Bandwidth Monitor Pro

Discussion in 'other software & services' started by Fontaine, Aug 12, 2008.

Thread Status:
Not open for further replies.
  1. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    I installed Bandwidth Monitor Pro yesterday. Today I put my computer in sleep mode before I went to work. When I came home, as is the case recently, it was somehow on (I live alone). Vista has always been quirky like that though.
    However, the real shocker is that according to the software, I downloaded 2GB of data and uploaded 5.59GB!! I do not run any peer to peer software or anything else that would require uploading/downloading that amount of data in one day.
    Two theories I have: 1) TOR is doing it somehow. I have it installed and almost never use it, and I have it set to serve as client only, not relay.
    2) My computer is somehow being accessed externally by someone. (am I paranoid?)

    Appreciate inputs. I run a router but do not run firewall software.
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    102,844
    Location:
    U.S.A.
    Fontaine, have you enabled any software to check for updates automatically? Programs like Windows Update, Defender, AV, etc. usually call home, at set times by default, unless disabled. Perhaps you should check all your applications' update settings first.

    Best bet is to standby your router (if that feature is available) while at work.
     
  3. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    JRViejo, yea I have my AV update automatically. I guess I'm not as concerned with windows waking itself up since that could be attributed to a service running. However, I'm concerned about the log files for the Bandwidth monitor. All those gigs uploaded is very weird since I use no programs that would use that much. It could have only been in a six hour period today (while I was gone).
     
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    102,844
    Location:
    U.S.A.
    Well, if Windows' svchost.exe was compromised in any way, there's the chance that you could have lots of info going back and forth. You said you don't run a firewall, yet running one with outbound protection, would stop any communication from your PC to the outside world. You could turn on the Vista firewall and install the Free Vista Firewall Control version to enable outbound blocking.

    Do the Bandwidth Monitor log files tell you anything more than GB numbers? Another thought is to install Wireshark and leave it running while at work, then you'll be able to see what's going on, although it would mean looking through a huge log file!
     
  5. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Thanks for the inputs..really helpful.
    I went ahead and install a firewall and it quickly popped up with an access attempt on port 23 (telnet). Stupid me had port 23 open on my router, but I rarely ever use telnet so my password should not have been sent out in the open at all. Still, I closed port 23 right away.
    I did a virus scan and actually had one infection that eset could not remove (dumprep1.exe) and there wasn't much of anything on the Internet. I was able to locate the registry to remove it, but at this point am considering a clean install of Vista for peace of mind.
    Bandwidth Monitor does not have a log beyond the actual GB numbers. I will check out Wireshark.

    I'm wondering about your comment re: svcshost file being compromised. Any way of telling if it is?
     
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    102,844
    Location:
    U.S.A.
    Details on Port 23 and possibly, that open port could have been your source of all communications.

    Instead of a clean install, use an online scanner like Kaspersky and run your system through it. If everything is clean, use ESET to check all svchost.exe files. Search for them (possibly more than one), notice their locations and scan them individually for peace of mind.

    While you're at it, might as well search for scvhost.exe (notice the switch on the second and third letters), which is a virus!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.