I have done my best to resolve this issue that has persisted for about a month now. To the best of my research I cannot find any resolution to this problem I keep having with my Network. First is my pc: Windows XP Sp2 Pentium 4 1024 Megs Ramm 60 Gig HD / 7.9Gigs used / 34.Gigs free / 12.1gig partician drive AVG , Zone Alarm, Spyware Doctor, Reg Mechanic, HijackThis, Easy Cleaner, MRUBlaster, WWDC, Ad-Aware, SpyBot, CleanUp and also Panda, Trend Micro Online scanners ran frequently. I am on a one computer network at the moment. The problem: For about a month now I have gotten some major lag while gaming, surfing the web or even sending email. When I check my LAN connection my packets sent are around 50 times that of my recieved. Being as this is a sign of hack, mega spyware and possible virus or worms I have taken as many precautions I possibley could given my computing knowledge. My pc virus scans, spyware scans and port scans either done in safe mode at this point all come back clean. The only time this seems to happen is when Team Speak client is being used. I have read their entire forums and even posted there to this problem only to be reffered to an internet security type of resolution. To my knowledge a LAN connection should have around the same packets sent as being recieved give or take a few. The only way I have resolved this problem is by rebooting and the LAN goes back to normal. My LAN is currently showing: 4, 280, 081, 210 packets sent & 98,410 recieved. I have downloaded and ran Port Explorer to monitor , Remote, TCP/UDP and all connections but nothing seems fishy. I have run teamspeak before without any kind of issue such as this. I have used that program for online confrencing for years and this only recently started which draws me to think I may have been hacked. Any Ideas or help would be greatly appreciated on this issue. I am willing to download, insall and run any further scans and post logs. Thanks to whomever responds in advance!
This may appear to be an unwise suggestion but may help you diagnose the problem. Download a trial copy of TDS3, and manually update latest radius file, run a full scan from within Safe mode (press F8 just before windows starts up). This will give TDS 3 a clear run at any malware. If the scan shows nothing try the following:- Disable ZA completely and enable XP's own firewall (as a precaution) also disable all other resident programs apart from your main AV but with PE running, now try running yout games and see if there is less lag and watch the PE logs. I have a feeling that you have an incompatability rather than a virus/trojan/worm. Pilli
Hey Philli, Thanks for the reply. I ran the TSD scan in safe mode and it came back clean. As do most the other programs when I run them in safe mode. I do a thorough check of my pc on a regular bases to ensure security and a clean pc. Considering that the windows firewall is complete garbage I would rather try another solution such as running Sygate firewall maybe? There are also two programs which I keep constantly blocked. Maybe these will present you of some useful knowledge. LexBce Service.exe is always blocked from accessing the internet. It's a windows vulnerability I looked into a long time ago. I think it has something to do with my Lexmark printer. That along with LEXPPS.exe are both blocked access. Doing so does not prevent use of the printer. Apon my research of LexBce and what it does brought me to closing vulnerable ports and blocking those services. Any other suggestions would be appreciated or if you feel that testing the windows firewall would be safe then I will do so, but I really hate windows firewall.
Hi IV411 When you ran PE did it show any connections that could account for this traffic? Have you tried something like Ethereal to monitor all your network traffic? Regards, CrazyM
Hello CrazyM, Thank you for your response. Actually last night I ran PE and downloaded and installed Sygate. Man that firewall is sweet! Anyway, I spent some time logged onto Teamspeak and kept monitoring PE. I even tested a few ports by listening to them. Last night the problem did not accur. Really there isnt anything in PE that could account for this high volume of traffic unless teamspeak just sends major packets because of it being a real time voice chatt program. Yet, this really doesnt seem like a logical explanation considering I doubt as many people would use it that had the same problem I am having. Teamspeak sends about 10-12k packets but it doesnt much fluxuate. I would really like to try and maybe post a HijackThis log and have it evaluated. Even though my computer appears clean. I sure feel Hijacked atm. Thanks for the help!
Hi I'm afraid we no longer analyse HJT logs as a rule but please follow the instructions in this thread for a full clean up https://www.wilderssecurity.com/showthread.php?t=50662 Pilli