Virus eating my bandwidth!!

Taqyon

Well-Known Member
Joined
Dec 10, 2003
Messages
234
Reaction score
18
Location
Milnerton
Hi Guys

I'm at my wit's end. I've tried AVG, Malware Bytes and ESET but I can't track the bugger down.

I go through 2 gigs (today 5 gigs) in a DAY, while not even at my computers!

Afrihost is sending warnings about network abuse as well.

Looks like the activity is on port 3389 process svchost.exe. I've sent firewalls in and out but it looks like it's masquerading as something else.

Any ideas on software I can use to find the p.o.s. ?

Thanks,
Hein
 
Port 3389 is Remote Desktop.

I would suggest that you disable Remote Desktop on your PC's.

btw, are you dialing the PPPoE connection from your router, or from your PC?

If you've disabled remote desktop AND you're dialing the PPPoE connection from your ADSL modem and you're still having issues, then I would suggest that you try Comodo Internet Security for the Firewall.

With TCP View and Process Explorer - both free from SysInternals - you should be able to find the process/windows service responsible.
 
Thanks a mil, going to try the SysInternals tools.

Funny - when I leave the computer alone, bw usage shoots up, as soon as I touch the mouse it drops...

It's 90% outgoing traffic. Looks like I'm a spam host.
 
Last edited:
I tend to have much better detection on infected systems using Kaspersky than using AVG. Just an idea, but might be worth a try.

+100 to the disable remote desktop / port 3389
 
download combofix, it always does the job for me.

if you get a error that it cant run because the file has been compromised , first download avg virut remover, to get virut off then combofix should run.
 
I haven't got any RDP ports open to world+dog - only VPN.

So you VPN first, then you'll be able to connect via remote desktop.

Safer that way. And, btw, VPN user account's got a good (strong) password.
 
There are so many tools out there, but you have to use them all to make sure you are completely clean.

Take the drive out, put it in another 'clean' machine and run all tools on them;

Malware
Spybot
Superantispyware
NOD32
Mcafee
etc etc etc - whatever!

Then put the drive back in and run the combofixs and such.
Fixing spyware/malware etc is a mission hey!
 
Firewall is blocking incoming RDP ports, there are no active RDP sessions, yet outgoing traffic is through the roof.
 
Thanks yes, hell of a mission to take out the server's drives etc etc. But yea last resort.
 
Firewall is blocking incoming RDP ports, there are no active RDP sessions, yet outgoing traffic is through the roof.

Seriously dude, try Ubuntu for a long term and permanent fix. Make the machine dualboot if you need stuff from the MS OS.
 
i didn't say reinstall..

read that page I linked. there's a DL to TDSSkiller it self.

though I should have warned it sometimes kills proggies too. he must look at the list it wants to kill & decide.

Edit: but, yes MSSE is better than avg in my opinion too
 
Try Googling: Hijackthis.exe, download, run it and save the log. You can go online to check anything suspicious. Also Google and download a few RootKit Anti Virus tools, to detect those viruses that sometimes lurk in the Bootsector, so no amount of cleaning will kill them, they just reappear on reboot. If you are using Windows 7 ( or Vista) then you can "split" your hard drive quite easily into equal parts ( say 80Gig and 80gig on a 160) without losing any data or your operating system. Then do a clean install on the "new" drive. Alternatively, use a Windows Boot Disk (CD) with USB support, so you can load and run " Stinger" or any stand alone Virus checker. If you need XP or Windows 7 Boot up disks then just contact me and I'll help out.(Free) I'm in Randburg, Gauteng.
 
If he's going to to a reinstall, he might as well install Windows again, with Microsoft Security Essentials.
Agreed..... Why try and patch a siev. Just re install windows. I'm connected 24/7 without a firewall, but have yet to be infected by a virus. But I do wipe and re install windows at least every 2 months.
All personal and important documents are stored on removable media. Out off harms way.


Sent from my Desire HD using MyBroadband Android App
 
In the meanwhile download netlimter and use it to cut the virus's BW
 
Top
Sign up to the MyBroadband newsletter
X