[TelstraClear] Apparently I've used 70.39gb this month...

Forums › One New Zealand (including Vodafone, WxC, Farmside) › [TelstraClear] Apparently I've used 70.39gb this month...

1 | 2 | 3

Belsamber

22 posts

Geek

#303323 1-Mar-2010 15:55

This is why it's useful to have graphing on your router - that way you can match up what your router says with what the usage meter says.

I don't think theres much you can do now that it's stopped, but the fact it was only happening when your PC was on is pretty damning - I suspect something auto-updating or similar.

In any case, if it happens again, run Wireshark (http://www.wireshark.org/) to do a packet capture and see where that traffic is going to... It's the only way to be sure.

squirrel

9 posts

Wannabe Geek

#303533 2-Mar-2010 01:49

I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.

Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)

ArcticSilver

729 posts

Ultimate Geek

#303547 2-Mar-2010 07:19

squirrel:

I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.

Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)

On a side note, only use wireshark if you have had some background at least in networking. It would be a bit daunting to use otherwise.

fraseyboy

134 posts

Master Geek

#303694 2-Mar-2010 15:26

Nah its ok guys, sorted it. Turns out it was some sort of malware which rided on the Java.exe process.

All gone though.

uktuatara

149 posts

Master Geek

#303706 2-Mar-2010 15:49

Therefore MS Essentials didn't pick it up?

fraseyboy

134 posts

Master Geek

#303711 2-Mar-2010 16:07

It appears not.

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#303767 2-Mar-2010 19:29

So were all safe in bed tonight with the bugs eating our hard earned cash, in an all legit process. :( sounds like guvment.

Cheers
Cyril

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#303788 2-Mar-2010 20:52

@fraseyboy: glad you got it all sorted out out. Can you post how you detected the problem and what the actual problem was for future reference when other people have the same sort of problem.

Thanks
Steve

fraseyboy

134 posts

Master Geek

#303808 2-Mar-2010 21:39

Wait, no.

There was another virus I found using Malwarebytes Anti-malware (Microsoft Security Essentials didn't pick it up), and Java.exe WAS using up lots of RAM, CPU and network, but the two don't seem to be linked. After further investigation, the culprit appears to be Freenet, which I installed out of curiosity. It appears that it was silently always open and since I was being used as a node, it was using a lot of bandwidth. It's a Java application which explains why Java was showing up as using a lot of bandwidth.

Uninstalling Freenet has removed the Java.exe application from my processes list and HOPEFULLY fixed the problem.

Ragnor

8222 posts

Uber Geek

Trusted

#303843 3-Mar-2010 00:15

Freenet is like tor, your computer will act as a node on their network that other people traffic can be routed through. It's useful for many reasons (ie: people in countries with heavy internet censorship getting around blacklists). However it would use a ton of bandwidth if you left it running, as you have found.

Microsoft Security Essentials is a solid anti virus, it's as good if not better than the other free AV (AVG, Avast, Antivir). It rightly didn't detect a legitimate program he willingly installed as a virus or malware.

I've always felt TelstraClear's "automatically add another data pack" system is flawed in that it doesn't let you put a maximum cap on the usage or $ amount spend. Also it will charge your full packs even if you only ues a tiny amount into the next pack.

A lot of potential for nasty suprises in most households imo.

freitasm

BDFL - Memuneh
79294 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#303889 3-Mar-2010 10:16

So everything in the previous three pages was pointing out to something on your PC, people blamed Microsoft Security Essentials (which I use and is actually very good), when in fact yourself planted an Internet sharing/proxying program?

Seriously, no sympathy. TelstraClear bear no guilt here, so if they charge your usage, so be it.

As pointed before, people are responsible for their computers.

fraseyboy

134 posts

Master Geek

#304047 3-Mar-2010 17:11

I concur. This was my fault. Microsoft Security essentials its doing its job fine. I will be more careful on future.

tknz

182 posts

Master Geek

#304100 3-Mar-2010 19:31

Its always suspicious if your upload is more than your download, it's highly unlikely unless your running a web server, or hosting something...

1 | 2 | 3