Major Packet Sending Issue ;S

Discussion in 'Port Explorer' started by IV411, Jul 19, 2005.

Thread Status:
Not open for further replies.
  1. IV411

    IV411 Registered Member

    Joined:
    May 26, 2005
    Posts:
    6
    Location:
    Hotlanta
    I have done my best to resolve this issue that has persisted for about a month now. To the best of my research I cannot find any resolution to this problem I keep having with my Network.

    First is my pc:

    Windows XP Sp2

    Pentium 4
    1024 Megs Ramm
    60 Gig HD / 7.9Gigs used / 34.Gigs free / 12.1gig partician drive

    AVG , Zone Alarm, Spyware Doctor, Reg Mechanic, HijackThis, Easy Cleaner, MRUBlaster, WWDC, Ad-Aware, SpyBot, CleanUp and also Panda, Trend Micro Online scanners ran frequently. I am on a one computer network at the moment.

    The problem:

    For about a month now I have gotten some major lag while gaming, surfing the web or even sending email. When I check my LAN connection my packets sent are around 50 times that of my recieved. Being as this is a sign of hack, mega spyware and possible virus or worms I have taken as many precautions I possibley could given my computing knowledge.

    My pc virus scans, spyware scans and port scans either done in safe mode at this point all come back clean.

    The only time this seems to happen is when Team Speak client is being used. I have read their entire forums and even posted there to this problem only to be reffered to an internet security type of resolution.

    To my knowledge a LAN connection should have around the same packets sent as being recieved give or take a few. The only way I have resolved this problem is by rebooting and the LAN goes back to normal.

    My LAN is currently showing:

    4, 280, 081, 210 packets sent & 98,410 recieved.

    I have downloaded and ran Port Explorer to monitor , Remote, TCP/UDP and all connections but nothing seems fishy. I have run teamspeak before without any kind of issue such as this. I have used that program for online confrencing for years and this only recently started which draws me to think I may have been hacked.

    Any Ideas or help would be greatly appreciated on this issue. I am willing to download, insall and run any further scans and post logs.

    Thanks to whomever responds in advance!
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    This may appear to be an unwise suggestion but may help you diagnose the problem.
    Download a trial copy of TDS3, and manually update latest radius file, run a full scan from within Safe mode (press F8 just before windows starts up). This will give TDS 3 a clear run at any malware.

    If the scan shows nothing try the following:-

    Disable ZA completely and enable XP's own firewall (as a precaution) also disable all other resident programs apart from your main AV but with PE running, now try running yout games and see if there is less lag and watch the PE logs.

    I have a feeling that you have an incompatability rather than a virus/trojan/worm.

    Pilli
     
  3. IV411

    IV411 Registered Member

    Joined:
    May 26, 2005
    Posts:
    6
    Location:
    Hotlanta
    Hey Philli, Thanks for the reply.

    I ran the TSD scan in safe mode and it came back clean. As do most the other programs when I run them in safe mode. I do a thorough check of my pc on a regular bases to ensure security and a clean pc.

    Considering that the windows firewall is complete garbage I would rather try another solution such as running Sygate firewall maybe?

    There are also two programs which I keep constantly blocked. Maybe these will present you of some useful knowledge. LexBce Service.exe is always blocked from accessing the internet. It's a windows vulnerability I looked into a long time ago. I think it has something to do with my Lexmark printer. That along with LEXPPS.exe are both blocked access. Doing so does not prevent use of the printer.

    Apon my research of LexBce and what it does brought me to closing vulnerable ports and blocking those services.

    Any other suggestions would be appreciated or if you feel that testing the windows firewall would be safe then I will do so, but I really hate windows firewall. :doubt:
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi IV411

    When you ran PE did it show any connections that could account for this traffic?

    Have you tried something like Ethereal to monitor all your network traffic?

    Regards,

    CrazyM
     
  5. IV411

    IV411 Registered Member

    Joined:
    May 26, 2005
    Posts:
    6
    Location:
    Hotlanta
    Hello CrazyM,

    Thank you for your response. Actually last night I ran PE and downloaded and installed Sygate. Man that firewall is sweet! Anyway, I spent some time logged onto Teamspeak and kept monitoring PE. I even tested a few ports by listening to them. Last night the problem did not accur.

    Really there isnt anything in PE that could account for this high volume of traffic unless teamspeak just sends major packets because of it being a real time voice chatt program. Yet, this really doesnt seem like a logical explanation considering I doubt as many people would use it that had the same problem I am having. Teamspeak sends about 10-12k packets but it doesnt much fluxuate.

    I would really like to try and maybe post a HijackThis log and have it evaluated. Even though my computer appears clean. I sure feel Hijacked atm.

    Thanks for the help!
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi I'm afraid we no longer analyse HJT logs as a rule but please follow the instructions in this thread for a full clean up :) https://www.wilderssecurity.com/showthread.php?t=50662

    Pilli
     
  7. pyy

    pyy Guest

    I'm having the same problem with two Windows XP computers. Was there a reason or solution found?
     
Thread Status:
Not open for further replies.