Hello and sorry if i am not posting this in the right forum.

Ever since i installed a bunch of windows updates, (not service pack 2 yet) i been having constant internet activity, i am currently using dial up and being receiving more than 3k bytes a second for no aparent reason. i ran spyware doctor and removed all of it, but it didnt help my problem.

I think the problem is related to windows update because i get the windows update icon on my tray, nevertheless it says downloading updates: 0% and never changes i cannot pause it or anything.

And removing the windows automatic updates on control panel will also remove the downloading icon, but it wont stop the constant activity and bytes receiving.

I am asking for help, i tried to restore my system but it wont let me. I am getting dsl next week and i would suck to have the same problem.

Thanks in advance,

Israel.

Try this from a DOS Window:

netstat -ano

or

netstat -an

(They can show you just what ports are connecting on your system locally & also to what remote ports on remote systems from what IP addressed systems that are hitting you & you they! )

Once you get the IP addresses of them? You can either:

1.) PING them, ping.exe is another DOS character-mode Unix port to Windows systems, but in console app dos window form

example-> ping 66.57.22.10

(This will yield 'reverse DNS' gain you that remote systems URL names (www.sitename.com) for you if you need it... helps you recognize where connections are coming from better than just IP addresses do!)

or

2.) TraceRoute them, tracert.exe, ""

e.g.-> tracert.exe 66.55.44.22

(Will do pretty much same as ping, & actually USES pinging iirc, but will trace every step along the way to the path over the internet as to systems you pass thru to get to those IP addresses on remote machines connecting to you too! It also will perform IP to URL resolutions as well!)

Sometimes though? Some websites & servers WON'T report back their URL or domain name... this is a defensive mechanism, & intended... all you will see in PINGS or TRACEROUTES is asterisks "*" instead of URL resolutions from the IP addresses.

That's when a site like "Arin WHOIS" can help you find out who they are, or a WHOIS program (another UNIX port to Win32 Os in charactermode/console terminal DOS type windowed mode).

Microsoft also puts out something called "portreporter" you may wish to look @ from their website. It runs as a service & can help you diagnose this as well!

Additionally/lastly - Whatever firewall software you use/run over there? Most likely, can maintain a recorded running log... even Windows XP/2003's native firewall software can do this & help you diagnose your connections etc. as well!



* That ALL should help some, if not totally here imo!

APK

P.S.=> If that doesn't cut it? There are programs like TcpView.exe that does pretty much what that netstat -an/-ano commandline I gave you above for DOS console terminal window character mode sessions, but it is in Graphical Win32 program format... if you like or need GUI for this, it can do the job as well! apk

Thanks for the quick response and all the help,

Well yeah i did what you told me to. Closed all programs and ran netstat -ano, resulted in only one established connection to: 64.4.20.93.

Arin WHOIS has this IP registered as Hotmail. I dont know what am i receiving from them, but in an hour and a half connected i have already received 30 megabytes (just browsing a few sites)which looks pretty wierd and never happened before.

Israel

Sorry for lag in reply, but I was downloading DOOM I & II custom game maps, takes awhile, fairly big... & checking out CNN here on WinTV32 USB by Hauppauge!

ANYHOW!

Do you use Outlook Express, or FULL Outlook 2000/XP/2003? If so, do you run them resident (up & running) ALL the time or minimized in your tooltray (Outlook 2003 can do this)...

Other than that? The ONLY thing I can think of is the MSN Toolbar, it runs a background resident program iirc, called "msnappau.exe" that MIGHT be doing this & updating its configuration & such (this I know updates itself to an .XML periodically)!

APK

None of the above

Checked for viruses and found none either. I think i'll just wait and see if whatever its downloading is done when i wake up tomorrow.

Doesn not seem to be any reasons for this. Thanks a lot for your help, and have fun on doom

One last one:

Are you using & running resident in the tooltray the newly acquired Microsoft (GIANT) AntiSpyware program?

?

* It also performs "live updates" afaik via the web... but, I am not sure if it uses a HOTMAIL server as Arin WHOIS resolved that IP you saw there out to...

APK

P.S.=> Thanks on the DOOM stuff, I like old Doom I & II in OpenGL/DirectX gaming it in newer display modern methods for games via JDoom (kickstart.exe launched type), it IS AWESOME DirectX or OpenGL either way! Since I haven't played it in ages, I don't have every level & monster placement memorized anymore & it is like getting a NEW GAME for free... can't beat that! apk

No i am using spyware doctor for antispyware.

so far i've received 60 megabytes. this is nuts!

Israel.

Originally posted by ibarba:

"No i am using spyware doctor for antispyware.

so far i've received 60 megabytes. this is nuts!

Israel."

Well, it could be you are getting attacked by pings, DOS, or DDOS attacks & such, but... from a hotmail URL resolution IP based server? Doubt it... & THAT MUCH (60mb worth already)??

You are showing as free of spyware after you scanned yourself with the program you mention, so you're not acting as a mass mail bomber conduit of somekind it would seem...

Man, I dunno!

Perhaps others might, but me? I dunno @ this point!

(Not without seeing logs from your rig from things like portreporter.exe from Microsoft, freebie download mind you, OR your internet firewall programs logs, or even (if yours does it) your modem log... many modems in their configs can do this too! NIC's maybe, not sure, but modems I know can, because mine does!)

APK

P.S.=> Others might suggest ideas, one being try a couple diff. antispyware products (I like AdAware & Spybot myself, along w/ Microsoft's NEW one & I use ALL 3 here) & a good antivirus program (Free ones I like AntiVir, & commercial ones I like Norton stuff)... apk

"Best" way to disable Windows automatic updates is goto services.msc and disable the "Automatic updates" service.
Also disable the "BITS" (Background Intelligent Transfer Service) service.
(If you ever need to do update, enable those again.
The "Automatic Updates" must be set to Automatic to windows update to work.)

And for your security, disable "remote registry" service and the infamous "messenger" service (or what ever it is called in english XP.. i have finnish XP ), because some spammers/*****ers/hackers use it for spamming/*****ing/hacking.

Disable remote desktop.

Is the MSN/Windows Messenger running?

Do you have a firewall??
If you do not have, download one asap.
There are many good free firewalls, e.g. zonealarm, kerio.

---

"
Posted by Alec§taar
P.S.=> Thanks on the DOOM stuff, I like old Doom I & II in OpenGL/DirectX gaming it in newer display modern methods for games via JDoom (kickstart.exe launched type), it IS AWESOME DirectX or OpenGL either way! Since I haven't played it in ages, I don't have every level & monster placement memorized anymore & it is like getting a NEW GAME for free... can't beat that! apk

"

Have you ever tried the Doom Legacy? I liked it, played the Doom series (I-II) through with it. And, of course, played multiplayer with some of my friends.

Originally posted by Wilhelmus:

""Best" way to disable Windows automatic updates is goto services.msc and disable the "Automatic updates" service.Also disable the "BITS" (Background Intelligent Transfer Service) service.
(If you ever need to do update, enable those again.
The "Automatic Updates" must be set to Automatic to windows update to work.)"

You think it's that man? Do those come from a server that resolves out its IP to a HOTMAIL server as the thread starter noted once he was shown various ways to trace this above??

(Could be, you NEVER know! I never really looked at Automatic Updates, because I do it all manually. Don't trust remote stuff here, services or built-in FTP/HTTPGet "live update" stuff in programs or the OS either, period! I figured those came from MS download.microsoft.com servers, etc.)

Me = "Capt. Paranoia" & maybe, sometimes TOO much! Better safe than sorry if I can help it!

BUT, it does make alot of sense though Wil, I have to give you that!

Originally posted by Wilhelmus:

"And for your security, disable "remote registry" service and the infamous "messenger" service (or what ever it is called in english XP.. i have finnish XP ), because some spammers/*****ers/hackers use it for spamming/*****ing/hacking."

Great advice, I use it myself & its in an article in my signature (couple actually, one is Article #1 @ this site & iirc, it mentions it).

Originally posted by Wilhelmus:

"Disable remote desktop."

Again, 110% agreed!

Originally posted by Wilhelmus:

"Is the MSN/Windows Messenger running?"

GOOD POSSIBLE POINT - One I missed!

Originally posted by Wilhelmus:

"Have you ever tried the Doom Legacy? I liked it, played the Doom series (I-II) through with it. And, of course, played multiplayer with some of my friends. "

I downloaded it, but didn't try it man... not yet! Have been into ZDoomGL, JDoom (doomsday engine), & original GLDoom by Bruce Lewis... so, this one's a good one too, eh?



* Thanks for advice & feelings on it etc. if you have feedback in reply! I'm always on the lookout for good mod ports of older games to more modern gaming display paradigms like DirectX or OpenGL by ALL means & open to opinion/feedback by all means too!

APK

I just started having this problem. What was the outcome of the suggestions? Which one(s) worked?

I don't seem to be getting any files added to my drive. I keep
rechecking my C-drive properties and do not see any change to the
used space/free space stats while this activity is going on.

I am on a dial up. The ISP tech support says they never heard of this problem.

Rich