Hello,
I seem to be having a bit of trouble. I've been using nod32 for 18months without any problems.
The trouble is that I keep getting a svchost constantly receiving data from the internet. The PID is either 1216 or 1028. I am using zonealarm free firewall, and the tray icon always shows traffic even at idle, so does the routers activity light. Rebooting the router always fixes the problem for a while, but not for good.
I understand 1028 is RPC and 1216 has lots of services, but I need to know whether either of these svchosts can be compromised? as nod32 hasn't found anything even using the deep scan option.

Any help or advice would be much appreciated.

Do you have automatic updates switched on? The Microsoft Background Intelligent Transfer Service could be hiding in there. It 'drip feeds' data from the internet when you aren't using it.

Turn off automatic downloading of updates and restart, then run "wuauclt /detectnow" from the command prompt (no quotes). If the data starts moving again, you've found your culprit. ;)

No it's not windows update, that has a separate entry in Proc.exe

Go to your services (Start | Run | "services.msc" | enter) and see if you have these 2 services running:

1) Automatic Updates
2) BITS (Background Intelligent Transfer Service)

No BITS, auto update is their, but as I said above it isn't that. The possible badness is using either PID 1028 RPC Remote Procedure Call, or more often PID 1216. Which as I stated above has lots of services.
I have three XP machines here, all set up pretty much the same. It is only this one that has constant idle traffic.
I just want to know if it is possible something bad is/could be using one of these services.
I'll attach a picture to show the contents of svchost 1216.

http://www.kang0o.net/images/1216_t.jpg (http://www.kang0o.net/images/1216.jpg)

Have you tried stopping the (Windows) Automatic update service to see if it makes a difference?

-{ Quote: "Have you tried stopping the (Windows) Automatic update service to see if it makes a difference?" }-

Thats the reason I asked him that.

I have ZA free on my system running with NOD32 and I noticed the traffic as well, until I shut down the BITS and Auto Update services. now I don't see it anymore unless something is dl an update.

No it really isn't that although I appreciate both your assistance.
Ordinarily I wouldn't worry as both the above services and indeed others often auto update, so idle traffic isn't uncommon for short periods. However whats bothering me is that the traffic is inbound, at quiet a fast transfer rate, and will keep doing it regardless of system reboots. It will do this for hours if left. Only router reboots stops it for a while. Which again concerns me as it would appear it is not an outbound service connecting, but something on the internet connecting to me. The new IP stopping it for a while.