unknown data sent by my PC

Discussion in 'other software & services' started by emmjay, Sep 19, 2013.

Thread Status:
Not open for further replies.
  1. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    I saw this usage today and I have no idea why. Does anybody know what is happening here and why? The category identified as 'unknown' with data sent 80+MB is what I do not understand. Where is it going and what appl. would be requesting it? I ran MBAM and MSE scans after it happened ... all clean. I did log onto Chrome during the session and the only sites I visited was Wilders and PCWorld. I read a review there then closed the tab. Here is the URL...
    http://www.pcworld.com/article/2048...nalytics-with-1-billion-linux-investment.html

    I also opened FF to see if V24 was available from the upgrade channel, but nothing was there so I closed it. After that there was this huge upload. I am not sure if I should be really concerned about it or not (privacy or security wise). The fact that is such a large upload with no info. as to source or destination that bothers me. As far as I know I did not click on anything on that site while I was reading the article.
     

    Attached Files:

    Last edited: Sep 19, 2013
  2. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I don't have any answers for you, but I also noticed a small amount of traffic on my system attributed to unknown using NetWorx. 80Mb seems like a lot though. I'll post back if I'm able to figure anything out.
     
  3. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    fwiw, here is link to URL Analyzer for that webpage:

    http://url-analyzer.net/analysis/387


    seems to be nothing i guess, drowning in info.


    also, what kind of AV and firewall are you using? i was using Avast a while back and a lot of stuff would get uploaded and other networking programs sometimes wouldn't show the connections.
     
  4. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    I am using Windows 7/32 Firewall and MSE 4.3.215. Hope someone has some ideas as that was a lot of unidentified data going to an unknown destination.
     
  5. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    With me I used to get the message whens searching google in firefox that says to enter a caption to show I am not a bot since unusual network activity is detected from your pc. It was weird??. Later I figured it was because of advanced system optimizer and protector and when I uninstalled it all was fine.

    Anyway I think a software or program in your machine is doing that and you need to ID it.

    I think a good firewall with network and packet analyzing and detection capability would solve this. Or an app that can analyzes your networks and IP to see what is causing this.
     
  6. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    I think a program like "freefixer" may help in IDing what that unknown is. It should show in there and I suggest you get rid of it if you find where it is.

    go to this link and there is tons of free stuff that you can use to analyze your pc. Chose the right heading and download what you need.

    -http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm-
     
  7. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    I think in this link you will find what you need to ID the culprit.

    -http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,15-
     
  8. SpousalMilk

    SpousalMilk Registered Member

    Joined:
    Jun 24, 2012
    Posts:
    40
    Location:
    USA
    I recall Flash Player, which comes pre-installed in Chrome, has a toggle option (default = on) called Peer-Assisted networking in the flash player settings panel. Get to it here:
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager09.html

    some info on peer-assisted networking: http://help.adobe.com/en_US/FlashPl...ml#WS6aa5ec234ff3f285139dc56112e3786b68c-7ff3

    Maybe you had a flash applet running somewhere, maybe playing videos, i dunno. I have no personal knowledge of this setting using up bandwidth, especially upload, however I don't usually monitor my bandwidth usage but it's worth mentioning.

    Also, I noticed you have a process called netsession_win.exe. What are the circumstances of that executable running in your system?

    Read this i stumbled upon in Google: https://nodpi.org/forum/index.php/topic,4865.0.html‎

    If I were you I would run TCPView and try to catch it in action again. TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
    Also open up Resource Monitor (comes with windows), go to the Disk tab and in the Disk Activity section sort the processes by Read (b/sec) so the topmost item is the process reading from the disk.

    Also try scanning with Hitman Pro: http://www.surfright.nl/en/hitmanpro/
    Follow the steps so you don't have to install, just scan :)
     
  9. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Tnx everyone for your suggestions. It will take me some time to go through all of them. If I find the culprit I will post back ... looking at a few days work here.

    NB: I logged on this morning and as soon as the system came up I got a popup to allow Skype Click to Call IE plugin in IE10 ... I had this disabled in WinPatrol as I have not used Skype in over a year, so that was a surprise. This was not a Windows Update as I have it set to 'do not download'/notify only. Not saying it was Skype, but it is a program that does use a lot of upload MBs. It should not show up as 'unknown' though and I should have seen the Skype GUI during the session if it opened. I know I did not open the start menu and select Skype.

    Ostrodamus: As you are running Networx and have seen this 'unknown' category, would you mind telling me if you are running V4.2.9 or V4.2.10. I ask because I have never seen this category before. It first showed itself to me in V4.2.10.
     
  10. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    341
  11. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I'm currently running 4.2.10. I think when I noticed the unknown I was running 4.2.9, but I can't say that with 100% certainty.
     
  12. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Finished the forensics this morning and found nothing.

    Must be as ghost (tnx Pliskin for the link). I uninstalled V4.2.10 and reinstalled V4.2.9 just to cover all the bases. I see that the problem was raised on their forum in June 2013 and as V4.2.10 was just released this month, the problem is not with the new version. I should have checked their forum in the first place ... got overly anxious thinking it was a security breach.

    NB: Definitely not Skype ... I checked it out thoroughly (it was just IE trying to turn on a plugin that I had disabled in Winpatrol and had not also disabled in IE itself. That is now taken care of.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    If you don't mind sifting through reams of data...

    -http://www.wireshark.org/
     
  14. SpousalMilk

    SpousalMilk Registered Member

    Joined:
    Jun 24, 2012
    Posts:
    40
    Location:
    USA
    Give LastActivityView a try: http://www.nirsoft.net/utils/computer_activity_view.html

     
  15. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i fire up SmartSniff (portable) from Nirsoft whenever i notice unexpected up or download activity.
     
  16. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Additionally, it is known that certain software not only checks for updates (without having an option to turn this service off) but also uses a different portion of the programme and "phones home" so-to-speak sending usage information to a different IP address then the update IP.

    Of course this does not explain the high data count you are experiencing. It was thought the above information might be useful to someone though.

    An additional resource is called What Is Transferring?.
     
Loading...
Thread Status:
Not open for further replies.