Win XP System Continuously Downloading Data

Discussion in 'other security issues & news' started by DirtRider, May 11, 2012.

Thread Status:
Not open for further replies.
  1. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    I suspect this is in the incorrect area but I just could not seem to see where it should go, sorry.

    Anyway this is my issue at hand. I have a WinXP box that seems to be continuously downloading data. Now we pay per meg for our bandwidth this side so this is becoming a huge issue to me. I have a bandwidth monitor on that system that will show huge amounts of downloads and some uploads when I am not even at the PC. I am talking a few Gig in a weekend (this PC is at my office and not used weekends).

    I have disabled all automatic updates with now result. I have the following programs installed for security.

    AVG Free
    Zone Alarm
    SuperAnti Spyware

    Additionally I have done various scans with different house call antivirus and nothing. I mostly use this system for mail and browsing the internet so the following programs are normally running.

    FireFox
    MS Outlook

    I don't have any P2P applications installed and no SkyPe either. I have now reach the stage that I am considering formatting and doing a clean install but as a last resort I thought I would ask here for help. Right now I am only turning on the router and connecting to the internet when I need to do work on the above applications
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Download TCPView, if you don't have it already, and see which exe's are connecting.

    And if you find many instances of Svchost, use Svchost Viewer to narrow it down.

    I would add Malwarebytes to your current scanners. In my experience it has found something other scanners haven't.
     
  3. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    Ok let me try that but it will now only be on Monday when I am back at the office then I will post the results here
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    also you can set ZA to block all traffic while not around. Then check its logs to see what was trying to access the net
     
  5. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    Thanks I never thought of doing that
     
  6. clubhouse

    clubhouse Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    180


    Useful...glad I saw this:thumb:
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,264
    Absolutely. Finding out what was trying to access the net is better than finding out was has already accessed the net. At any rate, you need to find out what's going on and Keyboard_Commando had two good tools to find out.
     
  8. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    Ok I just had a look at my ZA and it seems it does not give me an option to block traffic at scheduled times at all, this is the free version. I have also started running TCPView now to try and see what is doing this
     
  9. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    Ok what I now did is download NetBalance and I noticed that I still had a lot of leftovers from when I was running iTunes. So I have uninstalled all of that and it seemed to have helped but this is what I still have using data, see attached.

    The thing is I am not sure what some of these are for lsass.exe. Looking it up it seems it is a local server of some sorts should I have this running on this PC? Ok I have now also removed IIS on this PC and this seemed to have stopped the traffic on the lsass.exe. Not sure why IIS was running anyway
     

    Attached Files:

    Last edited: May 14, 2012
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,498
    Location:
    localhost
    I would not waste too much time if you don't know well how to move around (e.g. its normal to see "lsass.exe" on standard XP installation), Just post relevant logs at Bleepingcomputer or SpywareHammer to have your system reviewed (malware infection).

    Normally you don't install IIS on the system or at least you should recall having installed it. This is not a good sign. :D
     
  11. DirtRider

    DirtRider Registered Member

    Joined:
    May 11, 2012
    Posts:
    6
    Well the problem seem to be a lot better now that I got rid of all the iTunes stuff. The IIS I do now remember installing it to test something but then forgot about it. I will also try what you suggested when I am back in the office again, thanks
     
Thread Status:
Not open for further replies.