Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this Normal or Malware ? Large amounts of Out Data ?


  • Please log in to reply
13 replies to this topic

#1 sub101uk

sub101uk

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 03 February 2018 - 09:29 AM

I was wondering if this is normal I have noticed over the past month a very large amount of data being sent via me when I use Yahoo Mail or Ebay , I am using TCPView , When I just turn the computer on with no internet connect I see : 20 Endpoints  , Estabished 0 , Listening 15 , Time Wait 0 , Close Wait 0

 

When I connect to the internet I then see Endpoints 47 , Estabished 4 , Listening 15 , Time Wait 0 , Close wait 0 ,

 

I can connect to Google mail page or Facebook and there is very little change : Endpoints 54 , Estabished 10 , Listening 24 , Time Wait 1 , Close wait 0  .

 

All seems well untill I conect to Yahoo https://us-mg42.mail.yahoo.com/ or Ebay https://www.ebay.co.uk/

connected to any of the above I then get : Endpoints 442 , Estabished 144 , Listening 22 , Time Wait 225 , Close Wait 0 .

 

I have tried all 3 browsers and its the same on all 3 Firefox ,Chrome and Internet Explorer . I have also tried 4 other computers using OS 7 ,OS 8 and OS 10 all using TCPView v3.05 and its the same .

All computers are using Eset Ver 11.0.159.5 .

 

Have I caught some type of Malware if so do I have to a total install as I have ran all Malware tools but it still remains the same and only seems to when happen connected to Yahoo or Ebay ?

Many Thanks and hope someone knows if this is normal .

 

Any thoughts ?

Attached Files


Edited by hamluis, 03 February 2018 - 09:46 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:46 AM

Posted 03 February 2018 - 01:02 PM

Hi,

 

Try to reboot your modem/router and see if it makes any difference. It seems that when you open web pages that initiate several connections to show images for example they take longer than usual that's why you see the TIME_WAIT state.

 

I had a similar problem some years ago, when I was visiting a forum where users use avatars stored outside the main site, sometimes the images fail to load. In my case I also notice several connections in wait state, I checked the error log of the router and found that the SMC router I was using at the time have some settings to limit the semi-open connections (or something like that) changing the limit to a higher value resolved the problem.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 03 February 2018 - 03:16 PM

Many Thanks I will try and re boot my router and see if any changes but its very odd ,It only seems to do this when connect to yahoo or ebay but I did run all the Malware programs I could find and its still the same on all the computers in the house from OS 7 , OS 8 and OS10 so you might be right since they all use the same router .

 

Cheers



#4 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 03 February 2018 - 05:18 PM

Well I reset the router and its still the same on all computers the router is a Dray Vigor but I am at a loss ? the only other common thing is they all use ESET on the windows 10 machine when you link to Yahoo or Ebay TCPView shows over Endpoints at over 600 . The only thing I can do is do a total re install and see if its the same if that does fix the problem all 4 other computers here will need it ,But I will try changing the router and see what happens then .

 

I wonder what other peoples computers running OS7 what Endpoints do you get using TCPView connected to yahoo or ebay or is it just me ?

 

Cheers



#5 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 03 February 2018 - 07:18 PM

I just started up TCPView on a Win 7 box with cliqz (21 tabs) and Firefox (6 tabs) open.

 

I have 125 endpoints in TCPview.

 

Open one tab of Ebay (logged in) in Cliqz and the # of Endpoints goes to 220.

 

Opened Yahoo mail (logged in) and I am now at 150



#6 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 04 February 2018 - 05:30 AM

Thanks very much David looks like yours is the same I use BT internet . I did connect to my neighbours WiFi his internet provider is virgin but its the same all is ok until you connect to https://us-mg42.mail.yahoo.com or https://www.ebay.co.uk

then it just takes off to over 400 Endpoints but its fine on Google mail or facebook or many other web sites that I visit .

 

Very strange on my windows 10 machine it goes up to over 700 Endpoints since its got a higher spec than my Dell 17 inch Lap top but in my case as soon as the Endpoints get over 200 the fan starts up and by 300 the fan is going flat out .



#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:46 AM

Posted 04 February 2018 - 06:51 AM

Try to browse the websites using Private mode, I think all browsers accept CTR + SHIFT + P

 

When you tested using your neighbors connection did you restart the computer first?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 04 February 2018 - 11:43 AM

Many Thanks for letting me know about Private Mode I did turn it on and I tried with virgin then BTinternet before I connected to virgin I did a cold re Boot ,It would seem there is not much in it With the tracker on or off using firefox .
First is Virgin with Tracker off , Not Connected to Internet :-
 
EndPoints 20 , Established 0 ,  Listening 15 , Time Wait 0 , Close Wait 0
 
Internet Connect
 
Endpoints 47  , Established 2 , Listening , Time Wait 2 , Close Wait 0
 
Connected to Firefox Browser
 
Endpoints 63 , Established 18 , Listening 24 , Time 1 , Close Wait 0
 
Connected to Yahoo and Ebay its a bit less
 
Endpoints 167 , Established 93 , Listening 23 , Time Wait 30 , Close Wait 1 
 
Connected via BTinternet with Firefox Tracker off
 
No Internet connected
Endpoints 40 , Established 0 , Listening 23 , Time Wait 0 , Close wait 0
 
Connected to Firefox
 
Endpoints 72 , Established 30 , Listening 23 , Time Wait 0 , Close Wait 2
 
Connect to Yahoo or Ebay via BTinternet with Firefox with tracker off
 
Endpoints 340 , Established 131 , Listerning 23 , Time Wait 156 , Close Wait 1
 
I have a feeling this must be Yahoo or Ebay causing all these connections as all my computers seem to go mad when connect to Yahoo or Ebay , I wonder if any other member who is using BTinternet as his IP is having the same problem as me every time they connect to Yahoo or Ebay .



#9 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 04 February 2018 - 12:16 PM

That IS quite interesting.  Maybe you should take the next step and run a packet sniffer - Nirsoft has one that is fairly easy to use.  Smartsniff



#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:46 AM

Posted 04 February 2018 - 02:53 PM

For me its obvious your router or ISP, can you post the exact model and reference of the router or link for the router manual if you have one.

 

 

First is Virgin with Tracker off , Not Connected to Internet :-
 
Connected to Yahoo and Ebay its a bit less
 
Endpoints 167 , Established 93 , Listening 23 , Time Wait 30 , Close Wait 1

 
Connect to Yahoo or Ebay via BTinternet with Firefox with tracker off
 
Endpoints 340 , Established 131 , Listerning 23 , Time Wait 156 , Close Wait 1


Edited by SleepyDude, 04 February 2018 - 02:55 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 04 February 2018 - 04:17 PM

Well since its happening via Virgin it cant be my router it has to be my ISP which is BTinternet but in saying that its the same with Virgin as well . So what I did is this I used Witopia and routed myself via USA and that seems to reduce Endpoints back to normal again . When I say normal if I connected to any web site it remains the same about 47 - 60 Endpoints but as soon as you connect to Yahoo or Ebay it shoots up to between 300 - 700 with the lower spec machines its 320 with high spec machines over 700 .

 

Like I said this is happening to 4 other computers running OS 7 , OS.8 + OS10 its not my router because if I cold boot to my neighbours WiFi who is useing Virgin its not going via my router .Ok where do I down load a copy of packet sniffer - Nirsoft ?

 

Many Thanks for all the help .


Edited by sub101uk, 04 February 2018 - 04:55 PM.


#12 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 04 February 2018 - 05:22 PM

Sorry DavidLMO it would seem for some reason Smartsniff will not run with my computer , If I try to install I get :- Installation cannot continue .incompatible operating system . I am running OS 7 Pro mean while if any other members of this forum BTinternet please check on your out data with TCPView and let me know what you get when connected to  https://uk.yahoo.com or https://www.ebay.co.uk as while I reply with this message I am getting over 320 Endpoints while connected to Yahoo .If I goto any other site like facebook it drops down to only 67 .



#13 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 05 February 2018 - 11:25 AM

Strange.  It runs fine on my Win 7 Pro 64 machine.



#14 sub101uk

sub101uk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 05 February 2018 - 12:51 PM

That is very odd I dont seem to be able to attach the screen shot here but on the install report it says : Installation cannot continue . Save and review the System Check results the listed install errors .Run the installer again after resolving the errors .

 

System Check Results : Incompatible Operating System             The operating system is not supported by the selected products .

 

So any more thoughts






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users