Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Huge internet usage


  • Please log in to reply
11 replies to this topic

#1 Guy0502

Guy0502

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 04 April 2010 - 03:10 AM

Hi there!

Recently, my internet usage has rocketed, and when I disconnected that computer from the internet my usage has returned to normal. Both Download & Upload are much higher (1GB at least more each day). As I went overseas just after the computer got infected (a little over a month ago) and returned only recently, I didn't bother with it too much.

I have Malwarebytes' (1.41, database version 3204), SAS (Core: 4614 Trace: 2426) and Avast! (5.0.418, 100223-2). They're all outdated and they haven't detected anything. As I don't want to connect that computer to the internet, I cannot update them.

Thanks.

EDIT: I still have my restore points, but I'd rather try to remove the malware first.
II: I performed a system restore. Do you think it would work?

Edited by Guy0502, 04 April 2010 - 03:56 AM.

Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 05 April 2010 - 08:23 AM

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.

Malwarebytes Anti-Malware has been updated to v1.45. Please download and install the most current version from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Update the database through the program's interface (preferable method). Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Manually download the SAS definitions from here: http://www.superantispyware.com/definitions.html
Double-click on the link for Download Installer and save SASDEFINITIONS.EXE to a usb flash drive and transfer it to the infected machine. Then double-click on SASDEFINITIONS.EXE to install the definitions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 05 April 2010 - 10:47 AM

Well, I updated MBAM but if found nothing, so I did a system restore (Hardly anything was lost so I didn't mind). Everything seems to run clean now, but I am worried the infection will return somehow. Any suggestions?
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 05 April 2010 - 11:18 AM

System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. This feature makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. Sometimes this method of recovery works but other times it may not depending on what type of infection you are dealing with and what is restored (What's Restored when using System Restore and What's Not).

I would still get a second opinion by performing an Online Virus Scan like ESET or Kaspersky. .

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 07 April 2010 - 01:51 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, April 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, April 06, 2010 07:52:57
Records in database: 3914280
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 129074
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:56:48


File name / Threat / Threats count
D:\Guy\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

Selected area has been scanned.

Seems like IRC software, I probably installed it.
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 07 April 2010 - 07:13 AM

ThreatExpert's awareness of the file "not-a-virus:Client-IRC.Win32.mIRC"
Kaspersky forum discussion of mIRC not-a-virus:Client-IRC.Win32.mIRC

As the scan indicates, the file is not-a-virus. However, some programs may at times be detected by anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. If you installed or recognize the program, then you can ignore the detection. If not, then it can be removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 07 April 2010 - 07:36 AM

It was the installation file of IRC software. I just deleted it now simply because it took up disk space.
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 07 April 2010 - 07:44 AM

Ok so how is the machine running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 07 April 2010 - 07:55 AM

Everything seems alright now, usage is back to normal.

What should I do if the high levels return?
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 07 April 2010 - 09:45 AM

Now you should Create a New Restore Point to enable your computer to "roll-back" to a clean working state if you encounter future issues. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the most recently created Restore Point.

Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

If the high level of CPU usage returns, then you will need to investigate what processes is causing it.

Most of the processes in Task Manager will be legitimate as shown in these links.Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Guy0502

Guy0502
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 07 April 2010 - 11:50 AM

It is not CPU usage, rather actual internet usage (i.e. extremely high levels of Upload & Download).
Specs:
Dell Inspiron 530s
Intel Core 2 4400 (2Ghz) (dual-core)
3GB RAM
Windows XP SP3
ATI RADEON 1300PRO

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 07 April 2010 - 12:28 PM

Internet Usage Monitor
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users