
196 Views
Last Modified: 2010-04-13
Hi,

I seem to have something running on my Win2000 box which is connecting to the internet. I can clearly see on the network-icon (the two computers in the icontray) that there is some communication going on (I am sitting on a cablemodem) but I have no idea what.

I used Antivir for checking my system: it found some sadbot-**** which was deleted now. I even re-checked my system twice after rebooting.

I checked the TaskManager for running processed: seems all right

I checked registry for the /run etc. entries if something is automatically started when booting up my computer: nothing


And still some bastard is sitting on my computer and connecting to the internet, I am 100% sure. THERE IS COMMUNICATION GOING ON but I have not the slightest idea what!!!!

can anyone help?


Can anyone tell me the name of a good, free and easy to use realtime packet/IP sniffer so I can check out which apps (.exes etc.) are using internet connections? I tried multiple packet sniffers now but they are just worthless.

I just need to find out which bastard-app is using my internet-connection.
Comment
Watch Question

EMEA Server Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Time to get a firewall?

Zone Alarm do a free one:-

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

I find Norton Personal Firewall easier to manage, but you have to buy that one.

(Usual disclaimers.)

JohnT

Author

Commented:
I already have ZoneAlarm.

I also tried the IPMonitor from sysinternals, but I can't see nothing theree... everything seems to be normal.

Commented:
How about malware?  AdAware from:-

http://www.lavasoft.de

?

JohnT

Author

Commented:
I also tried this, some stuff was detected and removed. But stillI got plenty of traffic in/out, strange...
Luc FrankenEMEA Server Engineer
CERTIFIED EXPERT

Commented:
Have you checked tcpview yet?

Otherwise, use this tool and post the logfile:
http://209.133.47.200/~merijn/files/HijackThis.exe

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LucF {http:#10772916}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

jdeclue
EE Cleanup Volunteer
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.