Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some program is trying to access the internet


  • Please log in to reply
5 replies to this topic

#1 Steve555

Steve555

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 18 April 2005 - 08:49 AM

How can I find out what program is trying to access the internet and where it is trying to go? If I just dial-up to my isp (worldnet), some program tries to send/receive lotsof data (monitored data activity by ZoneAlarm). If I disconnect, it restarts the dialer and tries to re-connect. Any ideas?

Background: I'm working on a Sony Vaio running XP Pro - it had a numbr of virus' and adware - all successfully removed. It also had the slserves trojan - also successfully removed. I get clean scans from NAV, Spybot & AdAware. I have turned off all the automatic updates (windows, NAV, etc.) thinking one of them was trying to complete an update - no change.

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:08:59 AM

Posted 18 April 2005 - 09:19 AM

Hi Steve555 and welcome to BC

What info does ZoneAlarm give you about the program trying to get out? Be as specific as possible please. ZoneAlarm keeps a log file you can access.

You might want to try another AV scan like Panda Active Scan. Also give a-squared Free a try. Many trojans are downloaders that try to access the net to give you more headaches.

Also, you should disconnect your phone line from your machine until you get this sorted out as a dialer program can cost you a lot of money in long distance charges by waking an unattended computer and connecting to the internet.

Edited by Leurgy, 18 April 2005 - 09:20 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 Steve555

Steve555
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 18 April 2005 - 05:30 PM

Leurgy,

Thanks for the response. I thought I posted a reply to your recommendations but I don't see it posted. Here it is again. I turned all programs in ZA to ask for permission. The one that popped up was Generic Host Processor for WIN 32 Services - going to 239.255.255.250 port 1900. I set this pgm to deny and I though the problem went away. Subsequenty, after many clean virus scans, I got a NAV warning about W32.spybot.worm. I am in the process of removing it using the directions from NAV. It showed that winsc.exe was infected. In searching for info on winsc.exe, it seem that it is also a virus. Do you have any experience with this program?

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:08:59 AM

Posted 19 April 2005 - 07:11 AM

I don't have experience with that particular file but I have played around with more than a few viruses. That one is hard to find much info on, although I'm getting the idea that a-squared should help you.

That W32.spybot.worm looks like the cleanup will be brutal according to Symantec. Good luck with that one.

Make sure you turn off System Restore , then do your cleaning, and then turn it back on again or you will most likely be reinfected on the next boot. Also, open Internet Explorer and go to Tools>Internet Options>Connections tab and remove any dial up connection you don't recognize. The a-squared resident guard should prevent that dialer trojan from remaking a new connection.

Edited by Leurgy, 19 April 2005 - 07:15 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 Steve555

Steve555
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 19 April 2005 - 07:32 AM

Hopefully, I have solved the problem. I followed the directions to remove the w32.spybot.worm and winsc.exe in safe mode. The Worlnet dialer is no longer being started unexpectedly and all scans check OK. I will run the other scans you suggested and keep the PC running with the telephone line disconnected for a few days to be sure the virus doesn't show up again. It took two days for the worm to show up again after removal the first time!?? (probably because I didn't remove the winsc.exe)

The only issue remaining (not a major one) is there seems to be a delay in the initial display of the homepage for IE. Worldnet connects fine but when I start IE it takes a while for it to connect to the homepage (google.com or yahoo.com). My own PC doesn't have that delay using the same line.

Thanks again for your help. This is a great site - glad I found it and hopefully I can contribute some solutions.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:08:59 AM

Posted 19 April 2005 - 07:40 AM

Glad to hear your working things out.

If you have concerns about that dialer check out a-squared's The Dialer-Problem in Detail. Some good info in there about what to do if it shows up on your phone bill.

Good luck and glad you like the site.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users