Page 1 of 1 [ 8 posts ] 

TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

30 May 2013, 11:09 am

Something is hogging my slow dial-up internet connection... and I don't know what it is. It is downloading many megabytes and also uploading too but a lesser amount. :evil: I'm stuck with dial-up as I live in the middle of the countryside.

I purposely have Windows (Vista "spit") updates set to only notify me of updates and all other application software I purposely set to the same setting or no automatic updates. This usually allows me to manage heavy downloads and updates to run overnight. I suspected Adobe because they are sods at updating their bloat-ware without permission whenever they want so yesterday I uninstalled Adobe Reader and Flash. It hasn't resolved the problem though.

Can anyone recommend a decent firewall please that might help me find out what is monopolising my internet connection? I want to know if the internet traffic is legitimate (though unauthorised) or malware related. This problem has been ongoing for a number of weeks now but both AVG and Malwarebytes say my computer is virus free. I'm not convinced. My computer shut itself down (unexpectedly and automatically) a week ago and refused to boot up again, Windows wouldn't even boot up in safe mode. I ended up formatting the hard drive and reinstalling the original factory DVDs.

I was thinking of downloading the latest Zone Alarm firewall, it used to be great years ago when I used it on XP but the users reviews on CNET slate the latest version really badly, so I'm not touching that one at all. I gather it has gone the way of much freeware now... bloated and loaded with additional crapware and unwanted toolbars. Trouble is the user reviews of the (latest versions) of other free firewalls read badly too.

Any suggestions please? I've really got to find out what is monopolising my internet connection. It is a struggle even posting this as "something" is taking 100% of my limited bandwidth.


_________________
I've left WP indefinitely.


Last edited by TallyMan on 30 May 2013, 11:14 am, edited 1 time in total.

Shatbat
Veteran
Veteran

User avatar

Joined: 19 Feb 2012
Age: 31
Gender: Male
Posts: 5,791
Location: Where two great rivers meet

30 May 2013, 11:11 am

What does the Windows Resource Monitor say about it? it can list the amount of bandwith being used, and the application that is using it.


_________________
To build may have to be the slow and laborious task of years. To destroy can be the thoughtless act of a single day. - Winston Churchill


ablomov
Velociraptor
Velociraptor

User avatar

Joined: 19 Jul 2008
Age: 66
Gender: Male
Posts: 406
Location: northern hemisphere

30 May 2013, 12:13 pm

funny you shld mention this ...

I recently had the computer man around to fix a glitch and when he had gone a day later I found all my firewall set ups had either disappeared or switched off .... and when he was here (used him three times before) ... how come he asked straight out "Are you autistic or asperger" ..... uhh ??

So, i downloaded ZoneZlarm for free and am so far happy with it.

Zhu ni hao yunqi !



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

30 May 2013, 1:01 pm

Shatbat wrote:
What does the Windows Resource Monitor say about it? it can list the amount of bandwith being used, and the application that is using it.


Excellent! Thanks for the tip. I lost track of that feature some Windows versions ago. I seem to remember it was called SYSMON or similar and was run from the command line? Anyway I've found the Resource Monitor on Vista and tracked the current bandwidth hog:

svchost.exe (netsvcs) 213.200.108.19 (and several other IPs in the same range)

Turns out they all belong to Akami Technologies which (amongst other things) are an internet content delivery company. Looks like they ship Microsoft updates and updates for various other tech companies. So in this particular case it looks probable that I'd got a rogue instance of Windows update running without permission. Out of curiosity I clicked the Windows update icon in the notification area and the update screen stated that several updates were available to download but that it supposedly wasn't currently downloading any! I rebooted the computer and that seems to have killed the rogue process and I've got bandwidth back again. I wonder how often rogue Windows update processes are responsible for overloading my Internet connection? I'll monitor the situation from now on and keep an eye on what hogs the connection.

Thanks for the tip Shatbat. Much appreciated.


_________________
I've left WP indefinitely.


Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 69,099
Location: Over there

30 May 2013, 3:07 pm

Hmm, sneaky.
Akami would also ship out various (probably very small) security certificates to XP on request, despite my having "do no updates at all" nailed in place for some time now.
The OS updates don't happen, as requested, but it annoys that these updates are considered not part of my request that nothing is updated, and attempts are made to update something anyway - and I wouldn't be too surprised if Microsoft had decided that if some multi-megabyte "essential" updates for Vista weren't strictly part of an OS code update, they would be attempted despite settings elsewhere.

As it happens these updates didn't happen either because my XP box is blocked from making any WAN connection by my server's firewall - but it still logs the sneaky attempts made.
I appreciate that connecting via an independent server is not always practical to set up and maintain, but it's certainly a very effective way of definitively clobbering any unauthorised WAN access.


_________________
Giraffe: a ruminant with a view.


xMistrox
Toucan
Toucan

User avatar

Joined: 25 Mar 2013
Age: 38
Gender: Male
Posts: 255

31 May 2013, 11:49 am

Sometimes malware will hide under the name svchost.exe (normally several of these run at a time anyway). It could be legitimate (though annoying). If Malwarebytes isn't picking it up, it probably is ok, but you could always temporarily install Microsoft Security Essentials. I use both when I think I might have an infection, occasionally one will find something the other has missed.

I used Zone Alarm for years till the windows firewall progressed enough to do a pretty good job on its own, and now Avast catches about anything that gets past that. I like Avast much better than AVG, which I used for years prior, I just turn off the voice that tells me when the virus database has been updated.


_________________
BAP: 103 aloof / 100 rigid / 103 pragmatic
AQ: 40 EQ: 8 SQ: 114
Aspie: AS-156/200 NT-56/200
RAADS-R: 189 total
Diagnosed 9/2013


Shatbat
Veteran
Veteran

User avatar

Joined: 19 Feb 2012
Age: 31
Gender: Male
Posts: 5,791
Location: Where two great rivers meet

31 May 2013, 11:53 am

I'm glad to have been of help. I used that very same monitor to find out about some kind of P2P download booster that had sneakily installed itself along with a videogame, during a time where I had a crappy usb 3G modem which only allowed 2GB of monthly traffic. Having no home internet three weeks out of four was no fun, let me tell you :lol:


_________________
To build may have to be the slow and laborious task of years. To destroy can be the thoughtless act of a single day. - Winston Churchill


VIDEODROME
Veteran
Veteran

User avatar

Joined: 20 Nov 2008
Age: 48
Gender: Male
Posts: 2,691

31 May 2013, 12:00 pm

I wonder if something like WireShark would show what kind of traffic activity is going on.