Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
22 posts

Geek


  Reply # 303323 1-Mar-2010 15:55
Send private message

This is why it's useful to have graphing on your router - that way you can match up what your router says with what the usage meter says.

I don't think theres much you can do now that it's stopped, but the fact it was only happening when your PC was on is pretty damning - I suspect something auto-updating or similar.

In any case, if it happens again, run Wireshark (http://www.wireshark.org/) to do a packet capture and see where that traffic is going to... It's the only way to be sure.

9 posts

Wannabe Geek


  Reply # 303533 2-Mar-2010 01:49
Send private message


I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)

 
 
 
 


660 posts

Ultimate Geek
+1 received by user: 112


  Reply # 303547 2-Mar-2010 07:19
Send private message

squirrel:

I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)


On a side note, only use wireshark if you have had some background at least in networking. It would be a bit daunting to use otherwise.



134 posts

Master Geek


  Reply # 303694 2-Mar-2010 15:26
Send private message

Nah its ok guys, sorted it. Turns out it was some sort of malware which rided on the Java.exe process.

All gone though.

149 posts

Master Geek


  Reply # 303706 2-Mar-2010 15:49
Send private message

Therefore MS Essentials didn't pick it up?



134 posts

Master Geek


  Reply # 303711 2-Mar-2010 16:07
Send private message

It appears not.

6069 posts

Uber Geek
+1 received by user: 185

Trusted
Subscriber

  Reply # 303767 2-Mar-2010 19:29
Send private message

So were all safe in bed tonight with the bugs eating our hard earned cash, in an all legit process. :( sounds like guvment.

Cheers
Cyril

3009 posts

Uber Geek
+1 received by user: 881

Trusted
Subscriber

  Reply # 303788 2-Mar-2010 20:52
Send private message

@fraseyboy: glad you got it all sorted out out. Can you post how you detected the problem and what the actual problem was for future reference when other people have the same sort of problem.

Thanks
Steve



134 posts

Master Geek


  Reply # 303808 2-Mar-2010 21:39
Send private message

Wait, no.

There was another virus I found using Malwarebytes Anti-malware (Microsoft Security Essentials didn't pick it up), and Java.exe WAS using up lots of RAM, CPU and network, but the two don't seem to be linked. After further investigation, the culprit appears to be Freenet, which I installed out of curiosity. It appears that it was silently always open and since I was being used as a node, it was using a lot of bandwidth. It's a Java application which explains why Java was showing up as using a lot of bandwidth.

Uninstalling Freenet has removed the Java.exe application from my processes list and HOPEFULLY fixed the problem.

8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 303843 3-Mar-2010 00:15
Send private message

Freenet is like tor, your computer will act as a node on their network that other people traffic can be routed through.  It's useful for many reasons (ie: people in countries with heavy internet censorship getting around blacklists).  However it would use a ton of bandwidth if you left it running, as you have found.

Microsoft Security Essentials is a solid anti virus, it's as good if not better than the other free AV (AVG, Avast, Antivir). It rightly didn't detect a legitimate program he willingly installed as a virus or malware.

I've always felt TelstraClear's "automatically add another data pack" system is flawed in that it doesn't let you put a maximum cap on the usage or $ amount spend.  Also it will charge your full packs even if you only ues a tiny amount into the next pack.

A lot of potential for nasty suprises in most households imo.

BDFL - Memuneh
59604 posts

Uber Geek
+1 received by user: 10776

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 303889 3-Mar-2010 10:16
Send private message

So everything in the previous three pages was pointing out to something on your PC, people blamed Microsoft Security Essentials (which I use and is actually very good), when in fact yourself planted an Internet sharing/proxying program?

Seriously, no sympathy. TelstraClear bear no guilt here, so if they charge your usage, so be it.

As pointed before, people are responsible for their computers.






134 posts

Master Geek


  Reply # 304047 3-Mar-2010 17:11
Send private message

I concur. This was my fault. Microsoft Security essentials its doing its job fine. I will be more careful on future.

163 posts

Master Geek
+1 received by user: 1


  Reply # 304100 3-Mar-2010 19:31
Send private message

Its always suspicious if your upload is more than your download, it's highly unlikely unless your running a web server, or hosting something...

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.