Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Someone Stealing My Internet Connection?


  • Please log in to reply
9 replies to this topic

#1 wwejosh

wwejosh

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 March 2007 - 04:01 AM

Hello.
Some suspicious thing have been happening lately on my computer.
There are two computers connected through wires to our modem/router and a laptop wirelessly connected to the modem/router. The computer I use is connected to the main port on the modem/router.
Suspicious things that have been happening include:

Sometimes when I am using the internet the network plug is "unplugged" in balloon pops up in the bottom right hand corner, this happens probably once every 3 days. Even though the network plug is plugged in. I have to turn off the modem/router and computer. Once back on it normally is working again. Strange thing is though the other computer and laptop can still connect to the internet.

When I turn the computer on with no programs connected to the internet, my modem/router's corresponding light for the Ethernet port I'm using is flashing. Normally nothing is flashing, well at least before all this stuff started happening. When the modem/router has normal behavior it only flashes when I'm uploading or downloading.

During weird behavior the other day my computer just turned it's self off, it has never done this before.

So some strange things going on here. I have the following security on my computer:
eTrust Security suite (scanning tonight)
Avg Anti-spyware free (scanning)
Ad-aware se (scanned)
Spy bot s & d (scanned)
Spyware blaster
If anything happens after the avg as and eTrust security scan I will let you know.

So what can I do to see if someone is playing around with my internet connection?
What can I do remove these problems?

Thank you for reading, help greatly appreciated.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:28 PM

Posted 16 March 2007 - 05:21 AM

Can you check in the log of your firewall wat is trying to access the internet or vice versa?

#3 wwejosh

wwejosh
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 March 2007 - 06:26 AM

Thanks.
What information do you want me to display?

Thanks.

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:28 PM

Posted 16 March 2007 - 06:29 AM

Normally there would be a log of incoming and outgoing traffic somewhere, being it on your router or in your firewall

#5 wwejosh

wwejosh
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 March 2007 - 06:31 AM

Well in my firewall, there are two logs one named programs,and the other named firewall. Which one?

Thanks mate.

#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:28 PM

Posted 16 March 2007 - 06:33 AM

first try firewall

#7 wwejosh

wwejosh
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 17 March 2007 - 09:48 AM

Hello well, I'm a little confused as to which information you want to me to display as apart of the log but here goes:
About every ten seconds for the 10minutes the following has been coming up:
This is from my firewall log, alert type: firewall
Rating: Medium, Date time: see above, Type: firewall, program: /, Protocol: TCP (flags s), Source IP: lots of different ones, Destination IP: My IP with a port number at the end (uTorrents port), Direction: Incoming, Action taken: Blocked, Source DNS: persons Ip with ISP name (lots of different IP's), Destination dns: our computer name.

Before that about an hour before the above the following was happening:
Four of the followings popped up:
Rating: Medium, Date: irrelevant, Type: Firewall, Protocol: UDP, Program: some were svchost.exe some were blank, Source IP: mainly different one or two re-curing, Destination IP: Some same and some different, Direction: Outgoing, Action taken: Blocked, Source DNS: Our computer name, one is uTorrent.com

This is from my firewall log, alert type: programs
For about 13m, 35 times per minute the following was logged:
Rating: Some high some medium, Type: Repeat program or Program access some repeat server program, Program: uTorrent.exe and some C:/Program Files/uTorrent/uTorrent.exe, Source IP: /, Destanation IP: lots of different ones, Direction: outgoing (connect) some outgoing (listening), action taken: some blocked some allowed, Source DNS: different IP's with theor PSP at the end of them:

Then before this pattern there was a pattern that lasted for 5 hours, several times per minute the following was logged:
Rating: High, Type: Program access, Program: svchost.exe, Source IP: Three alternating IP's, Destanation IP: /, Direction: Incoming (listen), Action taken: blocked, Source DNS: My Ip's webiste and others say ns4.on.net

One las t pattern I will display is:
This one goes for an hour and a half, being logged every two seconds:
Rating high, Type: program access, Program: avgas.exe, Source IP: /, Destnation IP: Three alternating IP's, Direction: Outgoing (connect), Action taken: Blocked, Source IP, /, Destanation SNS: some blank some ns4.on.net

Also my computer switched off while of was seeding in uTorrent again.

Thank you, help greatly appreciated.

#8 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:28 PM

Posted 17 March 2007 - 04:57 PM

I should check if on either of the two computers Utorrent is running or remainders of that program are still there. If you have done some portforwarding in your router you should delete all those entries regarding UTORRENT.

#9 wwejosh

wwejosh
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 17 March 2007 - 06:52 PM

Hi. Yes there is some port forwarding done for this computer for uTorrent.
Are you asking me to delete uTorrent or ...?
Do I have to use azureus instead or something?

Thanks, help greatly appreciated.

Edited by wwejosh, 17 March 2007 - 06:57 PM.


#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:28 PM

Posted 18 March 2007 - 08:46 AM

It seems that these programs are trying to access the web (and your system) and are being blocked. The first thing would be to try a test with your firewall off (only temporarily!!!) to see if the behavior occurs then. If this "fixes" it, then it's likely just a matter of creating the proper rules to allow access.

If that doesn't fix it, then it seems likely that the uTorrent is causing this, although there may also be a problem with AVG AntiSpyware. The instance of svchost.exe is of concern also, but you'll have to use a program like Process Explorer to find out what's running underneath it that may be causing the problems (it could be an unwanted/malicious process).
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users