Transfer in kBs without my knowledge!

Status
Not open for further replies.
M@crosoft

M@crosoft

The Weather Man !
Forerunner
hey guys...need some special help regarding this

i am on a BSNL 500 limited plan...and i use firefox:)

i use netmeter to monitor the data transfer from my netbook!
these days there is constant transfer of data from my netbook at 40~60kBps

without my knowledge :S

it happens sometime .....like 1 time in 3 days and it's unstoppable :S ...the only way is to restart :(

i tried finding out the culprit through the task manager and searched for the

software which was trying to update........found NOTHING:@

what shall be the reason?

thnks in advance

M@crosoft
 
Try installing a free firewall like zonealarm or comodo and monitor the the network traffic to see which programs/processes are transferring data without ur knowledge.
 
  • Like
Reactions: 1 person
Even if you don't find any active applications, look for active processes and determine which software they belong to. Use the Task Manager for this.

Next step would be to disable the Auto-update feature of any software that has it enabled. Although, Windows Update shows a download indicator, you may want to disable the 'automatically download updates'option.

Last but not the least, monitor the network activity, as suggested above.

P.S: If the unauthorized usage is seeimgly alarming, start taking screenshots of the usage records and other necessary info.
 
  • Like
Reactions: 1 person
M@crosoft said:
hey guys...need some special help regarding this
i am on a BSNL 500 limited plan...and i use firefox:)

i use netmeter to monitor the data transfer from my netbook!
these days there is constant transfer of data from my netbook at 40~60kBps

without my knowledge :S

it happens sometime .....like 1 time in 3 days and it's unstoppable :S ...the only way is to restart :(

i tried finding out the culprit through the task manager and searched for the

software which was trying to update........found NOTHING:@
what shall be the reason?

thnks in advance
M@crosoft
Click to expand...

Very easy solution man ... Get TCPView from here ... TCPView for Windows

It will show u which applications are using network.

Just close all browsers, download managers etc etc and then run TCPView to check that which processes are using network ... then u can identify culprit.
 
  • Like
Reactions: 1 person
open up command prompt and type following commands to check

netstat -b

it will show which application is having established connection.

you can use netstat -an also, try blocking those ports with firewall.
 
  • Like
Reactions: 1 person
guys i found the culprit with help of netlimiter...

it is the svchost.exe which is eating it !

what to do?
 
Scan your computer for viruses(there are also fake svchost and also no windows os service(or file) will use your internet to download data!) and use Comodo FW to monitor downloads and also the capability to block unknown apps from accessing internet.
 
Use a task manager like ProcX (ProcX) to see also the path of the process running. If there is a svchost.exe in a folder other than "C:\windows\system32\", then its the culprit, kill it and remove it from startup. Otherwise if it is from the system32 folder itself, then scan ur comp for with malwarebytes or other spyware removers and probably they will catch the culprit.
 
M@crosoft said:
killing it results in restart and how many times i would do that:no:
Click to expand...

In this case it could be the windows RPC server, other process communicates with it for network communication.
 
after opening the task manager i found 2 svchost.exe under NETWORK SERVICE!

There should only be one?
 
There are always more than 1 svchost.exe's running and all of them which are not running under your username are needed, don't kill them. If there is any svchost running under ur username, then use ProcX to check its path.

If not, then try sniffing packets by using smartsniff (SmartSniff: Freeware Packet Sniffer - Capture TCP/IP packets on your network adapter) to see what data is being transfered. When using it, close all other internet related applications. And secondly, make sure the u set smartsniff to show process name also. I myself have found a rootkit virus on my computer using this which was sending spam mails.
 
Status
Not open for further replies.
Top Bottom