Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
22 posts

Geek


  Reply # 303323 1-Mar-2010 15:55
Send private message

This is why it's useful to have graphing on your router - that way you can match up what your router says with what the usage meter says.

I don't think theres much you can do now that it's stopped, but the fact it was only happening when your PC was on is pretty damning - I suspect something auto-updating or similar.

In any case, if it happens again, run Wireshark (http://www.wireshark.org/) to do a packet capture and see where that traffic is going to... It's the only way to be sure.

9 posts

Wannabe Geek


  Reply # 303533 2-Mar-2010 01:49
Send private message


I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)

672 posts

Ultimate Geek
+1 received by user: 112


  Reply # 303547 2-Mar-2010 07:19
Send private message

squirrel:

I'm pretty positive it wasn't a virus, unless Microsoft Security Essentials is completely useless.


Given MS's previous Security track record, I'm not personally inclined to trust MS Security Essentials.

If you do have a virus or other malware, it is entirely possible that it is hidden within a rootkit (and has therefore bypassed MS Security Essentials). The only way to detect it then would be to run an offline tool like the Avira Rescue System that boots into it's own OS to scan your machine. By booting into it's own OS, it prevents the booting of the malware/rootkit.

Are there any other machines that access your network? Gaming consoles? NAS box? Toaster? You should lock them down, and prevent them from accessing the network to see if that makes a difference.

You mentioned that your WiFi has a password, but that could mean any number of things. I'd read that as simply changing the default admin password to something else, which means your WiFi could be open. Maybe I'm being too literal. More specifically, is your WiFi encrypted? If so, with what? WEP? WPA? WPA2? WEP has been broken, and there are a number of tools online that make accessing WEP encrypted networks easy. You may be on a back section, but you'd be surprised how far WiFi can travel especially if someone is using a higher gain antenna. WPA is better, but it can be broken too.

If you are still having issues with high traffic usage, try running Wireshark to see what traffic is flowing across your network, and from what devices. I'd also suggest watching what programs/services are accessing your network on your machine: I quite like using CurrPorts for this, although a previous post did suggest tweaking the Resource Monitor for this as well.

Good luck hunting down your bandwidth problem. :)


On a side note, only use wireshark if you have had some background at least in networking. It would be a bit daunting to use otherwise.



134 posts

Master Geek


  Reply # 303694 2-Mar-2010 15:26
Send private message

Nah its ok guys, sorted it. Turns out it was some sort of malware which rided on the Java.exe process.

All gone though.

149 posts

Master Geek


  Reply # 303706 2-Mar-2010 15:49
Send private message

Therefore MS Essentials didn't pick it up?



134 posts

Master Geek


  Reply # 303711 2-Mar-2010 16:07
Send private message

It appears not.

6209 posts

Uber Geek
+1 received by user: 252

Trusted
Subscriber

  Reply # 303767 2-Mar-2010 19:29
Send private message

So were all safe in bed tonight with the bugs eating our hard earned cash, in an all legit process. :( sounds like guvment.

Cheers
Cyril

3085 posts

Uber Geek
+1 received by user: 921

Trusted
Lifetime subscriber

  Reply # 303788 2-Mar-2010 20:52
Send private message

@fraseyboy: glad you got it all sorted out out. Can you post how you detected the problem and what the actual problem was for future reference when other people have the same sort of problem.

Thanks
Steve



134 posts

Master Geek


  Reply # 303808 2-Mar-2010 21:39
Send private message

Wait, no.

There was another virus I found using Malwarebytes Anti-malware (Microsoft Security Essentials didn't pick it up), and Java.exe WAS using up lots of RAM, CPU and network, but the two don't seem to be linked. After further investigation, the culprit appears to be Freenet, which I installed out of curiosity. It appears that it was silently always open and since I was being used as a node, it was using a lot of bandwidth. It's a Java application which explains why Java was showing up as using a lot of bandwidth.

Uninstalling Freenet has removed the Java.exe application from my processes list and HOPEFULLY fixed the problem.

8025 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 303843 3-Mar-2010 00:15
Send private message

Freenet is like tor, your computer will act as a node on their network that other people traffic can be routed through.  It's useful for many reasons (ie: people in countries with heavy internet censorship getting around blacklists).  However it would use a ton of bandwidth if you left it running, as you have found.

Microsoft Security Essentials is a solid anti virus, it's as good if not better than the other free AV (AVG, Avast, Antivir). It rightly didn't detect a legitimate program he willingly installed as a virus or malware.

I've always felt TelstraClear's "automatically add another data pack" system is flawed in that it doesn't let you put a maximum cap on the usage or $ amount spend.  Also it will charge your full packs even if you only ues a tiny amount into the next pack.

A lot of potential for nasty suprises in most households imo.

BDFL - Memuneh
60832 posts

Uber Geek
+1 received by user: 11717

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 303889 3-Mar-2010 10:16
Send private message

So everything in the previous three pages was pointing out to something on your PC, people blamed Microsoft Security Essentials (which I use and is actually very good), when in fact yourself planted an Internet sharing/proxying program?

Seriously, no sympathy. TelstraClear bear no guilt here, so if they charge your usage, so be it.

As pointed before, people are responsible for their computers.






134 posts

Master Geek


  Reply # 304047 3-Mar-2010 17:11
Send private message

I concur. This was my fault. Microsoft Security essentials its doing its job fine. I will be more careful on future.

169 posts

Master Geek
+1 received by user: 1


  Reply # 304100 3-Mar-2010 19:31
Send private message

Its always suspicious if your upload is more than your download, it's highly unlikely unless your running a web server, or hosting something...

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.