Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop using WAY too much broadband.


  • Please log in to reply
11 replies to this topic

#1 MarkBishop36

MarkBishop36

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 16 January 2016 - 10:20 AM

Hi,

 

I've an ASUS laptop, running Windows 8.

 

I use a mobile broadband connection (Vodafone) as I live in a mobile home.

 

Yesterday I noticed I used 1.5GB internet in about 2 minutes - climbing at nearly 100MB a second! - I was doing no more than browsing - no downloads, nothing.

 

Every time I log on it seems I use approx. 350MB in 10 minutes, which is WAY too much.  I think I must have been hijacked.

 

I have downloaded AVG freeware and fully scanned my laptop, but nothing was detected.

 

I would be very grateful for any help please.

 

Thanks,

 

Mark.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 17 January 2016 - 10:28 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 MarkBishop36

MarkBishop36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 17 January 2016 - 03:10 PM

Hi Jo,

 

THANK YOU for your reply  :thumbup2:

 

Hmm, slow start, unfortunately I can't download Security Check from the links you gave me due to "Content Control" from my Broadband provider.  I could phone them to get this changed if required.

 

I can see the "SecurityCheck" download from Bleeping Computer's site - http://www.bleepingcomputer.com/download/securitycheck/

 

Would this be just as good? I notice it says for "Windows XP/Vista/7" - no mention of Windows 8.

 

Thanks,

 

Mark.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 17 January 2016 - 03:13 PM

It is the same file, download it from Bleeping Computer's site.
It should work for win 8 as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 MarkBishop36

MarkBishop36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 18 January 2016 - 02:03 PM

Hi Jo,
 
I've followed your advice re steps 1,2 and 3.  Details of each are below.
 
Also, I hope the below comments might help.
 
Approx a month or so ago I downloaded "Glasswire", to help me keep track of my monthly
internet usage, and avoid additional bandwidth charges.
 
Looking at usage within Glasswire, the highest on the list of "Apps" always seems to be "Host Process for windows services", name = svchost.exe, path = c:\windows\system32\svchost.exe
 
The last few days there's not that much bandwidth being used, but performance is terrible.  e.g. it takes 20 seconds to open a web browser, or sometimes 60 seconds to open task manager.
 
In Task manager I notice that CPU, Memory and Disk %'s are very high, disk often at 99%, even when the lap top is totally idle.
 
The standout figure seems to be a large amount of memory (approx 1,250MB) are being used by "Service Host: Local System (15), or (16).
 
 
(1) Security Check Report
 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender             
AVG AntiVirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

(2) Malwarebytes Anti-Rootkit
 
 
Once complete the message "Scan finished: No Malware found" was returned.
 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.01.18.03
  rootkit: v2016.01.09.01
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17377
Mark :: ASUS [administrator]
 
18/01/2016 14:20:50
mbar-log-2016-01-18 (14-20-50).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 337916
Time elapsed: 1 hour(s), 8 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 

(3) AdwCleaner
 
This Adwcleaner scan took only 30 seconds to complete - I was expecting much longer - I wonder if it completed correctly?
 
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 15:35:55
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 8  (x64)
# Username : Mark - ASUS
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [657 bytes] ##########
 
 
Thank you again for your help.  This is a real problem for me.
 
Mark.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 18 January 2016 - 02:52 PM

Hi,

:step1: Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

***


:step2: ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


:step3: How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 MarkBishop36

MarkBishop36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 20 January 2016 - 02:05 PM

Hi Jo,

 

Thanks for these additional suggestions.  I have followed them, results below.

 
(1) Sophos
 
 

Scan results - your computer is clean - number of threats found: 0.

 

 

(2) Emisoft 
 
 
Emsisoft Emergency Kit - Version 10.0
Last update: 19/01/2016 14:16:30
User account: Asus\Mark
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 19/01/2016 14:19:03
 
Scanned 87686
Found 0
 
Scan end: 19/01/2016 14:35:29
Scan time: 0:16:26
 
 
(3) How's things?
 
 
The computer does seem to be running better now.  The stats in Task manager are much lower.
 
I noticed that a lot (approx 50) windows updates had failed.  I don't know why, they were set to automatically update, and I didn't receive any failure messages.
 
These have now been installed, and everything is up to date.
 
 I'll try to be more proactive on the security and update front too.
 
THANK YOU very much for taking the time to help me, your input was MUCH APPRECIATED.
 
Best wishes,
 
Mark.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 20 January 2016 - 02:39 PM

Does this mean, Windows Updates were the reason, that your Laptop was using WAY too much broadband?

Is your Internet traffic okay now?

---

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 MarkBishop36

MarkBishop36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 22 January 2016 - 03:29 PM

Hi Jo,

 

I'm not convinced windows updates were the reason. 

 

I've never seen my bandwidth surge like that before, plus there were several days of very poor performance.

 

Things do seem to be back to normal over the last 2 or 3 days though.

 

Internet traffic has cooled off, and seems fine.

 

 

ESET Online scanner

 

No threats found.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 22 January 2016 - 04:30 PM

It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 MarkBishop36

MarkBishop36
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, England.
  • Local time:06:04 PM

Posted 24 January 2016 - 06:23 AM

Thank you Jo.  

 

I'm grateful for your advice.  

 

Best wishes...  :thumbup2:



#12 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 24 January 2016 - 10:59 AM

You're welcome. :thumbup2:

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users