Dear friends, This is an sos 😱 please help!!I connected to bsnl yesterday, with my winxp +sp2 (dual boot with win98). I was surprised to find some UNKNOWN heavy traffic of over 40mb in just half an hour. My browser was idle but still the status indicator showed heavy traffic. (I checked my service records at BSNL today and confirmed it.) i had recently installed winamp, but no other s/w. I even disabled automatic updates.My windows (microsoft) firewall is active and in a hurry i even installed zonealarm firewall but to no avail. Now every time i connect, this repeats. i am doing this post with my good old dialup. Are there possibly any vulnerabilities with winxp+sp2 with which some hacker might have compromised my system? Even spybot S&D, Adaware and cwshredder could not helptyoldtimer
-
Amazon Deals - ToS - Warp
HACKERS?
- Thread starter oldtimer
- Start date
- Replies 17
- Views 3,056
I faced the same situation. In 4 days time I uploaded 136MB, when I couldn't open a single page. I had to format and install WinXP, McAfee, Zone Alarm and Microsoft Anti spyware before I connect. Now it is running very smooth. Check if in your harddisk some files of name similar to *ftp has been installed. Its a dangerous worm. It occupies 100% bandwidth.
I believe some trojan/worm is doing this nasty thing. Somebody wud hv installed a keylogger in ur maching which updates very frequently the text and the screenshots to the ftp site. But u say tat u hv zone alarm now.Give us a list of all the softwares installed in ur system.
amith_mysore
Newbie
- Messages
- 60
- Location
- NA
Hi friends,Thank you for the prompt responses. I think the whole alarm was on account of my lack of familiarity with xp. When my engineer came to install my line about 3days ago, he apparently d/loaded and installed sp2, using his own account and i took it for granted. However, when this problem came up, i tried to read up about the Windows firewall from the MS online knowledge base. I discovered that the SP2 should have added a new item to my control panel, but it hadn't! also, the firewall was still being called ICF. So i went back to the sp2 download site and discovered for the first time that the size of SP2 download was like 113MB!!i tried the download again. This time i discovered that my earlier d/lds had not been complete! I had finished only 84 of the 113MB. The remaining started coming in. I then guessed that it was my winxp trying to complete the transfer. I am very new to xp and could not believe that an update could be 113MB!needless to say, after the installation was completed, the connection has been very quiet!!BIG question: is it because the firewall has started working well? Or is it because the update is complete? I guess I will never know! Like the story of Vikramaditya and the ghost.!! Thanks friends, i know i can count on you when the going gets rough!
no updates requires that much d/load. am sure that the machine is compromised. recommend that you run d/load `hijackthis' (link given below) and run the same.. it gives you a log file which gives a lot of details and which helps in tracing the problems in your pc.. 🙂 pupudada
Code:
http://www.majorgeeks.com/download3155.htmlThanks Pupudada, i have Hijackthis and i think i will post the log where it can be analysed. I am too new to analyse that log myself. just for comparison, check out the statistics now after the sp2 has been completely installed: total traffic 2MB in an an hour and 17 minutes! I have been browsing all that while. Windows firewall definitely is working now.. i got a lot of permission requests from the firewall.
its good you installed Zonealarm also.windows firewall only gives inbound protection.not outbound.also maybe the modem has NAT.turning it on might be a good idea.also the latest versions of zonealarms cause a lot of problems for quite a few people.like limited or no connectivity,system crashing,etc.just switch to ZA 4.5pro or something and it'll be all good..
[/quote]
I use Zone Alarm Security Suite 6 Now.
However I started using ZA quite some time back. I do not know with which version (free one) I started with, but never faced any problem. Only thing is the popup that would appear for request to access Internet. How would a common user know whether to allow or deny.
I used to deny most of them if the pop up appeared when the popped up when I was not browsing or changed to any other URL.
But well if u use ZA 6 It is a no-nonsense (till now for me)
In zone alarm, Is there any way to watch the internet activity on-line, to observe the dynamics of the connection? The logfile will give us only an offline record isn't it?i was using tiny personal firewall earlier and that would open a window showing online, which processes and ports in my machine were sending to or connecting to/receiving from which ip addresses and what kinds of packets were coming.That was very fascinating.thanks, oldtimer
I would advise you people to use Ethereal which is available on ethereal.com. Thats a packet sniffer, you'll easily be able to detect what kind of traffic and where it is going.Even I had a similar problem like yours, I had disabled automatic updates in my newly installed Windows 2003 Server but still there was huge amount of traffic flowing I thought maybe a bot or something. But through Ethereal I found that the traffic was going to the windowsupdate site and it was downloading the service pack1. B)