I noticed since my speeds when down that my uploads are increased dramatically, i am i used to upload abt 100mb of data or so after a few days or a week but now I am uploading almost 1gb a day.
I have scanned my comp for viruses and they have been removed but this is most unusual.
Any insights?
MAnn
Do you have P2P installed and running?
Go to http://www.sysinternals.com/Utilities/TcpView.html and download TCPView. You should be able to see which process and port is being used by the uploads.
No P2P running, only MSN Messenger, firewall enabled with ports open for world of warcraft.
How do i make sense of the info i get from TCP view, i am a newbie but from the this i gather i have a virus that is sending mail out ports are open to SMTP servers
eg
SNOD326.EXE:224 TCP mann.lan:2505 mta-v7.level3.mail.vip.mud.yahoo.com:smtp FIN_WAIT1
i have scanned my comp for viruses and few times with updated definitions.
So how do i get rid of this?
I managed to end the processes and delete the file causing it, and voila internet connection back to normal(for now) i got netmeter and uploads are now zero.
what happened and how do i prevent it from happening?
What was the name of the file you deleted? Might help identify the virus. Sounds like you have some kind of mass mailer worm infection.
Your best bet would be to download an anti spyware application.
a few suggestions are: Ewido, Microsoft Defender, Spybot. All these are free.
Spybot http://www.spybot.info/en/index.html
MS Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ewido http://www.ewido.net/en/download/
Another good one is Adaware http://www.lavasoft.com/products/ad-aware_se_personal.php
If you try one of these run a full scan with it.
Download and run all below they are all free.
AdAware. -- http://www.lavasoftusa.com/software/adaware/
Spybot S & D. -- http://www.safer-networking.org/en/download/
Spywareblaster. -- http://www.javacoolsoftware.com/spywareblaster.html
CCleaner -- http://www.ccleaner.com/
ccleaner ftw! ;D used it for years - if your lazy u can download hitman pro (www.hitmanpro.com just click on download dw its in english) and it will download, install, maintain and run all these programs (and more) without u havving to do a thing...its safe ive used it also for ages
i used 2 virus scanners ie AVG and McAfee, used lavasoft and spybot destroyer, Trend anti-spyware.
All failed to pickup this one.
File name was SNOD326.exe
It caused a massive surge in uploads and of course my speeds suffered.
Scary coz i noticed this new file in my C: drive, and thanks to you guys i got TCP view to actually see which file was the culprit!
I am eternally grateful to Toxteth!!
:o that file isnt even on google :-X
Some virus infections generate randomly named executables to disguise themselves. I'm worried that if OP has only deleted the file to his Recycle Bin that he won't have fully cleared the infection. If it's still in the Bin it would also be a very good idea to upload it for analysis on one of the leading AV Vendor websites.
nod32 would like it im sure :)
Closest I can find from a description of the behaviour is the Lootseek Trojan. Further details at http://www.symantec.com/security_response/writeup.jsp?docid=2006-050415-4335-99
sounds nasty - any ideas where u got it from? dodgy downloading :laugh:
Not me - never had a virus.