Solved

virus/worms etc. question - something connects to the internet but I don't know what

Posted on 2004-04-07
8
142 Views
Last Modified: 2010-04-13
Hi,

I seem to have something running on my Win2000 box which is connecting to the internet. I can clearly see on the network-icon (the two computers in the icontray) that there is some communication going on (I am sitting on a cablemodem) but I have no idea what.

I used Antivir for checking my system: it found some sadbot-**** which was deleted now. I even re-checked my system twice after rebooting.

I checked the TaskManager for running processed: seems all right

I checked registry for the /run etc. entries if something is automatically started when booting up my computer: nothing


And still some bastard is sitting on my computer and connecting to the internet, I am 100% sure. THERE IS COMMUNICATION GOING ON but I have not the slightest idea what!!!!

can anyone help?


Can anyone tell me the name of a good, free and easy to use realtime packet/IP sniffer so I can check out which apps (.exes etc.) are using internet connections? I tried multiple packet sniffers now but they are just worthless.

I just need to find out which bastard-app is using my internet-connection.
0
Comment
Question by:delphiheaven
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 50 total points
ID: 10772916
Hi delphiheaven,

Use this tool to check what process is connected to each port. If you're not sure about one, let us know the process name.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Greetings,

LucF
0
 
LVL 6

Expert Comment

by:jthow
ID: 10773332
Time to get a firewall?

Zone Alarm do a free one:-

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

I find Norton Personal Firewall easier to manage, but you have to buy that one.

(Usual disclaimers.)

JohnT
0
 

Author Comment

by:delphiheaven
ID: 10773470
I already have ZoneAlarm.

I also tried the IPMonitor from sysinternals, but I can't see nothing theree... everything seems to be normal.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 6

Expert Comment

by:jthow
ID: 10773690
How about malware?  AdAware from:-

http://www.lavasoft.de

?

JohnT
0
 

Author Comment

by:delphiheaven
ID: 10774006
I also tried this, some stuff was detected and removed. But stillI got plenty of traffic in/out, strange...
0
 
LVL 32

Expert Comment

by:LucF
ID: 10774051
Have you checked tcpview yet?

Otherwise, use this tool and post the logfile:
http://209.133.47.200/~merijn/files/HijackThis.exe
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11997598
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LucF {http:#10772916}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

jdeclue
EE Cleanup Volunteer
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question