Millions of packets

By chunx0r
Apr 2, 2008
Topic Status:
Not open for further replies.
  1. Ok, I work at a university ITS helpdesk so I have at least some knowledge of tech ideas. However i am posting for my girlfreind who is currently abroad in guatemala.

    Anyways the problem is, her computer is uploading and downloading packets at extreme speeds, in a matter of five minutes she will hit the 3-4 million down.

    She is running vista. I have had her run HJT, and i didn't see anything out of the ordinary. I also have had her run TCPview, and TDIMON, and i saw nothing weird there either.

    She also said she had alot of svchost's in taskmanager. I had her disable updates and that hasn't done anything.

    Oh also she has run almost every scan there is. Norton, Spybot, spysweeper, superantispyware, combofix and more i think. any help would be greatly apreciated I will try and get a hijakthis log.
  2. Jesse_hz

    Jesse_hz TechSpot Maniac Posts: 638

    If you can't find a logical explanation for the massive amounts of traffic, then her computer is probably infected with some form of malware and is probably being used as part of a botnet to flood the Internet with spam.

    One of the other members of this forum will probably post some instructions on detecting/removing it shortly, but if I were you, I'd just reinstall Windows.
  3. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

    If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    1)AVG log
    2)Combofix log
    3)Hijackthis log (Step 15)

    This thread is for the use of chunx0r only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  4. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    Get Cports here

    run as an admin account and you will see every program which opens an internet
    connection.
    dbl-click on the column heading Remote Address and external accesses will be at the top

    If you see a program that has multiple connections and don't recognize its name,
    right-click->properties
    and you will see the path to that program and you can COPY it for later use.

    you can also close a connection (but likely will just restart it) or
    KILL the process.

    Once discovered, post back the program name and its path
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.