ggFTW

MMORPG Gamer Community


Go Back   ggFTW Forum > Off Topic > Computers & Technology > Technical Issues

Prius Online
Looking for a new MMO?

Try 

Prius Online

Rating:  

7.6

 
LinkBack Thread Tools Display Modes
06-13-2010   #1 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Exclamation [Urgent!] Abnormal Bandwidth use

As of late I'm noticing a very strong spike in upload and download speeds.

Something as simple as loading a webpage will increase download speed to 800kbps, but load just as slow if not slower than 11kbps as it used to be before.
Upload also spikes to 40, instead of 1.

The problem is very serious when running a download, or P2P software.
Upload will skyrocket to 313 (over my isp limit) and will hang/crash my network, making disconnections and causing firefox to fail responding when loading a new page.

Even when nothing is running it varies from 0~61kbps on upload which is unacceptable, when nothing should be going on.

This is a very serious problem.

I've tried a few scans, but I notice nothing abnormal.
I leave it to the HJT Pros to figure it out

Spoiler!
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
Get rid of this ad by registering for our community.
06-13-2010   #2 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,549
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Check these files
C:\Windows\winkeylogon.exe
C:\Users\Light\AppData\Local\Apps\F.lux\flux.exe


Send it to
VirusTotal - Free Online Virus and Malware Scan
Jotti's malware scan

And have to fix this entry in your hjt
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

There's other entries about "missing file", but for safety reason, leave it first.

And where's your antivirus? I don't see any entry of it.

Simpler way to clean it
- Get Malwarebytes
- Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com
- Install, update and scan.

A guide and tutorial on using ComboFix
- Run, follow instructions, restart if needed.


Also, close down Vuze if you're not using it.


At least get an antivirus as well.
http://www.avast.com/index

Last edited by Miyuki; 06-13-2010 at 06:05 AM.
 
06-13-2010   #3 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

flux is a software for tinting the monitor red when the sun sets (you showed me)
winkeylogin is required for my file security software so it detects the proper sequence of keys to start up.

Removed the BHO file.

Malwarebytes came up clean.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-13-2010   #4 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

Putting more research into my network connectivity, I find that two addresses constantly running on software, most notably on firefox.

6d.2d.84ae.static.theplanet
www.007guard.com

The second one is in the host file

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com

whatever that means.
--

I'm using this to track what's going on



but it's kind of pointless, since the address using the most data is the address of the site I'm browsing.

Still, having 372KB/s Up and 3.4MB/s Down sends me a really big red flag, since I am now starting to bypass my ISP plan..

But that makes me wonder if the ISP broke a switch and the limits just lifted? Because I notice anything and everything which uses the network spikes the down/up and interestingly loads up around the same speed as before.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-13-2010   #5 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

do a Start -> Run -> cmd -> netsh winsock reset

Start -> Enter "adapter" and select view network connections
Right click your network Interface -> Properties
What's in the whole list of "This connection uses the following items:"

Start -> Enter "Resource Monitor"
Check if there's any weird software in the network activity
Try recreating the problem while monitoring the Network activity speed (you can use TCP Connections as well, just add columns)

EDIT: Look like i was late >.<
Are you using wireless and happened to switch on afterburner or some speed burst settings?
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist

Last edited by kag; 06-13-2010 at 07:47 AM.
 
06-13-2010   #6 (permalink)
ggFTW Stalker
SilentSaber's Avatar
 
Join Date: Oct 2008
Location: 自分の幻想
Posts: 1,425
iTrader: (0)
SilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura about
Class: MME
Level: -2147483647
Guild: YetAnotherUC
Default

It might be on your ISP side. They could have their network equipment set to allow you to burst to a higher speed. Maybe try with another computer if you can?

And depending on the router you have, a patch fix would be to setup firewall rules to stop connections to those particular places. Though as suspicious as those look, they still shouldn't be able to bypass a bandwidth cap set on a distribution switch.
__________________
Human history is the story of complaisance. While disaster is fresh in our memory, we take precautions. But as the memory of disaster recedes, we start to take risks.

Last edited by SilentSaber; 06-13-2010 at 09:04 AM.
 
06-13-2010   #7 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

Quote:
Originally Posted by kag
Are you using wireless and happened to switch on afterburner or some speed burst settings?
Wired Connection

Quote:
Originally Posted by SilentSaber
It might be on your ISP side. They could have their network equipment set to allow you to burst to a higher speed. Maybe try with another computer if you can?

And depending on the router you have, a patch fix would be to setup firewall rules to stop connections to those particular places. Though as suspicious as those look, they still shouldn't be able to bypass a bandwidth cap set on a distribution switch.
Even though the readings are off the charts, it still seems to act like before.

If the ISP truly did smack the switch, I should be torrenting at insane speeds.
There shouldn't be any reason why the system says Vuze is using 404kb/s, when the software itself claims to be using only 40kb/s.

So I'm now doubting the computer readings are accurate anymore.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-13-2010   #8 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

Try switching off your monitoring softwares or any software firewall if you have.
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
06-13-2010   #9 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

Quote:
Originally Posted by kag
Try switching off your monitoring softwares or any software firewall if you have.
The monitoring softwares are the OS, and no software firewall is active.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-14-2010   #10 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

rainmeter?
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
06-14-2010   #11 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

Quote:
Originally Posted by kag
rainmeter?
whether on or off, that doesn't change the readings coming from the system.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-14-2010   #12 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,549
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Get wireshark, set to your ethernet card, and start it.
Wireshark Download
 
06-14-2010   #13 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

What exactly am I looking for with this?
The details of each packet make little sense to me unless it's English.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-14-2010   #14 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,549
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

It should list something like this, for example.

Code:
Application          Port            HostIP          Destination IP            Packet
Use that to trace which application actually transmitting data, and locate it. Also, why don't you enable at least Windows Firewall?
 
06-14-2010   #15 (permalink)
Forum Operations Manager
Mischief!
Special
Light's Avatar
Games
Guild Wars 2LuniaConquer OnlineElsword
Awards Admin AwardMoM AwardPervert Award
 
Join Date: Jan 2008
Location: CanadaLand
Posts: 6,362
Blog Entries: 4
iTrader: (0)
Light is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervertLight is the ultimate pervert
IGN: Light, Yucie
Class: Kanna
Level: 208
Default

Windows firewall is active, but that's about it.
I'm not seeing the information as you do.

Packet # | Time Sent/Received | Source | Destination | Protocol | Info

and the info contains ports, and other information I don't fully understand.
__________________

+Rep if I help you. | Guides: Lunia's Client Editing Guide / How to ggFTW!
 
06-14-2010   #16 (permalink)
ggFTW Stalker
SilentSaber's Avatar
 
Join Date: Oct 2008
Location: 自分の幻想
Posts: 1,425
iTrader: (0)
SilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura about
Class: MME
Level: -2147483647
Guild: YetAnotherUC
Default

Quote:
Originally Posted by Light
Wired Connection


Even though the readings are off the charts, it still seems to act like before.

If the ISP truly did smack the switch, I should be torrenting at insane speeds.
There shouldn't be any reason why the system says Vuze is using 404kb/s, when the software itself claims to be using only 40kb/s.

So I'm now doubting the computer readings are accurate anymore.
At least with some of the cisco equipment, caps can be set to burst higher if bandwidth was available (So you may occasionally get miraculously fast speeds if there is spare bandwidth available). The caps, depending on the setup, can really just be a soft cap to knock the tops off huge bandwidth users (e.g. torrents).

Wireshark may be a little harder to use for this scenario. As far as I know, it can't track individual processes, so you'll need to look up the connections each process created and create filters for them to look at what they're doing, for whatever good that does. So if you want to continue, you'd want to set your capture interface to your wired network card.
And for the filter, you'd want to have something like
Code:
ip.dest==[suspicious stuff you saw] && ... && ip.src==[suspicious stuff you saw] && ...  (Repeating for each ip destination/source you want to look at.)
(You probably need to convert the domain names to IPs using something like nslookup [suspicious stuff you saw] in command prompt.)
So if I want to look at traffic to and from ggftw (174.132.45.109) and ijji.com (206.82.212.79), I'd set a filter of:
Code:
ip.dest==174.132.45.109 && ip.dest==206.82.212.79 && ip.src==174.132.45.109 && ip.src==206.82.212.79
Click on each packet to see what's inside. If the packet is encrypted, you'll just see a bunch of random stuff. If it's not, you may see actual information, and from that, you might be able to reach a conclusion about whether or not it's a problem or not, I guess..

Windows firewall doesn't actually do much against malware, but I suppose it helps to have it on.

Quote:
Packet # | Time Sent/Received | Source | Destination | Protocol | Info
Just for fun, here's a quick description of each heading.
Packet #:
The packet position in the sequence of captured packets. So 1 is the first, 2 is second, 53 is fifty third.

Time Sent/Received:
Just as it says

Source:
Where the packet originated from. If it came from you and you're using a router, it should be something starting with "192.168."

Destination:
Where the packet is going. It will give you the IP or physical (MAC) address of the destination, depending on what type of traffic it is. If it is going to 255.255.255.255, it is broadcast traffic, and will be read by all devices on your network (Typically used to map MAC addresses to IP addresses, or vice versa).

Protocol:
This is the protocol the packet is sent with. So posting a forum message here would generate a bit of TCP (Handles data transport), HTTP (Data to and from here), and DNS (So your computer can find where ggftw is) traffic.

Info:
Brief summary of what the packet is. Just poke around on google or post here to find out what a particular packet might be doing.

Port:
It's the port on your computer that the packet is heading out from or coming in to. HTTP traffic from you to the server would be bound for port 80. From the server to you would come from 80.

Here's a list of ports and potential things that may use them. http://www.iana.org/assignments/port-numbers
__________________
Human history is the story of complaisance. While disaster is fresh in our memory, we take precautions. But as the memory of disaster recedes, we start to take risks.

Last edited by SilentSaber; 06-14-2010 at 03:39 PM.
 
06-14-2010   #17 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

Start -> Run -> cmd
netstat -a -b -v > C:\output.txt

copy and paste the things in C:\output.txt (Note that this doesn't show the bw usage)
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
06-15-2010   #18 (permalink)
ggFTW Stalker
SilentSaber's Avatar
 
Join Date: Oct 2008
Location: 自分の幻想
Posts: 1,425
iTrader: (0)
SilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura aboutSilentSaber has a spectacular aura about
Class: MME
Level: -2147483647
Guild: YetAnotherUC
Default

Try to see if you still get that (active connections while doing nothing) if you start the computer with diagnostic startup. That'd get rid of a lot of the clutter of information you might have right now. (msconfig: diagnostic startup)

And if you have active connections even while doing nothing in diagnostic startup, just use the program you had before to isolate the problem and see what you want to do from there.
__________________
Human history is the story of complaisance. While disaster is fresh in our memory, we take precautions. But as the memory of disaster recedes, we start to take risks.
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Roblox
Need a new browser game?

Try 

Roblox

Rating:  

4.0
Hide this banner by registering for our community.