Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Home: Continuous Signal: Int. Loop? Ext. Hidden


  • Please log in to reply
6 replies to this topic

#1 commart

commart

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:10:35 AM

Posted 23 October 2007 - 09:52 AM

I've been knocking at this issue for a while, and it may be coming down to reasonably simple answers, at least so before setting off another round of investigation.

Problem: systems tray networking icon and panel indicate, from time to time, a "continuous outbound signal"--packets seem to be going somewhere, but it's harder getting a handle on that.

Partial solutions:

1. If I don't initiate an online transaction, CURRENT PORTS, my port sniffer, indicates no services engages with a remote IP.

2. The raft of malware detectors--e.g., Defender, Black Ice, Antivir, etc.--have been coming up predominantly clean as regards their systems scans.

This is my question for the day:

a) Could the systems tray network icon, lit continuously on the left side, be indicating the presence of some kind of internal loop within the system? If so, what are the possibilities as regards the false positive state?

:thumbsup: On the other hand, is it possible that the network icon is telling the truth--information is leaving my machine--but the signal has been masked from the Current Ports software?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:35 AM

Posted 23 October 2007 - 10:04 AM

Well...does your firewall (assuming that it's a 3d-party software firewall) not allow you to control what connects to the Internet?

As for the network icon...it could be relaying false info. But, unless I had a reason to think so, I would not consider that. Anything on a computer can go bad...from hardware to software to O/S.

Did you try using Task Manager to see what is active all the time or when there are indications of outbound traffic?

I guess I'm not familiar with this Current Ports program/data you refer to. Got a link or info on that?

http://www.nirsoft.net/utils/cports.html Is this what you are talking about?

I guess that I count on Event Viewer and Device Manager informing me about problems that don't result in blatant error messages. Have you checked EV?

Louis

Edited by hamluis, 23 October 2007 - 10:06 AM.


#3 commart

commart
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:10:35 AM

Posted 23 October 2007 - 10:48 AM

The nirsoft product is the port sniffer (poor memory on my part re. the noun); I'm going to reboot and work with Event Viewer and see what happens when I catch the signal persisting. Black Ice, the firewall, seems to detect IP and type of traffic, but for programs installed, it "baselines" on installation or as directed (i.e., accounts for programs on the system).

My key question has to do with spying: is my system transmitting information to another computer? CurrPorts says I'm not, but I wonder how thorough or, for a spy, how hard to work around the program is.

Re. the Task Manager's list, list of add-ons to Explorer, and the Black Ice accepted programs baseline list: all grow both too long and arcane for obvious analysis. Right now, I have six "svchost" exe's operating (also "sqlservr", which bothers me a little bit).

I understand I can use Event Viewer to "watch" specific directories, so I may do that with regard to data locations.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:35 AM

Posted 23 October 2007 - 03:58 PM

Most routers and 3rd party firewalls can tell you where the traffic is going to. Using this link you can find out who owns it: http://isc.sans.org/
If it's not going somewhere that you know about - then it's time to put a stop to it!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 commart

commart
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:10:35 AM

Posted 24 October 2007 - 10:20 PM

In that the port sniffer reported no remote ports during the sys-tray outbound signal indication, I've been treating the worry as a false positive.

Strangely, however, I haven't seen the signal since last posting here.

I think with the next computer, I'm going to go with and learn XP-Pro, build it from scratch and disable all the auto-updating I can from various programs. Between Apple and Adobe products and slipshod nuggets like Defender, there's a lot of chatter for separating and identifying.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:35 AM

Posted 25 October 2007 - 07:35 AM

The price you pay for the convenience of auto-updating and auto-notification is this excess traffic.

Over the last hour I've had 48 inbound communications on my system and 107 outbound. I've spent most of the last hour off the computer - and when I was on it, I spent my time here at BC.

Some of the stuff that I've scanned indicates it's hackers casting about for a way into systems. Other traffic is from websites that I have open in my browser and my email checker. And, finally, some is from the auto-updating programs that I've got running.

It takes a lot of research to figure out each one - but after a while they get repetitive and you can recognize the good/bad one's out of hand. Just be careful when stopping the traffic tho - stopping an unfamiliar access can cause one of your essential programs to stop working. Always check before blocking!!!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 commart

commart
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:10:35 AM

Posted 17 November 2007 - 01:35 PM

Thank you for the note.

Between the time I posted the thread and today: the old unit's motherboard suffered physical damage, and its video card has been cutting signal to the monitor; while I'm still doing online communications with it, I have built an entirely new machine, Asus motherboard and all, and have gotten to the BIOS stage with it. I'm going to have some questions about "growing" the new unit and will have some other threads to start on that.

Thanks again for the reply here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users