mass uploads

naeem

naeem

Expert Member
Joined
Feb 16, 2004
Messages
1,066
Reaction score
108
Location
South Africa.
I'v got about 12 odd pc's with net access. One of them either has major spyware or a virus. In the last 3 or 4 days, my uploads have shot up to about 700megs a day (normally its about 100)

We connect via a netgear router with ip's on DHCP. Would anyone know of any tool or application to find out which pc this is? I'v run some antispyware stuff on most of the pc's but never brought up anything.

No one is on P2p so thats ruled out...

just wasted 3 gigs this week :(
 
Easiest non-technical way (might not be possible, you didnt describe your environment) - disconnect each PC from the network in turn, check stats, if looking good, then you just found the PC :-)
 
before getting into packet sniffing and far-too-technical activites than required -

Stop all browsing, email, gaming (i.e. stop all apps that you know will generate inet traffic) on all machines. Then

wired network:

most network switches have activity indicators (LEDs) for each port ..... look at them. Which one (besides the router) flashes the most ?

wireless network:

watch the WLAN indicator on the AP / router. Disconnect each client until the WLAN LED takes a breather
 
Thanks guys

I dloaded Ethereal but no idea how to use it :(

Anyway, Masticore's idea worked nicely!

Turns out Ad-Aware, Xoft & Spybot didnt pick up, but whenever the pc's started up (in the startup services) "Sygate.exe" was always coming up. And i know i didnt install it.

Removed it in the startup (with the system config) and did a quick regedit to remove it there too.

So far it seems ok. Today we'v only uploaded 16megs - normally at this time (10am) its about 200odd megs!!!
 
naeem said:
"Sygate.exe" was always coming up. And i know i didnt install it.

Removed it in the startup (with the system config) and did a quick regedit to remove it there too.
Click to expand...

Interesting, Sygate is firewall and internet connection sharing software. It should not upload so much unless it is infected or somebody is using your connection for his own purposes. Do you have a wireless access point on your network somewhere?
 
Last edited:
nope, no wireless at all. all wired.

I used to use sygate many moons ago, still got the install files somewhere, but it was never installed. HOWEVER, few pc's had that "winfix" spyware - this might have something to do with it.
 
So this virus uses phishing. You think that you are installing a firewall to protect you against virii, but instead you install a virus.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X