Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Bot/Malware stealing bandwidth.


  • Please log in to reply
2 replies to this topic

#1 danceplus

danceplus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 03 September 2009 - 12:26 PM

BACKGROUND

I have a small family business with 3 computers and my husband and I each have one computer at home. I replaced mine with a new ASUS about 3 weeks ago. Our ISP, Rogers, is the same at home and at our small office. Last week we were informed by Rogers that we had a virus/bot and our Internet would be shut down in 48 hours if not fixed. The next day I received an automated message that we were over our 60 GB usage cap AT HOME.

I looked at the bandwidth we had used on Rogers site (available for home accounts only), and saw we had used 100 GB in 4 days! Both locations have a one year old Linksys WRT160N wireless router with a firewall and WEP protection. However the computers at the office are wired desktops, and the computers at home are all wireless. I use the wireless connection at the office when I move my computer between home and the office.

The following is true for all the computers...
- OS is Windows XP except for the new ASUS which is 64-bit Vista Home Premium.
- Norton Internet Security 2009 installed and up to date, full scans done daily.
- all updates for Windows, Java, and Adobe Acrobat, are current and up to date.

I took the following actions on all computers...
- Upon learning of the problem, I installed bandwidth meters (DU Meter).
- I ran the following scans: Norton IS 2009 full scan, Microsoft Malicious Software Removal Tool, Malwarebytes

RESULTS

Only two computers at the office had any kind of malware. There was one trojan found on my Dad's desktop, and a lot of problems on my brothers computer which receives all office email and despite my warnings may visit the odd gambling site. Given that I had only 48 hours to fix the problem at the office, The bandwidth meters indicated that my brothers computer was probably the culprit at the office. I replaced my brothers computer with a 3 year old laptop that I was using prior to getting my new ASUS laptop (I ran all the same scans on this computer as well and monitored it's bandwidth). It's only been a couple of days but the bandwidth being used by the computers at the office seems to be in the normal range and Rogers has not cut us off, which suggests that removing my brothers computer solved the problem.

At home, the bandwidth meters indicated that it is clearly the new ASUS that is causing the problem. In addition to the scans mentioned above I ran several other scans with software that claim to remove bots, but they either came up clean or were too complicated for me to interpret the
results. I could find no sign of a problem except that my bandwidth is about 15x what it should be. I have since removed these applications. I also changed the password on my router and changed the secuity from WEP to WPA. No change, so its not someone stealing the bandwidth in the neighborhood.

I read the instructions for posting here but I could not run dds.scr or RootRepeal because they will not work on my operating system (Vista Home Premium 64bit)

I thank you in advance for any help you can give me. I'm sorry if I've written too much but the instructions instruct to explaion the problem in detail, and I'm not sure what's relevant. I really don't want to have to reformat such a new computer. It took me 3 days to get it the way I want it.

Thank you
Linda

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:55 PM

Posted 03 September 2009 - 10:04 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:55 PM

Posted 05 September 2009 - 07:33 PM

First off you need to reset the password on your wireless router. Make it a good strong one
If you cannot run Root Repeal, try this:

1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users