TechSpot

Mystery downloading: how to track it down

By jwazevedo
Nov 23, 2006
  1. I have a dial-up connection to the Internet. Recently, the Internet connection status dialog shows that the computer is receiving a steady stream of bytes, even when no program is running (IE7 and Outlook Express not started). I've turned off Windows Update notification. I've restarted. Still, the next time I connect, the bytes start their relentless arrival. How do I figure out what service is requesting this download? It's maddening.

    Thanks,
    Jerry
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Let`s make sure you don`t have something nasty on your system.

    Go and read this thread HERE, then post a HJT log as an attachment.

    Regards Howard :)

    This thread is for the use of jwazevedo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jwazevedo

    jwazevedo TS Rookie Topic Starter Posts: 49

    Here's the log, which I ran today. I should mention that I've done a virus scan with AVG and a spyware scan with SpyBot S&D, both of which came up normal. I also looked in msconfig and found an untitled service, so I did a selective startup without it. The mystery download did eventually stop, but when I checked msconfig again, the untitled service was gone, so that may be a red herring. Anyway, I'm hoping this was some sort of transient glitch that will not return. If you see anything suspicious in the log, though, I'd like to know about it. Also, if you know of any software that I can run to track what service or site is communicating with my computer, I'd be curious to hear about that too. Thanks for the help.

    Jerry
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please rename HijackThis.exe to HijackThis1991.exe and post a fresh HJT log. This is because some malware can hide form HijackThis.exe.

    Regards Howard :)

    This thread is for the use of jwazevedo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jwazevedo

    jwazevedo TS Rookie Topic Starter Posts: 49

    Sorry. I thought I was supposed to rename the log file, not the exe. Here is the fresh log file created with the renamed HijackThis1991.exe.

    Jerry
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Just have HJT fix this entry.

    O11 - Options group: [INTERNATIONAL] International*

    Click the fix checked button.

    You might be able to find the untitled service by typing services.msc into the run box and pressing the enter key. When the services window opens maximise it and see if you can find the service.

    I do agree it sounds suspicious.

    Check in your firewall software logs for possible info on the mystery download. It is possible that the download was perfectly legit. I.E some programme you have may have been simply updating?

    Other than the above, I don`t know what else to suggest.

    Regards Howard :)

    This thread is for the use of jwazevedo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jwazevedo

    jwazevedo TS Rookie Topic Starter Posts: 49

    Thanks for the many tips. In checking the firewall log, I find a repeated attempt to enter through port 6881 over the period in question, so maybe the "download" was simply the rebuffing of the swarm by my firewall. Anyway, you've given me some good ideas for the future. Thanks.

    Jerry
     
  8. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    You can see active network connections with the Windows builtin "netstat" command or the TCPView utility from www.sysinternals.com.
     
  9. jwazevedo

    jwazevedo TS Rookie Topic Starter Posts: 49

    Very useful. Thanks. Note that Sysinternals is now a Microsoft product.

    Best,
    Jerry
     
  10. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Yes I know :( I'm pretty sure that soon these cool utilities will "disappear"..
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...