Results 1 to 5 of 5
  1. #1
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    135
    Thanks
    3
    Thanked 3 Times in 3 Posts

    I think I'm a zombie and need BIG help

    I am concerned that my computer has been compromised and is now a zombie. I put NetWorx on my machine yesterday to monitor the bandwidth use and 632 Gb was uploaded in 13 hours, more data than I have on my primary drive (and I’m a photographer). NetWorx does not tell me where it went. I run a remote backup, BackBlaze, but only about 1.3 Gb went there.

    This morning while I was out walking and the computer was just adding heat to my Tucson house, 7.5 Gb was uploaded and 5 Gb downloaded. I know, a lot of stuff happens in the background but this much???

    Can anybody recommend an inexpensive network monitor that will analyze this traffic and let me know where it is going? Finding the malware will be another issue.

    I’m running Win 7 pro 64 bit on an Intel Core i5 CPU H655 @ 3.2 Ghz with 16 G of ram.
    Dan Lynch
    The stonecherub

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,455
    Thanks
    128
    Thanked 497 Times in 457 Posts
    TCPView from Windows Sysinternals coupled with Process Explorer and Autoruns will do the job nicely.

    But if you are truely compromised do a full format and clean install, especially if you cannot ascertain the exact etiology of the compromise with the above tools, and an adequate search engine.
    Last edited by CLiNT; 2012-06-19 at 11:27.

  4. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,308
    Thanks
    130
    Thanked 1,159 Times in 1,067 Posts
    A firewall such as Online Armor (you could run the free version or use the pro version in trial mode), can not only tell you what is connection to where, but will also tell you the amount of data downloaded and uploaded by each process. It can also be used to determine if you have any known malware. The installation process can take some time and it would be imperative that you take care on what you allow after the initial scan.

  5. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,769
    Thanks
    67
    Thanked 548 Times in 496 Posts
    Wouldn't hurt to run Malwarebytes to see if it finds anything amiss.

    Jerry

  6. #5
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    632GB in 13 hours works out to be around 12Mbp/s. Does your broadband connection support that data rate? It might well do, but if not then the numbers point to Networx logging internal traffic as well as external.

    I use Networx and have configured it to only log traffic over the LAN and not internal network traffic:

    Networx local monitor.jpg

    If you are monitoring internal network traffic as well as external, try the above setting and a while and see if it makes a difference.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •