Possible rootkit causing excess traffic Help

October 25, 2009 at 18:57:32
Specs: Windows 7
I noticed all of a sudden my cable modem is running like crazy even when i have no traffic...looking at my router logs I see ALOT of this:

Blocked outgoing ICMP packet (ICMP type 3) from to

Tracing that IP its going to is a comcast.net domain I have another just like it that is going to a qwest domain different ip. Virus scan shows clean but this seems like rootkit or am I wrong?

See More: Possible rootkit causing excess traffic Help

Report •

October 25, 2009 at 19:20:41
From experts exchange:

"ICMP can't be used to transfer data... it's most likely due to network scanners on computers attempting to ping you... the ICMP type 3 indicates that the router is sending back "destination host unreachable" and unfortunately you can't stop that kind of traffic coming in, as long as your firewall is good and your network is protected then there is nothing to worry about with this kind of traffic."

Report •

October 25, 2009 at 19:25:33
The problem I have is it is bogging down my modem speed ALOT.

Report •

October 25, 2009 at 20:02:27
You should have more problems than router traffic if a rootkit/virus is on the computer, however some can infect a router.

Go online a find the directions to reset your router or re-address it and see if that helps.

Report •

Related Solutions

October 25, 2009 at 20:09:03
Now I am getting errors saying

xqrnzf.exe has stopped working
qqdrnp.exe has stopped working

This defnitley sounds like a virus huh? Strange thing is my virus scanner did not pick anything up and its showing in the ntdll.dll file......any suggestions?

Report •

October 25, 2009 at 20:32:40
That does sound like rootkit/virus files.

Please download Malwarebytes' Anti-Malware from one of these sites:



Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Report •

October 25, 2009 at 21:57:47
tryed that and it found nothing but that cant be right

Report •

October 25, 2009 at 21:59:02
Malwarebytes' Anti-Malware 1.41
Database version: 3034
Windows 6.1.7600

10/26/2009 12:58:44 AM
mbam-log-2009-10-26 (00-58-44).txt

Scan type: Full Scan (F:\|I:\|)
Objects scanned: 213262
Time elapsed: 56 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Report •

October 26, 2009 at 03:28:02
Please save this file to your desktop. Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Report •

October 26, 2009 at 05:39:53
Im running windows 7 x64 though

Report •

October 26, 2009 at 19:51:18
That does make a difference as many of the tools used to find and kill baddies will not work on a x64 system.

Please download OTL from following site:


1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Report •

Ask Question