PDA

View Full Version : Bandwidth Leeching?


Fox
10-06-2006, 02:12 AM
Hey guys. I'm fairly new to the forums, and I read some of the previous help threads and you seemed to help them quite a bit.
My bandwidth seems to be strangely going up by about 20mb per refresh, and even when I'm not doing anything that may cause it to rise (downloading, surfing ect.), it still goes up.

I would really appreciate it if you could tell me if this is a virus, or just a problem with my computer. And if possible, steps that I could take to fix it.

Thanks!

Stealth
10-06-2006, 03:21 AM
Just out of the blue, three possibilities spring to mind.

Spyware - in which case you ought to do a complete spyware scan with HijackThis!, Spybot S&D and AdAware. All of those might be able to help you.
Viruses, Trojans and Worms - in which case you need to run a full-scale virus scan and see what comes up. Using AVG, Avast, or any acclaimed freeware or trialware AV scanner will help unless the problem's deeply rooted.
A leeching neighbor - if you have a wireless network connection, this is all too common. You might want to look around for articles on fortifying your network so you don't get external users.


Initially, attempt the first two solutions and let us know how it works out.

Bryce W
10-06-2006, 03:29 AM
Since Stealth mentioned the malicious stuff which can cause bandwith increase. Im going to mention the possible legitimate things:

Windows Updates - Downloading Windows updates can suck bandwith pretty quick. Did you have a yellow shield in your taskbar next to the clock?

Chat Programs - Although it shouldnt suck 20mb in a few minutes, application such as IRC, MSN Messenger, AOL, YIM etc.. all constantly use bandwith.

Streaming Anything - Such as watching streaming videos. In some cases it can use about 4 mb per minute.



What are you using to monitor your bandwith? Your ISP's website bandwith meter? A application of some sort? Your network properties?

Fox
10-06-2006, 04:06 AM
What are you using to monitor your bandwith? Your ISP's website bandwith meter? A application of some sort? Your network properties?

Yes, my ISP's bandwidth meter. (I'm with Telstra - BigPond Toolbar, if that has anything to do with it.)
And no, there's no yellow shield on the taskbar. I basically only use MSN, and Xfire once in a while.
Sorry, but I forgot to mention this in the first post - I've already done a full scan of my PC, using Mcafee Virus Scanner - and Spybot S&D - and yet, nothing appears.

And thanks for the fast replies :).

EDIT:
I did downloaded Hijack This!, as mentioned in Stealth's post. Heres a log:

Logfile of HijackThis v1.99.1
Scan saved at 12:00:21 AM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\{DCCB2E35-089D-1033-1007-030401120001}\Update.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\svchost.exe
E:\Half-Life2\Steam.exe
e:\half-life2\steamapps\hablo33\sourcesdk\bin\SDKLauncher. exe
e:\half-life2\steamapps\hablo33\sourcesdk\bin\hammer.exe
D:\XFIRE\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Winrar\WinRAR.exe
C:\DOCUME~1\loch\LOCALS~1\Temp\Rar$EX01.844\Hijack This.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {7A7DEE2A-85BB-4B8D-B8F7-D805B9A8C9AC} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt5.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = D:\XFIRE\Xfire.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2353860-CAD2-4393-900A-BA92647C2BE5}: NameServer = 61.9.211.33,61.9.207.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvu32 - winlvu32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

Bryce W
10-06-2006, 04:38 AM
Your Hijack this log looks clean.

I noticed Steam was open. Is it possible it was doing an update?

Do you have a wireless access point in your house?

Fox
10-06-2006, 04:59 AM
Your Hijack this log looks clean.

I noticed Steam was open. Is it possible it was doing an update?

Do you have a wireless access point in your house?

No, it happens even when steam isnt running.
And I dont have a wireless connection at all.

Bryce W
10-07-2006, 02:06 AM
Try some special software such as Netlimiter which you can get HERE (http://www.download.com/NetLimiter/3000-12776_4-10227459.html?tag=lst-0-1) (free to try).

Next time it happens, watch which process (eg explorer.exe, msmsg.exe, firefox.exe etcc) is using the bandwith. Let us know what it was.

Fox
10-12-2006, 08:24 PM
Hmm... it seems to have stopped. No idea why.
Ah well, thanks for the help guys :D.

Bryce W
10-12-2006, 09:44 PM
Glad to hear its has stopped. If it happens again, give what I said in the post before yours a shot.