Solved

virus/worms etc. question - something connects to the internet but I don't know what

Posted on 2004-04-07
8
141 Views
Last Modified: 2010-04-13
Hi,

I seem to have something running on my Win2000 box which is connecting to the internet. I can clearly see on the network-icon (the two computers in the icontray) that there is some communication going on (I am sitting on a cablemodem) but I have no idea what.

I used Antivir for checking my system: it found some sadbot-**** which was deleted now. I even re-checked my system twice after rebooting.

I checked the TaskManager for running processed: seems all right

I checked registry for the /run etc. entries if something is automatically started when booting up my computer: nothing


And still some bastard is sitting on my computer and connecting to the internet, I am 100% sure. THERE IS COMMUNICATION GOING ON but I have not the slightest idea what!!!!

can anyone help?


Can anyone tell me the name of a good, free and easy to use realtime packet/IP sniffer so I can check out which apps (.exes etc.) are using internet connections? I tried multiple packet sniffers now but they are just worthless.

I just need to find out which bastard-app is using my internet-connection.
0
Comment
Question by:delphiheaven
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 50 total points
ID: 10772916
Hi delphiheaven,

Use this tool to check what process is connected to each port. If you're not sure about one, let us know the process name.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Greetings,

LucF
0
 
LVL 6

Expert Comment

by:jthow
ID: 10773332
Time to get a firewall?

Zone Alarm do a free one:-

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

I find Norton Personal Firewall easier to manage, but you have to buy that one.

(Usual disclaimers.)

JohnT
0
 

Author Comment

by:delphiheaven
ID: 10773470
I already have ZoneAlarm.

I also tried the IPMonitor from sysinternals, but I can't see nothing theree... everything seems to be normal.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 6

Expert Comment

by:jthow
ID: 10773690
How about malware?  AdAware from:-

http://www.lavasoft.de

?

JohnT
0
 

Author Comment

by:delphiheaven
ID: 10774006
I also tried this, some stuff was detected and removed. But stillI got plenty of traffic in/out, strange...
0
 
LVL 32

Expert Comment

by:LucF
ID: 10774051
Have you checked tcpview yet?

Otherwise, use this tool and post the logfile:
http://209.133.47.200/~merijn/files/HijackThis.exe
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11997598
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LucF {http:#10772916}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

jdeclue
EE Cleanup Volunteer
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem repor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question