TechSpot

Network break-in or Virus?

By dmva
Jun 2, 2007
  1. First post here, and like everyone am looking for help. Have browsed here a bit, and am quite impressed by helpfulness offered.

    Had a problem with my DirecWay satellite internet service last week becoming subject to their FAP (Fair Access Policy), due to large downloads over several hours. Unfortunately, there was no one at home, or on the computers at the times of the downloads.

    First thing I thought was someone busted into our NetGear WPN824 (V.1 I believe), as I was too lazy/busy to set security up when I installed it a year ago, and figuring that we lived in the middle of corn fields with only one neighbor closer than 1 mile, I'd have no problem.

    So, problem occurs. My neighbor? Don't know. Set up WEP on router after discovering this, and problem again the next day. My neigbor's 17yr old girl sophisticated enough to break in again right away? Maybe, don't know. Pulled the plug on both the router and 2nd computer, now have just main computer hardwired to satellite modem, and thought maybe I have something on computer I don't want :) - like virus, etc.

    Figured I'd wait and see if large downloads happened again (some were 80-90 mb in an hour). Our normal usage here is about 1mb/hr to 5mb/hr, when the computer is actively being used, and slows to .15mb/hr to .5mb/hr when sitting idle. I have no automatic downloads active other than Avast that I know of (or remember). This morning I noticed some downloads of almost 9mb/hr when (again) no one was at home or on computer. While these are not enough to trigger DirecWay's FAP (throttling us down drastically on speed for 24 hrs), I'm thinking this is on the computer - maybe more than one thing on both computers.

    So, searching lands me here.

    I've read the stickies on proceeding to clean computer, and can probably manage to get through all the steps with maybe a little assistance, but one question first. I'm running XP (legit, legal) on both computers, but have only SP1 on one computer and neither SP1 or SP2 on the other one. Should I go through the cleaning processes first then upgrade? Or vice versa?

    One other question. One of the other reasons XP2 was never installed was the impression I got of all the problems people were having when doing so at the time of release, and I just decided to wait a while (lack of time bugaboo again...). Then, of course, a while became a longer while, etc, you know the drill. Can someone recommend a RECENT how-to on installing SP2? I've seen several, but most are dated 2004 - I'd like one up to date.

    Thanks for any help.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi dmva and welcome to techspot =)

    Actually I think you can just install SP2 via the usual updates. I'm not sure why you need a how-to, you seem well versed enough in such issues.

    That said, if you can, upgrade both computers to SP2 first, then go through the cleaning process before posting your logs. To make things more methodical, choose one of your systems for cleaning first. After we're done with that one, we'll work on the other one.

    Regards,
    Your friendly momok =)

    This thread is for the use of dmva only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    make sure you have this
    satellite internet-->router-->your systems​
    and not this
    satellite internet-->system#1<--->system#2​
    the router will assist you in security by the NAT and SPI features.

    Second, by using the router, you can predict YOUR ip-address and thus
    ensure that public access to your systems is totally denied using firewall rules.
    (I can elaborate more later)

    Third, the router logs will show which ip-addresses are getting serviced, and
    thus you can see if it's an internal program vs an external hijack of your ISP
    service.

    Lastly, if at all possible, use the WPA or WPA2 security instead of the WEP.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...