Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
22 posts

Geek


  Reply # 303323 1-Mar-2010 15:55
Send private message

This is why it's useful to have graphing on your router - that way you can match up what your router says with what the usage meter says.

I don't think theres much you can do now that it's stopped, but the fact it was only happening when your PC was on is pretty damning - I suspect something auto-updating or similar.

In any case, if it happens again, run Wireshark (http://www.wireshark.org/) to do a packet capture and see where that traffic is going to... It's the only way to be sure.

9 posts

Wannabe Geek


  Reply # 303533 2-Mar-2010 01:49
Send private message


I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
669 posts

Ultimate Geek
+1 received by user: 112


  Reply # 303547 2-Mar-2010 07:19
Send private message

squirrel:

I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)


On a side note, only use wireshark if you have had some background at least in networking. It would be a bit daunting to use otherwise.



134 posts

Master Geek


  Reply # 303694 2-Mar-2010 15:26
Send private message

Nah its ok guys, sorted it. Turns out it was some sort of malware which rided on the Java.exe process.

All gone though.

149 posts

Master Geek


  Reply # 303706 2-Mar-2010 15:49
Send private message

Therefore MS Essentials didn't pick it up?



134 posts

Master Geek


  Reply # 303711 2-Mar-2010 16:07
Send private message

It appears not.

6150 posts

Uber Geek
+1 received by user: 220

Trusted
Subscriber

  Reply # 303767 2-Mar-2010 19:29
Send private message

So were all safe in bed tonight with the bugs eating our hard earned cash, in an all legit process. :( sounds like guvment.

Cheers
Cyril

3049 posts

Uber Geek
+1 received by user: 902

Trusted
Subscriber

  Reply # 303788 2-Mar-2010 20:52
Send private message

@fraseyboy: glad you got it all sorted out out. Can you post how you detected the problem and what the actual problem was for future reference when other people have the same sort of problem.

Thanks
Steve



134 posts

Master Geek


  Reply # 303808 2-Mar-2010 21:39
Send private message

Wait, no.

There was another virus I found using Malwarebytes Anti-malware (Microsoft Security Essentials didn't pick it up), and Java.exe WAS using up lots of RAM, CPU and network, but the two don't seem to be linked. After further investigation, the culprit appears to be Freenet, which I installed out of curiosity. It appears that it was silently always open and since I was being used as a node, it was using a lot of bandwidth. It's a Java application which explains why Java was showing up as using a lot of bandwidth.

Uninstalling Freenet has removed the Java.exe application from my processes list and HOPEFULLY fixed the problem.

8020 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 303843 3-Mar-2010 00:15
Send private message

Freenet is like tor, your computer will act as a node on their network that other people traffic can be routed through.  It's useful for many reasons (ie: people in countries with heavy internet censorship getting around blacklists).  However it would use a ton of bandwidth if you left it running, as you have found.

Microsoft Security Essentials is a solid anti virus, it's as good if not better than the other free AV (AVG, Avast, Antivir). It rightly didn't detect a legitimate program he willingly installed as a virus or malware.

I've always felt TelstraClear's "automatically add another data pack" system is flawed in that it doesn't let you put a maximum cap on the usage or $ amount spend.  Also it will charge your full packs even if you only ues a tiny amount into the next pack.

A lot of potential for nasty suprises in most households imo.

BDFL - Memuneh
60251 posts

Uber Geek
+1 received by user: 11308

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 303889 3-Mar-2010 10:16
Send private message

So everything in the previous three pages was pointing out to something on your PC, people blamed Microsoft Security Essentials (which I use and is actually very good), when in fact yourself planted an Internet sharing/proxying program?

Seriously, no sympathy. TelstraClear bear no guilt here, so if they charge your usage, so be it.

As pointed before, people are responsible for their computers.






134 posts

Master Geek


  Reply # 304047 3-Mar-2010 17:11
Send private message

I concur. This was my fault. Microsoft Security essentials its doing its job fine. I will be more careful on future.

169 posts

Master Geek
+1 received by user: 1


  Reply # 304100 3-Mar-2010 19:31
Send private message

Its always suspicious if your upload is more than your download, it's highly unlikely unless your running a web server, or hosting something...

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41


New Privacy Trust Mark certifies privacy and customer control
Posted 10-May-2018 14:16


New app FIXR connects vehicle owners to top Mechanics at best prices
Posted 10-May-2018 14:13


Nutanix Beam gives enterprises control of the cloud
Posted 10-May-2018 14:09


D-Link ANZ launches Covr Seamless Wi-Fi System
Posted 10-May-2018 14:06


Telstra, Intel and Ericsson demonstrate a 5G future for esports
Posted 10-May-2018 13:59



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.