Main > Everything Else

Query about monitoring internet traffic

(1/2) > >>

Grasshopper:
One of the computers at home seems to be infected with a virus. I know this because the internet is being accessed almost continuously even when Firefox and Internet Explorer are not loaded. The virus is not detected by Spybot or Adaware.

I'm reluctant to completely re-install XP at this point. And in any case, even if I do, there's no guarantee that I won't catch the virus again.

The traffic appears to be mostly outgoing and I'd like to know where the data is being sent. It occurs to me that the machine might have been hijacked to produce spam email. Does anyone know of a (preferably free) program that can log all ingoing and outgoing internet traffic? Alternatively, does Windows already offer this facility? I'm using XP.

If I could find out where the data is being sent then that would make it easier to google for a fix. Also, as a temporary measure, I could simply block all outgoing traffic to that address using my router.

Thanks in advance.

patrickl:
I guess you could try Ethereal for Windows. I tried it once a long time ago. Personally I use tcpdump for FreeBSD/Linux.

Are Spybot or Adaware virus scanners? I though they were spyware detectors. Maybe you should try a virus scanner like Kaspersky.

leapinlew:
You could open a command prompt and type "netstat".

There are some decent switches with netstat you can checkout with the /? option. (I would think /b and /a)

The other option I can think of is to install a software based firewall like blackice.

EwJ:
open command prompt - type 'netstat -ano'.
you will see all connections and ip addy's (as well as process id's).

to see which process has the connections open, type 'tasklist'.
you will see which process has the connection open under 'image name'.
if it is not a recognized process, investigate it further.

you could put the ip addy(s) into ARIN to see where you're connecting to.

you could also do a ctrl-alt-del, and utilize the task manager to see what processes are running.
It is a good idea to investigate any suspicious processes. use your favorite search engine for all the ones you don't recognize.

you could also get a packet sniffer and see what the data is that is going out.

above all, a software firewall will block any connections that you don't allow. (zonealarm, comodo,etc)
also, a virus scanner might be a good idea (avg is free, and if you don't want it running all the time, you can disable it in your OS services, etc until you want to run it).

Jess--:
have a look at the freeware app "Active Ports"

it will show Ip address being connected to, Process making the connection and the exact filename of the process.

it also gives you the ability to kill any process even if windows has it tagges as an essential service

Navigation

[0] Message Index

[#] Next page

Go to full version