uwanted download

G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

I have Dimension 8300 with XP.
When I initiate dial-up I begin receiving
un-asked for 10meg/hr download. Also
about 1 meg/hr is being sent. All this is
without even opening IE or Outlook.
McAfee virus scan says all is well and
my ISP says they can't help. I have switched
off automatic Windows Update and the
intrusion continues.
How can I find out if this activity is malicious
and how can I stop it?
TIA Mick.
 
G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

Michael Harrington wrote:
> I have Dimension 8300 with XP.
> When I initiate dial-up I begin receiving
> un-asked for 10meg/hr download. Also
> about 1 meg/hr is being sent. All this is
> without even opening IE or Outlook.
> McAfee virus scan says all is well and
> my ISP says they can't help. I have switched
> off automatic Windows Update and the
> intrusion continues.
> How can I find out if this activity is malicious
> and how can I stop it?
> TIA Mick.

Did you also reboot after turning off WU?

Q
 
G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

you can download and install sygate personal firewall (free from sygate.com)
and that will alert you to the application that is trying to call out to the
internet as well as ask you if you want to allow or deny the access. but it
could be mcafee antivirus 2004 (aka version 8) looking to collect a major
update that came out about 6 weeks ago. is the background on mcafee red or
blue? the old was blue and the new is now red... you could click on
'update' on the mcafee screen to see if it reports that the program is up to
date.

"Michael Harrington" <mikharr@bigpond.com> wrote in message
news:X4I8d.21$Vy5.1210@nnrp1.ozemail.com.au...
> I have Dimension 8300 with XP.
> When I initiate dial-up I begin receiving
> un-asked for 10meg/hr download. Also
> about 1 meg/hr is being sent. All this is
> without even opening IE or Outlook.
> McAfee virus scan says all is well and
> my ISP says they can't help. I have switched
> off automatic Windows Update and the
> intrusion continues.
> How can I find out if this activity is malicious
> and how can I stop it?
> TIA Mick.
>
>
 
G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

"Michael Harrington" <mikharr@bigpond.com> wrote in message
news:X4I8d.21$Vy5.1210@nnrp1.ozemail.com.au...
>I have Dimension 8300 with XP.
> When I initiate dial-up I begin receiving
> un-asked for 10meg/hr download. Also
> about 1 meg/hr is being sent. All this is
> without even opening IE or Outlook.
> McAfee virus scan says all is well and
> my ISP says they can't help. I have switched
> off automatic Windows Update and the
> intrusion continues.
> How can I find out if this activity is malicious
> and how can I stop it?
> TIA Mick.
>

Is this with XP SP2 with it's bells-and-whistles "Security Centre"?

I also have Automatic Updates turned off but it randomly seems to turn
itself back on and wuauclt.exe can frequently be found running when I
CTR-ALT-DEL.

Likewise, are you running the latest version of ZoneAlarm? If you are and
you've just accepted the (very lax) default settings, you'll find that ZA is
quite happy for all manner of "trusted" programs to cheerfully access the
net (including Windows Explorer).

Why on earth would Windows Explorer need to access the net?
 
G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

Thanks Christopher. Sygate allows me to block the intrusion.
I am still unable to determine if this is malicious. I have done
some surfing in reguard to having SVCHOST.exe in three
different folders. Some say this is normal.
Sygate says..
Generic Host Process for Win32 Services (SVCHOST.exe) is
being contacted ffrom remote machine 203.61.130.147 using
local port 1025(Listen-Listener-Remote File Sharing)

Cheers Mick.
"Christopher Muto" <muto@worldnet.att.net> wrote in message
news:dtJ8d.393$Ua.271@trndny05...
> you can download and install sygate personal firewall (free from
sygate.com)
> and that will alert you to the application that is trying to call out to
the
> internet as well as ask you if you want to allow or deny the access. but
it
> could be mcafee antivirus 2004 (aka version 8) looking to collect a major
> update that came out about 6 weeks ago. is the background on mcafee red
or
> blue? the old was blue and the new is now red... you could click on
> 'update' on the mcafee screen to see if it reports that the program is up
to
> date.
>
> "Michael Harrington" <mikharr@bigpond.com> wrote in message
> news:X4I8d.21$Vy5.1210@nnrp1.ozemail.com.au...
> > I have Dimension 8300 with XP.
> > When I initiate dial-up I begin receiving
> > un-asked for 10meg/hr download. Also
> > about 1 meg/hr is being sent. All this is
> > without even opening IE or Outlook.
> > McAfee virus scan says all is well and
> > my ISP says they can't help. I have switched
> > off automatic Windows Update and the
> > intrusion continues.
> > How can I find out if this activity is malicious
> > and how can I stop it?
> > TIA Mick.
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: alt.sys.pc-clone.dell (More info?)

"Michael Harrington" <mikharr@bigpond.com> wrote:

>Thanks Christopher. Sygate allows me to block the intrusion.
>I am still unable to determine if this is malicious. I have done
>some surfing in reguard to having SVCHOST.exe in three
>different folders. Some say this is normal.
>Sygate says..
>Generic Host Process for Win32 Services (SVCHOST.exe) is
>being contacted ffrom remote machine 203.61.130.147 using
>local port 1025(Listen-Listener-Remote File Sharing)

You have, of course, run your adware/spyware checker(s) on you
computer in addition to your virus checking, haven't you? If you
don't have any, I use both AdAware from Lavasoft
[http://www.lavasoft.de/] and SpyBot Search & Destroy from Kolla
[http://www.spybot.info/en/index.html]. I use the freebie
versions of each, both are periodically [~every month or less]
updated with new definitions if you use their "check for updates"
feature, and each is a good cross-check on the other. IOW,
Spybot S&D has caught things AdAware hasn't, and vice versa.

Outbound checking by your firewall, Sygate or whatever, is
important also. I know that somehow, someone got something onto
my machine that is trying to use SVCHOST to "call home". I
haven't found it yet, but ZA catches the call and I deny it
permission. Still working on finding out what program/script is
activating that instance of SVCHOST.
--
OJ III
[Email to Yahoo address may be burned before reading.
Lower and crunch the sig and you'll net me at comcast.]