FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


HELP.....! My computer downloads & uploads automatically





bambholebaba
Whenever I connect to the internet, the computer automatically starts downloading and uploading. I tried to find it but could not find and I can not control it. Turning off the automatic program update feature also did not stop the process.
I came to know this as my external DSL modem shows the data transfer by the blinking of LEDs. Moreover, the bandwidth usage statistics shows increasing upload and download usage which stop only when I disconnect the connection.
I have Win XP O/S, kaspersky antyvirus software and 256 kbps broadband connection. I am not using any file sharing program.
I will be greatfull if anyone suggest any solution.
Kelvin
have you opened by accident any *.exe file from email or other sites afs of late? You may have been infected by trojan or malware. I see that you only mentioned antivirus. Do you run a firewall too or just using Windows standard firewall that came with XP?

I suggest you run an online scan using panda software:
http://www.pandasoftware.com/

Save a copy of the scan report and manually delete all the spyware found. If you use a firewall (besides XP's), you will be able to see what is trying to connect to the internet throuh your computer.
kucomp
Try using a monitoring program such as: http://www.softforall.com/Internet/ToolsUtilities/Web_Activity_Monitor06120029.htm

If you search via Google: Internet Activity Monitor you can find a lot more of such programs. Very Happy

With a web activity monitoring problem, maybe you could then find the culprit hogging up your internet connection![/url]
kirii
I think got virus or any spyware inside ur computer.Use Microsoft Anti-Spyware or AVG anti-virus to scan it!
schizofrenikh
try typying:
Code:
netstat -b

in console and check if every application listed there is yours and running at your wish. Wink
S3nd K3ys
Don't worry, I'll be done in a few and you can have control of your computer back. Wink

















j/k Laughing

Sounds like you got hacked
zyee
windows updating or your antivirus updating. check for any port open .
Prabhu Raj
Get a good antivirus program like symantec or mcafee or panda.

get a good antiware program like spyware doctor.

get a good registry cleaner like pegistry mechanic.

installing all these 3 programs will solve your problem.

A personal firewall should also be considered.
bulek
Install ZoneAlarm Pro or Outpost Firewall pro. They will undoubtedly block any unwelcomed download/uploads.
bambholebaba
Online scanning by panda worked abit, but before that I got Zone alarm, which immediately blocked the spyware creating problem. Then I searched my system and found my fire wall off (may be due to Zone alarm!) and my kaspersky not working ! I used windows defender and several spywares were healed. After uninstalling kaspersky, which was not working even after reinstalling, I installed Norton, and the virus detected by panda was then disinfected.(I forgot the name of virus) and several infected files were deleted by antivirus itself. Then I repired my registry also, and the system is almost ok now. Two more problems are there now

1. Whenever my system is started, an error message pops up saying "Windows can not find vmmdiag32.exe, please check the file name and path". It was an infected file and I deleted it manually. I can not find which application is trying to use this file. It does not seems to do any problem as my system is running normally, It only pops up when the system is started.

2. My previous antivirus program Kaspersky is not working even after several reintallation attempts. Each time I install it, I get message that "Kapersky antivirus has already been started" but still it does nothing. When I try to uninstall it I get message "Before uninstalling you must close the application. Open the aplication by clicking on its shortcut Icon and close the application". But as I already mentioned, I can not open the application, I have to start the windows in safe mode and then I can perform the uninstallation.
I want to know what is this problem and can it be fixed? I have its original full version setup which shiped with my PC, whereas I have Norton's trial version which will expire in 6 months.
bulek
Well you installed good firewall but that is not enought. You also need good antivirus program. I strongly recommend NOD32 - you undoubtedly won't be disappointed. It is the fastest antivirus program, uses the least system resources, has excellent detection rate and the best heuristics engine. You made big mistake when you installed Norton because that antivirus is so bad that it can damage your system files. However you must delete all antivirus programs before installing NOD32. When you install NOD32 (you can get trial version free on www.nod32.com or download full version on p2p files) you must click on NOD32 section and then "Run NOD32". When window opens, click to tab Setup and make sure that all options are have tickets. After that click on tab Scanning targets, choose you hard drives and click button "Scan & clean". Meantime scanning some windows will probably shows up (virus alerts). Make sure that you delete or quarantine all of them.
You should also install software like Lavasoft ad-aware and TuneUp Utilities 2006.
Arnie
Want my advice? Just get an expert behind the thing and have him look at it. Just pull off the Internet until that's done.

And if you totally insist on doing it online, just post a hijackthis log and have an expert help you. Don't go messing around with everyone and anyone's advice because you'll end up with tons of useless anti-spyware, anti-virus and firewall programs that don't give much certainty that the problem is rooted out.
Kelvin
Ok you were infected with the win32/sality virus. What you are facing now is leftover remnants of the virus which makes your computer act wierd. These files have to be removed in order to clear your system. You should not have installed so many antiviruses and firewalls. That is y i suggested using the online virus scanner. Anyhow you can have a read at this site and hopefully it will help you clear the files. It looks good enough for me:

http://www.windowsbbs.com/showthread.php?t=58716

Killbox is a powerful app that'll help you kill those files permanently that some antivirus programs can't get rid of. Just don't kill a wrong file. Good luck and let me know the outcome.
bambholebaba
I did not find me able to do with killbox my self. Created a HiJackThis log and am pasting it here. May some one help?


Quote:
Logfile of HijackThis v1.99.1
Scan saved at 1:06:10 PM, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\UpsPilot\Winpower.exe
C:\PROGRA~1\UpsPilot\hello21.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\DAP\DAP.EXE
C:\windows\system32\ntvdm.exe
C:\PROGRA~1\WALLMA~1\wallmast.exe
C:\Documents and Settings\hcl\Desktop\DESKTOP ICONS\Download software\Security softwares\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sify Gold
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe vmmdiag32.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01149 - {31C5DAA4-8A31-42fb-8C9F-889AC4D83B13} - blank (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bharatmatrimony.com Toolbar - {360AB2FD-1B92-4772-B6CB-444ECD259852} - blank (file missing)
O3 - Toolbar: SpeechExpert - {65A66125-D6FA-414A-83BA-29BD2D35DF83} - C:\PROGRA~1\SPEECH~1\Spiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYIN
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Read current page with SpeechExpert - C:\Program Files\Speech Workshop\SpeechXP_Current.htm
O8 - Extra context menu item: Read selected with SpeechExpert - C:\Program Files\Speech Workshop\SpeechXP_Selection.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bharatmatrimony.com Toolbar - {360AB2FD-1B92-4772-B6CB-444ECD259852} - blank (file missing)
O9 - Extra 'Tools' menuitem: Bharatmatrimony.com Toolbar - {360AB2FD-1B92-4772-B6CB-444ECD259852} - blank (file missing)
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\windows\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: SpeechExpert - {9963BBF2-4056-4899-87FA-ECAA6724C46F} - C:\windows\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &SpeechExpert - {9963BBF2-4056-4899-87FA-ECAA6724C46F} - C:\windows\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sify.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2E33483-7C10-4CF9-BFAF-842329096CCB} (ItHinIocCtrl Class) - http://infinite.indiatimes.com/language/ithinioc.cab
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{38DD8B35-F442-4741-9EA3-FE880CF0F7AB}: NameServer = 61.1.96.69,61.1.96.71
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~1\UpsPilot\Winpower.exe


Thanking U all !!
Kelvin
Did you download & run the program listed in the site i recommended you to read?

Install & run:
1.) haxfix.exe

I've ran through your hijack this log and found the cause of the popup error:

F2 - REG:system.ini: Shell=Explorer.exe vmmdiag32.exe

This line has to be fixed/deleted for your problem to be solved.


Additional reads:
-------------------
http://forums.spywareinfo.com/index.php?showtopic=87437
http://www.windowsbbs.com/showthread.php?t=58993

Check out this other 2 threads for other ways to get rid of the "F2" entry. Good luck..
bambholebaba
My problem is solved upto a great extent and rest is in process. I put here a link for ur information, kelvin!! Thanks again!

http://windowsbbs.com/showthread.php?t=59033


And a lot of thanks to Mr.Arnie, for his great advice!!
Quote:

And if you totally insist on doing it online, just post a hijackthis log and have an expert help you
tomahawk19
Arnie wrote:
Want my advice? Just get an expert behind the thing and have him look at it. Just pull off the Internet until that's done.

And if you totally insist on doing it online, just post a hijackthis log and have an expert help you. Don't go messing around with everyone and anyone's advice because you'll end up with tons of useless anti-spyware, anti-virus and firewall programs that don't give much certainty that the problem is rooted out.


The problem with your sugesstion is that though you may not be an expert, some people in here do this for a living. What I've found to work best is Lavasoft Ad-Aware, along with SpyBot, as well as ZoneAlarm for a firewall. The best FREE anti-virus I've found is AVG anti-virus.
bambholebaba
Thank U Tomahawk19, for moral support !
Lavasoft adaware se scan says 12 critical objects detected!

Should i remove them or i have to examine the content of the objects?
Arnie
Usually you can just delete them.

Frankly I have no idea what you're talking about tomahawk. First of all, anyone can recommend applications, that has little to do with expertise. Second, I consider myself an expert in judging the quality of those applications, and intermediate in doing HJT manually. This is because I have been fixing many computers for years. The best is always to have an expert looking at it instead of using an automatic program.

So what are you trying to say? I'm no HJT expert but there are many around that do better jobs than all applications put together.
Kelvin
better to have a look at the scanned report. If it says trojan, keylogger, dailers, adware or spyware, by all means delete them. They are usually installed silently together with toolbar and small apps easily attainable for free. If you are uncertain of the source/file. Just do a search for the filename and you'll most likely get a relevant result for that filename on whether they are valid or not. Else, just post it here.

In most cases, Adware should be able to correctly detect unwanted objects residing in your computer.
swizzy
if you are using DAP, etc it opens unwanted connections etc and then fills up your bandwidth
Related topics
Favourite game? (OFFICIAL THREAD)
php admin and mysql admin console
Strange Fire fox problem
What is the best antivirus progrem?
Re-organise forums
SSP GROUP [Computer Service and Network Maintenance]
mod_rewrite code
Why is it such a pain in the butt!
teamspeak
Has anyone tried Lock On: Modern Air Combat?
Thumbnails W/O extra file
Windows XP Tricks & Tips!!!!
PhpNuke Installation Tutorial
Help With Features & Questions. :)
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.