Constant upload

- / -
September 24, 2009 at 13:21:30
Specs: Windows Vista SP1, athlon64x2 6000+/4GB
A couple of times I have come back to my machine having left it on and idle for a time to find it has starting uploading information over the internet. I know this because I have a monitor program (tbbMeter) that counts traffic, and the alarm goes off to say that over a gigabyte of information has been transferred. This is a serious problem for me as my connection has traffic limits, and I am charged for every gigabyte I go over. I went into the Resource Monitor and into the network tab to find out which process was sending so much data, and where it was sending it to. All it told me was that the System process, with PID 4, was uploading data to an unknown address, at around 10 million bytes per minute.

I need to be able to find out exactly where this data is comming from so I can stop it, but I am unsure how to do this. Any help would be appreciated. Thank you


See More: Constant upload

Report •


#1
September 24, 2009 at 13:24:32
Download, update & run anti malware from malwarebytes.org

When you see it happening, open a command prompt & run netstat -an
Post the output.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
September 24, 2009 at 13:32:16
OK, I have installed anti malware and am running a scan now. I'll post if it finds anything, and watch out for future uploading and capture it with netstat.
Thanks

Report •

#3
September 24, 2009 at 13:34:14
It started again just now. Here is the output from netstat


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:990 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6729 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5679 0.0.0.0:0 LISTENING
TCP 127.0.0.1:7438 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10080 127.0.0.1:49971 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:49973 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50132 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50134 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50136 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50138 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50140 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50142 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50144 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50146 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50150 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50152 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50154 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50156 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50158 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50160 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50162 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50164 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50166 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50170 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50172 ESTABLISHED
TCP 127.0.0.1:10080 127.0.0.1:50174 TIME_WAIT
TCP 127.0.0.1:10080 127.0.0.1:50176 TIME_WAIT
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 127.0.0.1:49168 ESTABLISHED
TCP 127.0.0.1:49168 127.0.0.1:27015 ESTABLISHED
TCP 127.0.0.1:49206 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49206 127.0.0.1:49209 ESTABLISHED
TCP 127.0.0.1:49209 127.0.0.1:49206 ESTABLISHED
TCP 127.0.0.1:49252 127.0.0.1:49253 ESTABLISHED
TCP 127.0.0.1:49253 127.0.0.1:49252 ESTABLISHED
TCP 127.0.0.1:49262 127.0.0.1:49263 ESTABLISHED
TCP 127.0.0.1:49263 127.0.0.1:49262 ESTABLISHED
TCP 127.0.0.1:49865 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:49901 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:49925 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:49980 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:49982 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50002 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50003 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50005 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50008 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50009 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50012 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50140 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50146 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50148 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50156 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50158 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50160 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50164 127.0.0.1:10080 ESTABLISHED
TCP 127.0.0.1:50168 127.0.0.1:10080 TIME_WAIT
TCP 127.0.0.1:50172 127.0.0.1:10080 ESTABLISHED
TCP 192.168.1.68:139 0.0.0.0:0 LISTENING
TCP 192.168.1.68:445 192.168.1.67:1031 ESTABLISHED
TCP 192.168.1.68:49192 81.141.85.211:48868 ESTABLISHED
TCP 192.168.1.68:49204 65.54.189.147:1863 ESTABLISHED
TCP 192.168.1.68:49866 213.123.84.16:80 TIME_WAIT
TCP 192.168.1.68:49902 65.55.149.123:80 TIME_WAIT
TCP 192.168.1.68:49926 213.199.141.139:80 TIME_WAIT
TCP 192.168.1.68:49981 213.123.84.16:80 TIME_WAIT
TCP 192.168.1.68:49983 213.123.84.16:80 TIME_WAIT
TCP 192.168.1.68:50004 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50006 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50007 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50010 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50011 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50013 217.41.217.231:80 TIME_WAIT
TCP 192.168.1.68:50115 209.85.229.147:80 TIME_WAIT
TCP 192.168.1.68:50117 74.125.77.99:80 TIME_WAIT
TCP 192.168.1.68:50141 209.85.229.157:80 ESTABLISHED
TCP 192.168.1.68:50147 209.85.229.149:80 ESTABLISHED
TCP 192.168.1.68:50157 74.125.77.100:80 ESTABLISHED
TCP 192.168.1.68:50159 74.125.77.100:80 ESTABLISHED
TCP 192.168.1.68:50161 74.125.77.100:80 ESTABLISHED
TCP 192.168.1.68:50165 64.236.76.160:80 ESTABLISHED
TCP 192.168.1.68:50173 212.140.233.202:80 ESTABLISHED
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:990 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49162 [::]:0 LISTENING
TCP [::1]:5679 [::]:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:443 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:6729 *:*
UDP 0.0.0.0:52079 *:*
UDP 0.0.0.0:57229 *:*
UDP 0.0.0.0:59630 *:*
UDP 0.0.0.0:60858 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:51111 *:*
UDP 127.0.0.1:51430 *:*
UDP 127.0.0.1:51431 *:*
UDP 127.0.0.1:52848 *:*
UDP 127.0.0.1:55532 *:*
UDP 127.0.0.1:59632 *:*
UDP 127.0.0.1:59962 *:*
UDP 127.0.0.1:62334 *:*
UDP 192.168.1.68:9 *:*
UDP 192.168.1.68:137 *:*
UDP 192.168.1.68:138 *:*
UDP 192.168.1.68:1900 *:*
UDP 192.168.1.68:5353 *:*
UDP 192.168.1.68:55531 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:59631 *:*
UDP [::]:60859 *:*
UDP [::1]:1900 *:*
UDP [::1]:55529 *:*
UDP [fe80::461:1053:ae7e:7357%9]:1900 *:*
UDP [fe80::461:1053:ae7e:7357%9]:55530 *:*
UDP [fe80::39ba:b21b:d12a:ec11%8]:1900 *:*
UDP [fe80::39ba:b21b:d12a:ec11%8]:55528 *:*
UDP [fe80::4411:5cb8:113c:42df%13]:1900 *:*
UDP [fe80::4411:5cb8:113c:42df%13]:55527 *:*

I hope that helps.


Report •

Related Solutions

#4
September 24, 2009 at 13:35:31
P.S the address specified by resource monitor says Unknown 00-50-f2-67-8f-ab. I'm going to pull my ethernet for a bit to stop it, and check here again later. Thanks again for your help

Report •


Ask Question