Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Downloading Without My Consent


  • Please log in to reply
3 replies to this topic

#1 george-JL

george-JL

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 10 April 2007 - 04:28 AM

Hi all,

I am using a dial-up connection and yesterday I noticed that whenever I connect to the internet, it starts downloading data immediately, even when I'm not using any programs that will download data. Automatic updates are turned OFF.

ZoneAlarm displays this:
"Generic Host Process for Win32 Services" Blocked from listening to port(s): TCP:3002,3003 UDP: 1026
(This icon is flashing)

and...

"Generic Host Process for Win32 Services"
(NOT flashing)



Process Explorer says:

SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs

Protocol: TCP
Local Address: computername:3450
Remote Address: 203-217-31-248.deploy.akamaitechnologies.net:80
State: ESTABLISHED

Protocol: TCP
Local Address: computername:1025
Remote Address: computername:0
State: LISTENING

Protocol: TCP
Local Address: computername:3450
Remote Address: computername:0
State: LISTENING

Protocol: TCP
Local Address: computername:3002
Remote Address: computername:0
State: LISTENING

Protocol: TCP
Local Address: computername:3003
Remote Address: computername:0
State: LISTENING

Protocol: TCP
Local Address: computername:123
Remote Address: *.*
State: (none)


Protocol: TCP
Local Address: computername:1026
Remote Address: *.*
State: (none)

Protocol: TCP
Local Address: computername:3449
Remote Address: *.*
State: LISTENING

Protocol: TCP
Local Address: computername:123
Remote Address: *.*
State: (none)


and also


SVCHOST.EXE
C:\WINDOWS\system32\svchost -k rpcss

Protocol: TCP
Local Address: computername:135
Remote Address: computername:0
State: LISTENING

Protocol: UDP
Local Address: computername:135
Remote Address: *.*
State: LISTENING

and then

SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k NetworkService

Protocol: UDP
Local Address: computername:3360
Remote Address: *.*
State: (none)


Protocol: UDP
Local Address: computername:3361
Remote Address: *.*
State: (none)


Protocol: UDP
Local Address: computername:3009
Remote Address: *.*
State: (none)

Protocol: UDP
Local Address: computername:3011
Remote Address: *.*
State: (none)

Protocol: UDP
Local Address: computername:3063
Remote Address: *.*
State: (none)

Protocol: UDP
Local Address: computername:3064
Remote Address: *.*
State: (none)


and finally

SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService

Protocol: TCP
Local Address: computername:5000
Remote Address: computername:0
State: LISTENING

Protocol: UDP
Local Address: computername:1900
Remote Address: *.*
State: (none)

Protocol: UDP
Local Address: computername:1900
Remote Address: *.*
State: (none)


Any help would be greatly appreciated!

Edited by george-JL, 10 April 2007 - 04:36 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 10 April 2007 - 04:35 AM

Could it be something like your anti-virus trying to update?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 10 April 2007 - 05:02 AM

You may want to check out this info log:

Protocol: TCP
Local Address: computername:3450
Remote Address: 203-217-31-248.deploy.akamaitechnologies.net:80
State: ESTABLISHED

#4 george-JL

george-JL
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 10 April 2007 - 06:50 AM

Could it be something like your anti-virus trying to update?

Possibly. Yesterday I just downloaded AVG Free 7.5 (previously had AVG 7.1), but usually AVG asks for permission in ZoneAlarm... I don't know what's going on.

You may want to check out this info log:

Protocol: TCP
Local Address: computername:3450
Remote Address: 203-217-31-248.deploy.akamaitechnologies.net:80
State: ESTABLISHED


Yep I noticed that too. I did a little research and some other people have experienced the same thing too:
http://forums.pcworld.co.nz/archive/index.php/t-33444.html

Sounds suspicious, but some say it's legit.


Is there anyway to disable the connection to that thing?

Also, does anyone know why some of my "computername" local addresses are connecting to "computername:0"?

Edited by george-JL, 10 April 2007 - 07:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users