The computer I use at work (Windows XP Pro) intermitently
sends out data (or maybe just noise - who knows?) through
my internet connection that clogs up our DSL line and
slows down internet access to the other computers (3
others) on our local network to a crawl. I have a Sygate
firewall installed that shows a huge amount of outgoing
traffic that is going out from my computer, but we don't
know what it is, and we are not sending it; it's
happening by itself. If I unplug my computers network
connection, of course it stops, and the others can then
get onto to the internet. I can then sometimes plug back
in, and the outgoing traffic will not come back for
perhaps several minutes to maybe an hour (this is one of
those `windows' that I'm taking advantage of to send this
message). But it invariably starts up again, and slwos
everything down. A virus check shows no infection.
Anybody have any ideas?
On Wed, 23 Jun 2004 10:51:18 -0700, "ChrisB"
<anonymous@discussions.microsoft.com> wrote:
>The computer I use at work (Windows XP Pro) intermitently
>sends out data (or maybe just noise - who knows?) through
>my internet connection that clogs up our DSL line and
>slows down internet access to the other computers (3
>others) on our local network to a crawl. I have a Sygate
>firewall installed that shows a huge amount of outgoing
>traffic that is going out from my computer, but we don't
>know what it is, and we are not sending it; it's
>happening by itself. If I unplug my computers network
>connection, of course it stops, and the others can then
>get onto to the internet. I can then sometimes plug back
>in, and the outgoing traffic will not come back for
>perhaps several minutes to maybe an hour (this is one of
>those `windows' that I'm taking advantage of to send this
>message). But it invariably starts up again, and slwos
>everything down. A virus check shows no infection.
>Anybody have any ideas?
Chris,
For a quick look for processes generating outgoing traffic, I use TCPView (free)
from <http://www.sysinternals.com/ntw2k/source/tcpview.shtml>. Needs no
installation - just drop it into a folder, and run. When you see suspicious
processes, use Process Explorer, from the same vendor, that will also list
network connections owned by processes of interest.
For a more intensive look for processes generating outgoing traffic, Port
Explorer <http://www.diamondcs.com.au/portexplorer/index.php?page=home> is more
configurable than TCPView. The paid version includes a small packet monitor.
Port Explorer requires installation.
Try one or more of these free online virus scans, which should complement your
current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems.
Start by downloading each of the following free tools:
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.safer-networking.org/minifiles.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKiller, then CWShredder. Have the latter fix all.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following forums (and post it, or a link to your forum post, here):
<http://forums.net-integration.net/>
<http://forums.spywareinfo.com/>
<http://spywarewarrior.com/index.php>
<http://forums.tomcoyote.org/>
<http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
Hey Chris,
Did you ever solve this? I'm seeing something similar.
But, I found it before I had installed too much stuff.
So, I flattened the harddrive, reinstalled XP pro and
still saw outgoing and incoming traffic at a rate of
about 7kbytes/sec out and 3kbytes/sec in.
No chance of virus or spyware because it was a fresh
install and I checked for this traffic immediately after
plugging in the DSL connection.
Anyway, I'm looking for input.
Thanks,
Chris
>-----Original Message-----
>The computer I use at work (Windows XP Pro)
intermitently
>sends out data (or maybe just noise - who knows?)
through
>my internet connection that clogs up our DSL line and
>slows down internet access to the other computers (3
>others) on our local network to a crawl. I have a Sygate
>firewall installed that shows a huge amount of outgoing
>traffic that is going out from my computer, but we don't
>know what it is, and we are not sending it; it's
>happening by itself. If I unplug my computers network
>connection, of course it stops, and the others can then
>get onto to the internet. I can then sometimes plug back
>in, and the outgoing traffic will not come back for
>perhaps several minutes to maybe an hour (this is one of
>those `windows' that I'm taking advantage of to send
this
>message). But it invariably starts up again, and slwos
>everything down. A virus check shows no infection.
>Anybody have any ideas?
>.
>
In article <2082d01c459a0$84a6f470$a301280a@phx.gbl>, "ChrisM"
<anonymous@discussions.microsoft.com> wrote:
>Hey Chris,
>Did you ever solve this? I'm seeing something similar.
>But, I found it before I had installed too much stuff.
>So, I flattened the harddrive, reinstalled XP pro and
>still saw outgoing and incoming traffic at a rate of
>about 7kbytes/sec out and 3kbytes/sec in.
>
>No chance of virus or spyware because it was a fresh
>install and I checked for this traffic immediately after
>plugging in the DSL connection.
>
>Anyway, I'm looking for input.
>
>Thanks,
>Chris
Was your computer connected to the Internet during the fresh install?
If so, an Internet worm can infect the computer before Windows starts
for the first time, because there's no firewall running during
installation.
Always unplug a computer's Internet connection when doing an install,
and don't plug it in until after you enable a firewall.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
>-----Original Message-----
>On Wed, 23 Jun 2004 10:51:18 -0700, "ChrisB"
><anonymous@discussions.microsoft.com> wrote:
>
>>The computer I use at work (Windows XP Pro)
intermitently
>>sends out data (or maybe just noise - who knows?)
through
>>my internet connection that clogs up our DSL line and
>>slows down internet access to the other computers (3
>>others) on our local network to a crawl. I have a
Sygate
>>firewall installed that shows a huge amount of outgoing
>>traffic that is going out from my computer, but we
don't
>>know what it is, and we are not sending it; it's
>>happening by itself. If I unplug my computers network
>>connection, of course it stops, and the others can then
>>get onto to the internet. I can then sometimes plug
back
>>in, and the outgoing traffic will not come back for
>>perhaps several minutes to maybe an hour (this is one
of
>>those `windows' that I'm taking advantage of to send
this
>>message). But it invariably starts up again, and slwos
>>everything down. A virus check shows no infection.
>>Anybody have any ideas?
>
>Chris,
>
>For a quick look for processes generating outgoing
traffic, I use TCPView (free)
>from
<http://www.sysinternals.com/ntw2k/source/tcpview.shtml>.
Needs no
>installation - just drop it into a folder, and run.
When you see suspicious
>processes, use Process Explorer, from the same vendor,
that will also list
>network connections owned by processes of interest.
>
>For a more intensive look for processes generating
outgoing traffic, Port
>Explorer
<http://www.diamondcs.com.au/portexplorer/index.php?
page=home> is more
>configurable than TCPView. The paid version includes a
small packet monitor.
>Port Explorer requires installation.
>
>Try one or more of these free online virus scans, which
should complement your
>current protection:
><http://www.bitdefender.com/scan/license.php>
><http://www.pandasoftware.com/activescan>
><http://www.ravantivirus.com/scan/>
><http://security.symantec.com/ssc/home.asp>
><http://housecall.trendmicro.com/hous...start_corp.asp
>
>
>Now check for, and learn to defend against, additional
problems.
>
>Start by downloading each of the following free tools:
>CWShredder <http://www.majorgeeks.com/download4086.html>
>CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
><http://www.safer-networking.org/minifiles.html>
>HijackThis <http://www.majorgeeks.com/download.php?
det=3155>
>LSP-Fix and WinsockLSPFix
<http://www.cexx.org/lspfix.htm>
>Spybot S&D <http://www.safer-networking.org/index.php?
page=download>
>
>Create a separate folder for HijackThis, such as
C:\HijackThis - copy the
>downloaded file there. Spybot S&D has an install
routine - run it. The other
>downloaded programs can be copied into, and run from,
any convenient folder.
>
>Start by closing all Internet Explorer and Outlook
windows, and running
>CoolWebSearchSmartKiller, then CWShredder. Have the
latter fix all.
>
>Next, run Spybot S&D. First update it ("Search for
updates"), then run a scan
>("Check for problems"). Trust Spybot, and delete
everything ("Fix Problems")
>that is displayed in Red.
>
>Then, run HijackThis ("Scan"). Do NOT make any changes
immediately. Save the
>HJT Log.
><http://forums.spywareinfo.com/index.php?showtopic=227>
>
>Finally, have your HJT log interpreted by experts at one
or more of the
>following forums (and post it, or a link to your forum
post, here):
><http://forums.net-integration.net/>
><http://forums.spywareinfo.com/>
><http://spywarewarrior.com/index.php>
><http://forums.tomcoyote.org/>
><http://www.wilderssecurity.com/>
>
>If removal of any spyware affects your ability to access
the internet (some
>spyware builds itself into the network software, and its
removal may damage your
>network), run LSP-Fix and / or WinsockXPFIx.
>
>Cheers,
>Chuck
>Paranoia comes from experience - and is not necessarily
a bad thing.
>.
>
-Thanks, Chuck, I'll pass this info on to our resident
computer pro (they don't want me messing with their
computer). That was quite a bit of info -much
appreciated! Now let's see what comes of it. Thanks again.
Check out `Chuck's response to my original post - I
haven't had time yet to try any of his suggestions or
suggested sites (we're very busy right before summer shut-
down) but there's a lot of info there; something might
pan out.
>-----Original Message-----
>Hey Chris,
>Did you ever solve this? I'm seeing something similar.
>But, I found it before I had installed too much stuff.
>So, I flattened the harddrive, reinstalled XP pro and
>still saw outgoing and incoming traffic at a rate of
>about 7kbytes/sec out and 3kbytes/sec in.
>
>No chance of virus or spyware because it was a fresh
>install and I checked for this traffic immediately after
>plugging in the DSL connection.
>
>Anyway, I'm looking for input.
>
>Thanks,
>Chris
>>-----Original Message-----
>>The computer I use at work (Windows XP Pro)
>intermitently
>>sends out data (or maybe just noise - who knows?)
>through
>>my internet connection that clogs up our DSL line and
>>slows down internet access to the other computers (3
>>others) on our local network to a crawl. I have a
Sygate
>>firewall installed that shows a huge amount of outgoing
>>traffic that is going out from my computer, but we
don't
>>know what it is, and we are not sending it; it's
>>happening by itself. If I unplug my computers network
>>connection, of course it stops, and the others can then
>>get onto to the internet. I can then sometimes plug
back
>>in, and the outgoing traffic will not come back for
>>perhaps several minutes to maybe an hour (this is one
of
>>those `windows' that I'm taking advantage of to send
>this
>>message). But it invariably starts up again, and slwos
>>everything down. A virus check shows no infection.
>>Anybody have any ideas?
>>.
>>
>.
>
On Thu, 24 Jun 2004 10:27:58 -0700, <anonymous@discussions.microsoft.com> wrote:
<SNIP>
>-Thanks, Chuck, I'll pass this info on to our resident
>computer pro (they don't want me messing with their
>computer). That was quite a bit of info -much
>appreciated! Now let's see what comes of it. Thanks again.
Chris,
Glad to help. Please keep us posted how this turns out - these forums are most
effective with as many experiences as possible described here.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
Mysterious outgoing internet traffic 
Linear Mode
