malware advice required

[[OUPA]MrNutz]

Hi peeps.

i've got a user's pc that is doing a consistant upload of 5KB/sec

i've used:

malware bytes
spybot s&d 1.6
ccleaner
ms essentials
avast
kis 2010
trend housecall
drweb

also did:
netsh winsock reset
sfc /scannow
ipconfig/flushdns
replaced host file

no virus or any malware detected....

but the moment i run netstat -a i can see TONS of foreign external IPs...

any idea what else i can do/use/try?

 

[Other Pineapple Smurf]

The best bet is to try an identify the ports that have actual activity Then google each port to identify the application associated with it. Best to work on the ports with the most activity.

Run netstat in safe-mode to compare against the normal mode one.

 

[[OUPA]MrNutz]

i was thinking of also maybe doing a netlimiter install - just to see what process is causing the outbound traffic...and then google that for info

 

[DJNgoma]

No mention of a firewall...?

 

[[OUPA]MrNutz]

well - customer has xp's poor little firewall atm - but KIS 2010 didn't see anything when it took over the firewall..