Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System process constantly uploading to internal IP adress


  • Please log in to reply
1 reply to this topic

#1 yoyie

yoyie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 December 2013 - 03:06 PM

Hello everyone, first of all, awesome job you're doing! I hope I can get my issue resolved here.

 

I am running windows 7, and there is seemingly nothing wrong with it. However, I happened to look at my uploads and downloads, and saw that the 'system' process was constantly uploading data, without end, at speeds from 200KB/s to 3MB/s

 

This set off all my alarm bells, and I immediately did a system restore. Unfortately, it didn't help (my last system restore was a week ago, and it could easily be that the infection is more than a week old) . I also scanned my entire pc (with MBAM and MSE), and it didn't find anything. However I did run some suspicious files recently.

 

The strange thing is, the place it is uploading to is an internal adress: 192.168.1.46. The machines own address is 192.168.1.16. I also walked around the house and tried all the laptops and other pc's, etc... none of them came up as 192.168.1.46. The network is also password-protected, so I find it hard to imagine it's someone from outside.

 

Is there any way to find out to who the 192.168.1.46 belongs? And do I definitely have a rootkit/virus/whatever? In that case, is there anyway to detect/remove that rootkit? MBAM and MSE didn't find anything, but I'll try anything that is suggested.

 

Thanks in advance!

 

edit: to add, it seems to quit at some points, like just now. I don't know if this is because the 192.168.1.46 "device" is turned off, or any other reason. I do live with multiple people, so it could be that one of them just did something. I just know it's not me controlling it.


Edited by yoyie, 07 December 2013 - 03:17 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 PM

Posted 07 December 2013 - 07:04 PM

Very odd - A reverse trace of 192.168.1.46 leads me to .......
Trevi Fountain, Piazza di Trevi, Rome, Italy ??
 
All I can offer is a Skype or similar phone link to that area ??
Other chances are people in your house have contacts there -
 
Sorry if that is no help -





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users