Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something using network ultilization


  • Please log in to reply
14 replies to this topic

#1 mozart116

mozart116

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 21 July 2011 - 11:58 PM

Something is using my bandwidth and I don't know what it is? I've tried AVG scan, Mcafee stinger, Malware bytes, Windows Defender, and Microsoft Security Essentials; it scans clean everytime. I've done two fresh installs and as soon as I start Windows and look at the ultilization its always at .01-.02%. Can someone please help me?

BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 22 July 2011 - 10:17 AM

- Click on the Start Menu (blue orb in bottom-left corner)
- Type perfmon /res and press Enter.
- Choose Network tab and then check which processes are using your network. Also check TCP/IP connections.

If you do not understand what you see, you can post snapshot here and someone from BC community would be willing to help you.

#3 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 July 2011 - 02:11 PM

here's the screenshotAttached File  Capture.PNG   104.62KB   10 downloads

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 22 July 2011 - 04:54 PM

It appears that LocalServiceAndNoImpersonation service is utilizing your network. This service is used for application identification by AppLocker. Windows Media Center and HomeGroup are known to use this extensively.
Another service LocalPeerNet is also using network, this is used for HomeGroup.

Both are legitimate Windows services. So nothing to worry.

#5 Allan

Allan

  • BC Advisor
  • 8,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:52 AM

Posted 22 July 2011 - 04:57 PM

, Mcafee stinger, Malware bytes, Windows Defender, and Microsoft Security Essentials;

Are all of those apps installed on your system?

#6 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 July 2011 - 05:05 PM

It appears that LocalServiceAndNoImpersonation service is utilizing your network. This service is used for application identification by AppLocker. Windows Media Center and HomeGroup are known to use this extensively.
Another service LocalPeerNet is also using network, this is used for HomeGroup.

Both are legitimate Windows services. So nothing to worry.


Thanks for the information. I switched to Windows XP and it's still happening should I still be worried?


, Mcafee stinger, Malware bytes, Windows Defender, and Microsoft Security Essentials;

Are all of those apps installed on your system?


No, not all once

#7 Allan

Allan

  • BC Advisor
  • 8,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:52 AM

Posted 22 July 2011 - 05:09 PM

Okay :)

#8 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 22 July 2011 - 05:23 PM

Those services also exist in Windows XP.

Open a commad prompt window (from Start menu -> Programs ->Accessories) and give these commands :
sc stop appidsvc
sc stop p2pimsvc

See if network activity drops.

Then restart these services again,
sc start appidsvc
sc start p2pimsvc

These commands require you to have admin user account.

Edited by Romeo29, 22 July 2011 - 05:25 PM.


#9 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 July 2011 - 06:39 PM

Those services also exist in Windows XP.

Open a commad prompt window (from Start menu -> Programs ->Accessories) and give these commands :
sc stop appidsvc
sc stop p2pimsvc

See if network activity drops.

Then restart these services again,
sc start appidsvc
sc start p2pimsvc

These commands require you to have admin user account.


I can't take a screenshot but when I type it in it says:

"[SC] OpenService FAILed 1060:
The specified service does not exist as an installed service."

and the same thing for the 2nd command

Edited by mozart116, 22 July 2011 - 06:40 PM.


#10 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 23 July 2011 - 04:01 AM

Okay so those services are not installed in Windows XP. Then we will have to analyze the situation again.
Download NetLimiter 3 from here : http://www.netlimiter.com (Registration is free)
Check which programs are using your network bandwidth.
This program works in both XP and 7.

May I ask you if you have any firewall installed other than Windows firewall? Do you have a local network in your home/office to which your computer is connected?

#11 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 23 July 2011 - 02:55 PM

Attached File  untitled.JPG   135.57KB   6 downloads

Okay so those services are not installed in Windows XP. Then we will have to analyze the situation again.
Download NetLimiter 3 from here : http://www.netlimiter.com (Registration is free)
Check which programs are using your network bandwidth.
This program works in both XP and 7.

May I ask you if you have any firewall installed other than Windows firewall? Do you have a local network in your home/office to which your computer is connected?


I don't have another firewall except Window's firewall and I only have one computer connected to a modem

Edited by mozart116, 23 July 2011 - 02:56 PM.


#12 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 23 July 2011 - 10:39 PM

What I can see in this picture is incoming traffic.

Everything looks usual - Netbios traffic and DHCP ports etc.
Except 184.172.243.22, 184.168.253.1 etc. These IP addresses looks like are doing a port scan on your system.

I would suggest that you use a good firewall like Zonealarm, Comodo, Outpost etc. Windows firewall is useless in Windows XP.

Also use NAT firewall in your router to prevent such attacks [if you have a router].

#13 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 24 July 2011 - 04:05 PM

What I can see in this picture is incoming traffic.

Everything looks usual - Netbios traffic and DHCP ports etc.
Except 184.172.243.22, 184.168.253.1 etc. These IP addresses looks like are doing a port scan on your system.

I would suggest that you use a good firewall like Zonealarm, Comodo, Outpost etc. Windows firewall is useless in Windows XP.

Also use NAT firewall in your router to prevent such attacks [if you have a router].


Alright I download Comodo and I don't think it's detecting the 73.143.234.1. And I don't have a router, Comcast replaced my old one with this small plastic modem. The only way to stop the downloading is if I click on "Stop all traffic"Attached File  untitled.JPG   159.08KB   5 downloads

Edited by mozart116, 24 July 2011 - 04:12 PM.


#14 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:52 AM

Posted 24 July 2011 - 07:03 PM

73.143.234.1 is safe. Its comcast address (I guess your ISP) and port 68 means DHCP traffic. so its safe.
I was talking about IP starting with 184 in your last post. It is a known attack IP.

Your port 135, 139 and 445 are open and listening.

This means you are using File and Printer Sharing over a network. This can be good if you are actually sharing them. And that explains the traffic.
But these ports can also be used by hackers (do not get paranoid), so if you do not share anything, just disable File and Printer Sharing.
http://maximumpcguides.com/windows-7/disable-file-and-printer-sharing/

I hope that takes care of your traffic.

#15 mozart116

mozart116
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 25 July 2011 - 08:50 PM

I found a netgear router in my closet I forgot I had; I just attached it to my modem and the network ultilization is back at 0%. I can't believe I did all that to fix it in 5 minutes. Thanks for your time and mentioning the router.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users