TechSpot

Internet sending far more packets than receiving

By tlwash123
Apr 8, 2009
  1. Hi, for about the past month my laptops internet has been going very very slow. I checked the connection status and after being connected to the internet for 2 minutes i have sent 208,000 packets and only recived 2,000. It has been taking me from 2-10 minutes to load one page. I did the 8 step process thing and i am only able to actually use the internet when im in safe mode with networking.

    If anyone could help me plz and thx



    View attachment 46628

    View attachment 46629

    View attachment hijackthis.log
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I would guess that it's the Vundo kids calling home! And their cousins are around also. You have a lot of malware on that system. Rather than remove the HijackThis entries now, Please do the following:

    Please download VundoFix.exe HERE and save to the desktop.( to your desktop.
    Download SDFix HERE and save it to your Desktop.
    * Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Boot into Safe Mode
    * Restart your computer and start pressing the F8 key on your keyboard.
    * Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Run SDFix
    When finished, rescan with HijackThis and post log and reports from Vundo Fix and SDFix.
     
  3. tlwash123

    tlwash123 TS Rookie Topic Starter

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    hijackthis SDFix.txt is HiJacjThis log

    SDFix.txt is SDFix log.

    hijackthis Vundo.txt is another HJ...where is the Vundo report?
     
  5. tlwash123

    tlwash123 TS Rookie Topic Starter

    Once i ran it and it finished it said it has found 0 problems and click ok and then it was done
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Run it again in Normal Mode! You are full of Vundo and a few other things!

     
  7. tlwash123

    tlwash123 TS Rookie Topic Starter

    i ran vundo fix in normal mode like u said and it still found nothing
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please download ATF Cleaner by Atribune HERE & save it to your desktop.

    Using Safe Mode:
    Right click on Start> Explore> Windows System 32 on the right screen, find and right click> delete any of the following if found:
    Now see if you can boot into Normal Mode.
    UPDATE and scan with Malwarebytes again, in Normal Mode, follow with new scan using HijackThis.

    Please attach both logs.
     
  9. tlwash123

    tlwash123 TS Rookie Topic Starter

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Mbam shows No Action Taken: this means that the malware was found and nothing was done-you need to do this when running it:
    * Make sure that everything is checked, and click Remove Selected.

    Since there was no progress, let's do this:
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    [​IMG]

    [​IMG]
    --------------------------------------------------------------------

    Double click on Combo-Fix.exe & follow the prompts.

    When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
     
  11. tlwash123

    tlwash123 TS Rookie Topic Starter

     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Boot into Safe Mode:
    Start> Run> msconfig> enter> Selective Startup> Startup menu> UNCHECK ALL of the Symantec processes (look like about 4)Apply> OK

    While still in Safe Mode:
    Start> Run> services.msc> double-click on each of the following and change their Startup type to Disabled:
    When finished reboot into Normal Mode. Ignore the nag message and close after checking 'don't show message again.' Stay in Selective Startup.

    With your internet connection disabled, run Combofix again and post new report.

    You have many unnecessary processes starting on boot. Those will run in the background. Some will be contacting the internet, looking for 'updates. For instance:
    Zune, QuickTime, Real Player, DVD Launcher, HP Updater, ITunes Helper>> NONE need to start on boot.

    The following processes set on Global Startup will start when ANY user logs on. NONE need to be on Startup. NONE should be on Global Startup.
    Once we remove the malware, you are still going to see more packets transmitting> every update you see running is going to call home

    You also have processes running for GoToAssist Express Customer. But you are here on TechSpot asking for help. So why start this program on boot and run it in the background? One day, if you need to use it, you can start it manually.
     
  13. tlwash123

    tlwash123 TS Rookie Topic Starter

  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The AV was still on. running a program here and there over a 6 week period isn't going to be effective.

    Please describe exactly what problems you are having now.

    It would be in your best interest to run the 3 preliminary cleaning again. UPDATE and scan with Malware bytes. UPDATE and scan with Superantispyware. follow with a new HijackThis scan. Attach all three logs.

    Are you still using Symantec security? Please run a full system scan with it. If ANY malware is found, include that log in your next reply.

    I sm having you stasrt this process over. 6 weeks is too long to try and use the logs.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.