Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusually high bandwidth usage


  • Please log in to reply
4 replies to this topic

#1 RoseRedWolf

RoseRedWolf

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 August 2015 - 06:58 PM

I don't have broadband, so I tend to use my cellphone as a portable WiFi hotspot, and let my laptop use it's data connection. This means that I tend to keep a close eye on how much data that it uses, and I've got a fairly good idea of what does what, and how much this or that use.

 

Yesterday, I had my laptop sitting, connected but not doing anything, and left it for a couple of hours. I know for a fact that it wasn't streaming anything, or downloading anything, or anything like that, and when I came back, I saw that it had chewed through over 2 gigs worth of data inside that time, which for what I was doing (almost nothing) should have been impossible.

 

Under WiFi Performance, in my task manger, I noticed that the the kbs per second was spiking as high as 7-8 mbs or more, and balancer, which I downloaded to try and control it (which was like banging my head against a brick wall, by the way) told me that my browser had as many as 30 different connections open at once, which seriously strikes me as iffy, to say the least.

 

Malwarebytes picked up nothing, when I scanned it, which is all the more frustrating. I was running Avast Antivirus, which I notices seemed to be doing something that it should, in terms of data sent/received as well, so I initially though that it might have been this causing the problem. I swapped that out, going back to AVG (which I changed out in the first place because of the way that watchdog sinks it's teeth into my external hard drive, and ran a scan which picked up a few things, (.js files) which it told me could be adware related?

 

However, I'm still noticing what seem to be unusually high WiFi usage spikes. (300+ kbps) even after performing a refresh on the laptop itself, changing my browser (I was using Torch, and I'm now using Opera) and setting the wifi connection as metered.

 

Do I have a virus, or am I just being paranoid, now? Or Could something else be going on? Please help.

 

I'm seriously considering doing a Factory Restore on my laptop, now. It should also be noted that my laptop has no c.d drive, came with windows 8.1 preintalled (so without disks) and that as you've probably gathered, my Internet, in terms of how much data I can use is very, very limited. My funds are next to non-existant, too, which doesn't help matters. 

 

I usually wouldn't go over 500 megs of data in a day, (and more often than not, it's under 300 megs) and that's when I'm actively downloading things, not just sitting idle on a page. So to use 2.2 gigs, in about 2 hours, seems well over the line.


Edited by RoseRedWolf, 06 August 2015 - 07:13 PM.


BC AdBot (Login to Remove)

 


m

#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 07 August 2015 - 01:38 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Post log here .
 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.



#3 RoseRedWolf

RoseRedWolf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 August 2015 - 08:04 AM

Thanks. I appreciate it. Logs as follows. 
 
 
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Corrin (administrator) on 08-08-2015 at 00:48:38
Running from "C:\Users\Corrin\Desktop"
Microsoft Windows 8.1 with Bing  (X64)
Model: Inspiron 3531 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
=========================== Installed Programs ============================
 
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
LibreOffice 5.0.0.5 (HKLM-x32\...\{48806D1D-C8D3-4235-8893-D5A03BAFC307}) (Version: 5.0.0.5 - The Document Foundation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.409 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Client Framework (HKLM-x32\...\{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) Hidden
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.005 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
 
**** End of log ****
 
 
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Corrin
->Temp folder emptied: 418492 bytes
->Temporary Internet Files folder emptied: 54909755 bytes
->FireFox cache emptied: 37989203 bytes
->Flash cache emptied: 713 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2353759 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 91.00 mb
 
 
 


#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 07 August 2015 - 08:34 AM

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.

 

Attach log here.

 

Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.

 

Attach log here.

 

Scan with Dr.Web Cure It !
 
Download Dr.Web Cure It ! and save it to your desktop.
 
Run the tool as Administrator,accept license agreement by putting a checkmark on it, and click Scan.
 
Scan may take a while so be patient !
 
If there's malware found, click on Neutralize button, if program asks for restart, allow it to do so.



#5 RoseRedWolf

RoseRedWolf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 August 2015 - 04:36 PM

Before I carry on, I just had a thought. What are the chances that this thing is hiding on my external HD, waiting to just pop back on? Should I connect that as well, and then carry on? Or is there another way around that? I mean, cleaning this up, only to have it pop straight back, doesn't seem like a bright idea. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users