virus/worms etc. question - something connects to the internet but I don't know what


I seem to have something running on my Win2000 box which is connecting to the internet. I can clearly see on the network-icon (the two computers in the icontray) that there is some communication going on (I am sitting on a cablemodem) but I have no idea what.

I used Antivir for checking my system: it found some sadbot-**** which was deleted now. I even re-checked my system twice after rebooting.

I checked the TaskManager for running processed: seems all right

I checked registry for the /run etc. entries if something is automatically started when booting up my computer: nothing

And still some bastard is sitting on my computer and connecting to the internet, I am 100% sure. THERE IS COMMUNICATION GOING ON but I have not the slightest idea what!!!!

can anyone help?

Can anyone tell me the name of a good, free and easy to use realtime packet/IP sniffer so I can check out which apps (.exes etc.) are using internet connections? I tried multiple packet sniffers now but they are just worthless.

I just need to find out which bastard-app is using my internet-connection.
Who is Participating?
LucFConnect With a Mentor EMEA Server EngineerCommented:
Hi delphiheaven,

Use this tool to check what process is connected to each port. If you're not sure about one, let us know the process name.


Time to get a firewall?

Zone Alarm do a free one:-

I find Norton Personal Firewall easier to manage, but you have to buy that one.

(Usual disclaimers.)

delphiheavenAuthor Commented:
I already have ZoneAlarm.

I also tried the IPMonitor from sysinternals, but I can't see nothing theree... everything seems to be normal.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

How about malware?  AdAware from:-


delphiheavenAuthor Commented:
I also tried this, some stuff was detected and removed. But stillI got plenty of traffic in/out, strange...
LucFEMEA Server EngineerCommented:
Have you checked tcpview yet?

Otherwise, use this tool and post the logfile:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LucF {http:#10772916}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.