Daily uploading taking place on Afrihost ADSL Connection (Between 400 and 700 megs!)

[Jodash]

Hi

Not sure if anyone can assist. I’ve noticed that my bandwidth on my Afrihost account was finishing quicker then usual. On checking the data logs on the Afrihost website, i noticed that there was daily uploading taking place on my account of between 400 megs and 700 megs. My first thought was that someone was hacking into my account, so i changed my router password. That didn't solve the problem. I then through a process of elimination determined the uploading was taking place through one of our firms laptops. Even when the computer is just connected and no one is using it, it's still uploading information and chowing my Afrihost bandwidth. Please advise. I’ve disabled all automatic updates plus done a full virus scan using Eset NOD32 but still. Please can someone assist. As i said..the laptop is not downloading but rather uploading. What would the best approach be without formatting the PC?? The PC contains very sensitive information.

Thanks!

 

[AnomalyNexus]

the laptop is not downloading but rather uploading. What would the best approach be without formatting the PC?? The PC contains very sensitive information.

Download tcpmon. Use to work out which process it is. If you can't figure it out then post the info here.

Sounds like malware to me.


And make backups of that "sensitive information".

 

[avr-rulez]

did you install uTorrent - be careful because by default it always loads at bootup.

This will continuously upload data - I learned the hard way....

 

[Jodash]

did you install uTorrent - be careful because by default it always loads at bootup.

This will continuously upload data - I learned the hard way....

Nope! No file sharing or any of those programs at all. It's a DELL laptop so it's basically all the standard pre-loaded software+ some audit software and Office 2007. The problem only started about 3 weeks ago. I'm worried that someone could have installed something malicious via their flashdrive or maybe an email attachement in order to steal that "sensitive" information i spoke about. . Plus NOD32 doesn't pick up anything and iv done all windows security updates,etc

 

[Jodash]

Download tcpmon. Use to work out which process it is. If you can't figure it out then post the info here.

Sounds like malware to me.


And make backups of that "sensitive information".

Ok cool. Thanks! Will do. Oh and the "sensitive" information is NOT what you thinking about! Tsk Tsk Tsk lol!

 

[Surv0]

yeah tcpmon should help u find the bugger

 

[deweyzeph]

Maybe change your antivirus to something like Avast. Different antivirus programs can be better or worse at finding certain malware and viruses, so it's worth it to try something else.

 

[BrianB]

Run a scan with Spybot S&D
http://www.safer-networking.org/en/index.html

 

[noswal]

Any good firewall will not permit a program to access the net without permission, so if you have one, you have already given a program permission to do so.

 

[deweyzeph]

Any good firewall will not permit a program to access the net without permission, so if you have one, you have already given a program permission to do so.

That's only if you're running a personal firewall program on your pc. Most businesses run their firewall on the router.

 

[steve-rsa]

get comodo free security suite

 

[Jodash]

Any good firewall will not permit a program to access the net without permission, so if you have one, you have already given a program permission to do so.

I'm using the standard Vista Firewall and as i mentioned NOD32 for the virus protection. I figured it would have been sufficient?! Oh and im using a Billion Wireless modem/router at the office and a Linksys Wireless modem/router at home. The laptop in question is chowing both the bandwidth at the office as well as home. I'v got 4meg connections at both- so the rate that it's uploading information is quite alarming. This Saturday , i think it managed to upload like 500 megs in a couple of hours ...and that was with only GMAIL open at the time!!!

 

[czc]

I'm using the standard Vista Firewall and as i mentioned NOD32 for the virus protection. I figured it would have been sufficient?! Oh and im using a Billion Wireless modem/router at the office and a Linksys Wireless modem/router at home. The laptop in question is chowing both the bandwidth at the office as well as home. I'v got 4meg connections at both- so the rate that it's uploading information is quite alarming. This Saturday , i think it managed to upload like 500 megs in a couple of hours ...and that was with only GMAIL open at the time!!!

Is it your laptop or the routers. Do your routers have passwords on?

 

[Nod]

nbtstat -n -o

Standard WinXP util.
Will show the PID of the processes using the network.

 

[Jodash]

Is it your laptop or the routers. Do your routers have passwords on?

Yip! I do on both wireless routers! Theirs about 7 laptops at the office and 3 laptops and a desktop at home and the problem only occurs when that specific laptop is around or at those locations. Normal uploading when that laptop isn't there is around 30-40 megs. As soon as someone uses that laptop on a specific day- then it shoots up to 400-700 megs(im sure it will go up more if that laptop stays on connected throughout the day). Will follow all the options mentioned above though and will monitor it and update you guys.

 

[Srack0verflow]

i'm thinkng spyware. someone provided a link to s&d spybot, download it and see if it finds something -you've got nothing to ioose

 

[Pada]

run both spybot s&d and malwarebytes' antimalware.

TCPView from sysinternals can also show which applications have network connections open or are just listening for incoming connections. TCPView only shows the connections and not the amount of data exchanged, where as something like Comodo Internet Security shows the connections as well as the data exchanged AND above all, its a proper firewall FOR FREE.

 

[MidnightWizard]

NetBios

nbtstat -n -o

Standard WinXP util.
Will show the PID of the processes using the network.

NBTSTAT will show netbios info

NETSTAT will show TCP/IP info


XP / Vista with latest service packs will have built in "firewall"

It will at least allow you to control your connections to a certain extent.

The Sysinternals replacement for "Task-Manager" is a lot more powerful and will show you what is running on your computer.

Is it a wireless or wired connection that is causing the problem ????

At the rate of uploading that is going on , sounds to me like your "sensitive-data" is ALL gone -- Bye Bye.

I am suprised that they allow someone with so little knowledge control of "sensitive-information"


MW

 

[ponder]

Laptop, format & reinstall unless you are keen to waste your time hunting down the offending app/malware.

Edit: Does your firewall not show you what's using the bandwidth. I use outpost and it tells me what is using bandwidth.

 

[Srack0verflow]

Laptop, format & reinstall unless you are keen to waste your time hunting down the offending app/malware.

yeah, least effort i guess
you get some die hard anti-format geeks around here though, so i hardly ever sugggest it