unknown data sent by my PC

I saw this usage today and I have no idea why. Does anybody know what is happening here and why? The category identified as 'unknown' with data sent 80+MB is what I do not understand. Where is it going and what appl. would be requesting it? I ran MBAM and MSE scans after it happened ... all clean. I did log onto Chrome during the session and the only sites I visited was Wilders and PCWorld. I read a review there then closed the tab. Here is the URL...
http://www.pcworld.com/article/2048...nalytics-with-1-billion-linux-investment.html

I also opened FF to see if V24 was available from the upgrade channel, but nothing was there so I closed it. After that there was this huge upload. I am not sure if I should be really concerned about it or not (privacy or security wise). The fact that is such a large upload with no info. as to source or destination that bothers me. As far as I know I did not click on anything on that site while I was reading the article.

 

I don't have any answers for you, but I also noticed a small amount of traffic on my system attributed to unknown using NetWorx. 80Mb seems like a lot though. I'll post back if I'm able to figure anything out.

 

fwiw, here is link to URL Analyzer for that webpage:

http://url-analyzer.net/analysis/387


seems to be nothing i guess, drowning in info.


also, what kind of AV and firewall are you using? i was using Avast a while back and a lot of stuff would get uploaded and other networking programs sometimes wouldn't show the connections.

 

I am using Windows 7/32 Firewall and MSE 4.3.215. Hope someone has some ideas as that was a lot of unidentified data going to an unknown destination.

 

With me I used to get the message whens searching google in firefox that says to enter a caption to show I am not a bot since unusual network activity is detected from your pc. It was weird??. Later I figured it was because of advanced system optimizer and protector and when I uninstalled it all was fine.

Anyway I think a software or program in your machine is doing that and you need to ID it.

I think a good firewall with network and packet analyzing and detection capability would solve this. Or an app that can analyzes your networks and IP to see what is causing this.

 

I think a program like "freefixer" may help in IDing what that unknown is. It should show in there and I suggest you get rid of it if you find where it is.

go to this link and there is tons of free stuff that you can use to analyze your pc. Chose the right heading and download what you need.

-http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm-

 

I think in this link you will find what you need to ID the culprit.

-http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,15-

 

I recall Flash Player, which comes pre-installed in Chrome, has a toggle option (default = on) called Peer-Assisted networking in the flash player settings panel. Get to it here:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager09.html

some info on peer-assisted networking: http://help.adobe.com/en_US/FlashPl...ml#WS6aa5ec234ff3f285139dc56112e3786b68c-7ff3

Maybe you had a flash applet running somewhere, maybe playing videos, i dunno. I have no personal knowledge of this setting using up bandwidth, especially upload, however I don't usually monitor my bandwidth usage but it's worth mentioning.

Also, I noticed you have a process called netsession_win.exe. What are the circumstances of that executable running in your system?

Read this i stumbled upon in Google: https://nodpi.org/forum/index.php/topic,4865.0.html‎

If I were you I would run TCPView and try to catch it in action again. TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
Also open up Resource Monitor (comes with windows), go to the Disk tab and in the Disk Activity section sort the processes by Read (b/sec) so the topmost item is the process reading from the disk.

Also try scanning with Hitman Pro: http://www.surfright.nl/en/hitmanpro/
Follow the steps so you don't have to install, just scan

 

Tnx everyone for your suggestions. It will take me some time to go through all of them. If I find the culprit I will post back ... looking at a few days work here.

NB: I logged on this morning and as soon as the system came up I got a popup to allow Skype Click to Call IE plugin in IE10 ... I had this disabled in WinPatrol as I have not used Skype in over a year, so that was a surprise. This was not a Windows Update as I have it set to 'do not download'/notify only. Not saying it was Skype, but it is a program that does use a lot of upload MBs. It should not show up as 'unknown' though and I should have seen the Skype GUI during the session if it opened. I know I did not open the start menu and select Skype.

Ostrodamus: As you are running Networx and have seen this 'unknown' category, would you mind telling me if you are running V4.2.9 or V4.2.10. I ask because I have never seen this category before. It first showed itself to me in V4.2.10.

 

Same thread on their official forum (from June):
http://www.softperfect.com/board/read.php?8,14968

 

I'm currently running 4.2.10. I think when I noticed the unknown I was running 4.2.9, but I can't say that with 100% certainty.

 

Finished the forensics this morning and found nothing.

Must be as ghost (tnx Pliskin for the link). I uninstalled V4.2.10 and reinstalled V4.2.9 just to cover all the bases. I see that the problem was raised on their forum in June 2013 and as V4.2.10 was just released this month, the problem is not with the new version. I should have checked their forum in the first place ... got overly anxious thinking it was a security breach.

NB: Definitely not Skype ... I checked it out thoroughly (it was just IE trying to turn on a plugin that I had disabled in Winpatrol and had not also disabled in IE itself. That is now taken care of.

 

If you don't mind sifting through reams of data...

-http://www.wireshark.org/

 

Give LastActivityView a try: http://www.nirsoft.net/utils/computer_activity_view.html

 

i fire up SmartSniff (portable) from Nirsoft whenever i notice unexpected up or download activity.

 

Additionally, it is known that certain software not only checks for updates (without having an option to turn this service off) but also uses a different portion of the programme and "phones home" so-to-speak sending usage information to a different IP address then the update IP.

Of course this does not explain the high data count you are experiencing. It was thought the above information might be useful to someone though.

An additional resource is called What Is Transferring?.