redliner

just ran spybot, cleaned out 69 entries
did a netstat and ive gone from about 50 to around 20
if i put up a screen of those would it help?

Ictinike

Well what were the 69 items? Mostly MRU (Most Recently Used) items or legit spyware/adware? But the decrease in items in netstat is a good sign.

I would run it again just to make sure, reboot and THEN check your outgoing/incoming bandwidth

I think you might have had a what I call a "chirp'er" aka Spyware that constantly tries to get home with some personal data It just keeps chirping up connections to get out thus causing failed packets, overall network bandwidth loss and possible loss of data/tracking.

__________________

s1rrah

You should also run a good virii scanner while booted into safe mode.

Spybot will get a many buggers but there's many trojans that it's not equipped to handle.

__________________
...
ReV1eWs:
ND-1 VGA Cooler | Mod'd Scythe Infinity | Iceberq 6 VGA Cooler | Spirit RS RAM cooler | Zalman 9500 on NOS | MagicTune
...
Aumotocnic: "An unfortunate member of the overclock.net insomnia club"
...
OSAMT: "Member of OCN Songwriter and Musician Thread"
...

redliner

Shot at 2007-08-08

seems like theres a fair bit again, im not sure why it dropped and now its way back up again, couldnt fit them all in 1 screen

Ictinike

Aye, a good add there.. Virus/Adware/Spyware scanning is honestly best done under SafeMode IMO as that way it loads no IP stack, no drivers to hook and most are cleaned easier, especially viruses like you state.

Putting your comput on a wire to the internet is like putting your preverbial `schlong` in an oozing cesspool of filth and disease. Unless your properly protected your gonna catch something sooner or later!

The only "safe" pc is one unplugged, 30 feet in a hole in the backyard.

__________________

redliner

agree with that unplugged comment, now that i have zonealarm i have it set so after an hour of inactivity it will stop any incoming or outgoing activity.

im running a avg scan right now to see if it finds anything

ill see what you guys say about my netstat and if theres something wrong ill do both scans in safe mode and see what comes up then

Ictinike

Wow.. Mmm.. Not sure why as I don't see any email proggy's on the taskbar but you have ~several~ connections to SMTP (Simple Mail Transfer Protocol) in there..

Could this extra bandwidth be some large mail attachment?

I also dont' like that `stealthpromotions.com` host. I'm looking into that now but it's an advertising domain (prolly not good but not necessarily bad)

Checking more as I go..

__________________

s1rrah

Another thing you should consider is that if you have one of the nasty trojans then it will not only pretend to be standard windows processes ... but it'll also find places to hide in your system restore points.

So many times, at least with XP, you'll not only have to run your scans from safe mode but you'll also be required to delete all restore points ...

Once more ... run your spybot stuff ... but you'll also need to run a good, full fledged virii scanner to get everything.

Good luck!

__________________
...
ReV1eWs:
ND-1 VGA Cooler | Mod'd Scythe Infinity | Iceberq 6 VGA Cooler | Spirit RS RAM cooler | Zalman 9500 on NOS | MagicTune
...
Aumotocnic: "An unfortunate member of the overclock.net insomnia club"
...
OSAMT: "Member of OCN Songwriter and Musician Thread"
...

redliner

when you say full fledged virus scanner you mean something retail not just a free one?

Ictinike

Hey, here's a thought. most Email WORMS use SMTP to propegate.. I'm wondering since you have a ~ton~ of SMTP connections this is the added bandwidth your seeing.

You ~might~ be a totally important person and need access to ~many~ email sites but in that one shot you have a total of 24 SMTP connections in various states.

Icky and suspect IMO. I think you may be a `relay` for some spam emailer

__________________