| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 108940 | 2010-04-17 22:36:00 | Huge increase in broadband data upload - Alot responsible? | Tukapa (62) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 877657 | 2010-04-17 22:36:00 | Hi all My ex mother-in-law has a Telecom 3GB broadband plan. Her PC runs XP Home SP3. She only checks e-mail, surfs a bit of the web and does the occasional Skype with overseas relatives. For more than the past year she has been using between 100-500MB a month, the majority of which was download usage. In the last three months however, her usage has suddenly jumped to 3779MB, 6730MB and so far this usage period it is up to 3162MB. This is just about completely made up of upload usage. I figured a virus or something as her usage patterns have not altered at all. The only thing obvious on there which changed from initial install state was the alot toolbar which had appeared. After researching that, while it seems to be spyware, I could not find anything that said it would send copious amounts of data over the net. In any case I have uninstalled that. I have also completed full system scans with the following (all in safe mode after installing and updating normally before rebooting into safe mode); Malwarebytes Superantispyware Spyware Terminator Trojan Remover Hijackthis I also removed Avast antivirus and installed MSSE, updated and have completed a full scan with no infections/rogue entries etc found during any of the scans. Does anyone have any experience with the alot toolbar that could identify that software as the reason for the explosion in data uploaded? I don't want to install a standalone firewall if I can help it as the ex mother-in-law has a very basic knowledge of the areas she uses and a firewall would more likely confuse rather than help. Thanks in advance. |
Tukapa (62) | ||
| 877658 | 2010-04-17 22:40:00 | Well installing those programs and updating them uses data. And MSE updates nearly every day. MBAM updates are like 4 MB, everytime you update it. This is like nearly every day. I have no idea WHAT Alot does. Check in Google. I doubt people would leave it on their systems | Speedy Gonzales (78) | ||
| 877659 | 2010-04-18 01:03:00 | Have you checked her mail program for any "stuck" emails (incorrectly addressed, or oversized (unable to be accepted by ISP's server), or corrupted etc) in the Outbox, can cause repeated attempts to resend ad infinitum. Does sound like botnet (en.wikipedia.org) activity though. Have you checked for rootkits (en.wikipedia.org)? |
feersumendjinn (64) | ||
| 877660 | 2010-04-18 01:15:00 | Yea mainly upload is always VERY sus unless she is doing a fair amount of video conferencing (one way). Not using any P2P programs, Limewire, Torrents? Has she a wireless router, if so has a password? Sounds like her machine is a zombie, might pay to post a Hijackthis so we can have a closer look. |
Battleneter2 (9361) | ||
| 877661 | 2010-04-18 01:53:00 | Speedy, updating applications are "Downloads", not uploads ... I'm with feersumendjinn and Battleneter2, could be a stuck email in her outbox (Quite possible) or potentially the likes of Limewire / Virus. |
Chilling_Silence (9) | ||
| 877662 | 2010-04-18 01:56:00 | Well yer but you have to download something for it to go up | Speedy Gonzales (78) | ||
| 877663 | 2010-04-18 03:45:00 | Thanks guys No mail stuck in Outlook Express and nothing big has been sent at all. She doesn't have a clue about P2P or torrents and there are none of those programs installed. She does not have wireless so nobody is using all her data. Just one PC connected to modem via ethernet. Hijackthis below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:39:34 p.m., on 18/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\PhiBtn.exe C:\WINDOWS\System32\drivers\Tray900.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3733 bytes Has me stumped - now that I have got rid of alot toolbar I might just monitor it and see if there is a continuation of the large uploads. Any other suggestions? Thanks. |
Tukapa (62) | ||
| 877664 | 2010-04-18 04:04:00 | You can tick these then tick fix checked Close browsers R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Has this got some kind of Philips cam on it? |
Speedy Gonzales (78) | ||
| 877665 | 2010-04-18 04:24:00 | Well yer but you have to download something for it to go up True, but as a percentage, when you're downloading at 8m/bit you're not using very much upload at all by comparison ... They have an upload, not a download issue. |
Chilling_Silence (9) | ||
| 877666 | 2010-04-18 04:56:00 | ALOT Site Metrics sends to us the uniform resource locators (“URLs”) of websites visited by a user and along with an anonymous client identifier, timestamp, ip address, port, http request method, server response code (http/s status code returned), user agent, mime type, and the browser language. | pctek (84) | ||
| 1 2 | |||||