Go Back   nV News Forums > Software Forums > Microsoft Windows XP And Vista

Newegg Daily Deals

Reply
 
Thread Tools
Old 11-18-03, 03:56 PM   #1
druga runda
Zeus Gromovnik
 
druga runda's Avatar
 
Join Date: Jul 2002
Location: Gerbilizator
Posts: 374
Default Someone uploading something onto my PC

An interesting occurence -

with all apps closed,

even with an internet lock by zone alarm.

Of course if I disconnect the cable it doesn't occur so it is not incorrect.

Between 1-4 kbps

It is using services and controler app it seems.

How do I know? I use bandwidth monitor., and the network status numbers are steadily showing something is happening like I received more than 6000 packets since I restarted...

Adaware was run so the comp is meant to be clear of that crap.

Antivirus runs everyday and I keep it automatically updated.

What is it?

Could it only be MS updating the windows? I doubt it though I'd expect them to use all the bandwidth as all is available at teh moment...

Any idea on how to figure out what it is... btw I have a router with NAT firewall too...

It's a Win 2000, D-Link router, Zonealerm, and AVG antivirus...

druga runda is offline   Reply With Quote
Old 11-18-03, 07:42 PM   #2
druga runda
Zeus Gromovnik
 
druga runda's Avatar
 
Join Date: Jul 2002
Location: Gerbilizator
Posts: 374
Default

This is sooo weird - OK maybe it's simple, someone help please

For the purposes below I will split the story into
"main PC" - the one that I usually use, that can now access the internet - on Win2000
"two others" - cannot access the internet from the same router - Win2000 and WinXP on them

1. my home network/router worked fine until 2 days ago
2. internet access stopped
3. I figured it was the router so I just unplugged it , plugged it back after a 1minute+ wait, and everything was on and fine
4. not quite everything, everything on my main PC at least for internet access, however as it seems today the two other PC's on the network cannot access the net anymore
5. those two PC's can see each other over the router, however none of them can see the "main" PC that is plugged in the same router but can access the interet (unlike those two)
6. the IP addresses on all PC's are setup on automatic, and as such the connection was working on all until a couple days ago
7. the IP address on the main PC is in 81.xxx.xxx.xxx range as is the Gateway
8. I have 3 different working installation s of Win 2K in different partitions on the main PC and they all pick up this weird IP address up and connect to the net with the same settings.
9. I couldn't replicate the correct settings manually on the main PC to connect to the net
10. The "supposedly normal 192.168.0.1" address for the router to access its control panel trough IE - DOES NOT WORK; nor does the new "gateway" IP address
11. The Router RESET button does NOT reset it to standard factory defaults anymore (keept the button pressed for longer than 10 seconds)

12. SOMETHING SLOWLY BUT CONSTANTLY UPLOADS ON THE MAIN COMPUTER the upload is been going on for at least 4hours @ 1-4 kbps...

13.Immediatly when I plug in the network cable in -the upload just resumes, it doesn't respond to internet lock in ZoneAlarm... just plugging out the network cable works

14.Setting the same IP address, gateway, DNS servers on the other Win2K machine DOES not let me to the net on that machine.

Nothing uploads on the "other two" PC's thankfully.

What else?

IT IS FREAKING ME OUT maybe its nothing special, but ~

What am I being super hacked, going trough the NAT firewall on the router and ignoring Zone Alarm?

Can I check what is being uploaded on my PC, is there some utility that can check for change in filesize...

and is there a way to figure out the mysterious new IP from the router

I hope this PC will still be running when I wake up in the morning

--- morning here, everything still on and this slow upload continues...

did I mention that I have all windows updates available.

Last edited by druga runda; 11-19-03 at 03:23 AM.
druga runda is offline   Reply With Quote
Old 11-20-03, 01:40 PM   #3
Ancient
Occasional User
 
Ancient's Avatar
 
Join Date: Nov 2003
Location: Too far from the beach
Posts: 619
Default

I had this same problem with mysterious packets that suddenly began being shuffled across my network. I found out that it was a Windows service causing the problem.

Go to the XP machine and disable the SSDP Discovery service. If your problem is the same as mine was, that'll fix it.
Ancient is offline   Reply With Quote
Old 11-20-03, 03:05 PM   #4
druga runda
Zeus Gromovnik
 
druga runda's Avatar
 
Join Date: Jul 2002
Location: Gerbilizator
Posts: 374
Default

Thanks, I'll check it out

btw, did you find out what that service does? why and what was it uploading?
druga runda is offline   Reply With Quote
Old 11-20-03, 05:40 PM   #5
Ancient
Occasional User
 
Ancient's Avatar
 
Join Date: Nov 2003
Location: Too far from the beach
Posts: 619
Default

Quote:
Originally posted by druga runda
Thanks, I'll check it out

btw, did you find out what that service does? why and what was it uploading?
It's not really uploading anything. It seems to be a kind of application server for uPnP and uPnP is dependant on it so once you shut off SSDP, uPnP is disabled too. A lot of routers are uPnP enabled now - some LinkSys, D-Link, and Microsoft are - and it's kind of a handshake protocol that helps in automated recognition and configuration of the routers. Sometimes it goes crazy though and keeps handshaking continuously. I did a reinstall of my system recently (it was time after 1-1/2 years and two motherboard/CPU swaps). SSDP/uPnP is enabled now and the problem hasn't returned, so I'm not sure what caused it to go insane in the first place.
Ancient is offline   Reply With Quote
Old 12-01-03, 07:31 AM   #6
DaveW
Its me! Hurray!
 
DaveW's Avatar
 
Join Date: Jul 2002
Location: Brit in USA
Posts: 1,203
Default

P2P apps like eDonkey can cause this kind of activity. After you close the software you will still get other PCs attempting to connect for a couple of days because those other clients cache your IP for a while. This threw me off once because I could see my cable modem going crazy, even though nothing was running. Your firewall log should tell you what port the traffic is going to.
__________________

Core2 Q9400 @ 3.0, eVGA GTX 260, 4G DDR 800, Vista64
DaveW is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:23 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.