First of all a big shout out and thanks to "teneightypea" and "honem" on geekzone chat who helped guide me along the right path to diagnosing network issues and potential threats.
What went wrong?
The internet simply wouldn't work at times. No google, no steam, no online gaming, even speedtest.net wouldn't connect to the server. Dropbox failing, youtube not loading etc.
So i decided to check my router activity. Strangely enough with no programs running, this is what I found.
Ok, I recognise those ports as steam, Nope no programs running... When i did start up steam, nothing changed.
Again, with all programs closed (even my browser) this is what was outgoing from my PC. (boxed out ip address just cause)
looks a bit small, link here just incase someone somewhere needs to check..
So it's a lot of internet activity through the modem when I am the only PC connected (at this time) and running no programs (yes i see steam, but that was due to diagnosing problem in first pic) Also steam doesn't smash the internet like you see above.
Ok, It's a virus.
Let's make it quick...
My flatmates download heaps and most likely do quick installs, meaning, accepting random additional softwares, toolbars, etc. instead of unchecking boxes via custom installs. Secondly, it didn't help that for some weird reason, all anti viruses were disabled on my girlfriends pc. (cant blame her though ;) )
How did we solve it?
Firstly, Command prompt was used to check all process ID numbers, against those in my task manager. Some real strange babylon stuff showed up, so I removed and exterminated it. Furthermore malwarebytes was unable to be downloaded so using Iphone's 3g hotspot we managed to download it.
Malwarebytes had a party all night long. Malware had 2 counts on my computer, 14 on my girlfriends and 21 on my flat mates. To me it seems that 1 or more of these malware's were actually doing some damage, and being distributed via our router (explaining large traffic usage and randomly open+used ports)
All passwords etc were changed just to be safe. Online banking etc.
So i decided to reset the modem and clean all the users' from malware and other types of viruses. On my PC, google chrome got infected and had to be reinstalled, and microsoft security essentials also died, started showing fake threats and as soon as i clicked clean, it disappeared from processes (under task manager). So reinstalled that...
The name was Virtool: MSIL/Injector.ED
and a few other Virtool "something" i forgot. Obfuscator XZ or something.
These are dangerous and after a full rootkit check, malwarebytes FULL scan, MSE FULL scan and spybot (if you have annoying things popping up) have fixed this problem. Modem usage is back to normal and im able to play games again with a lovely 30ms. Netgraph on steam showed over 1,000 ping at the time this virus was intruding our computers and network.
This post is mostly to say thanks to fellow Geekzone users for helping me out, 1080p and honem, also if anyone notices any similar problems, or has questions, please feel free to ask in the comments below.
Feels great to be safe again, I'm always up to date and virus aware, but man this thing was BAD news.
Other related posts:
A Hectic week in Japan! -Complete version
Guide to making your Computer UV reactive
Comment by Athlonite, on 3-Sep-2013 22:52
Please get rid of MSE it's a piece of junk now I'd use Avast free edition if I were you and click the quiet gaming mode to on
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.