computer doing unknown downloads between 6-7am

Discussion in 'Backup and Security' started by boze_man, Oct 5, 2010.

  1. hey all

    anyway to find out what program is downloading data between 6-7am? somthing is downloading roughly a gig...we removed skype a while ago which was doing something similar but even larger amounts...

    this is the wife/kiddos laptop...i run all the freeware weekly to try to keep clean...adaware, spybot, malaware, microsoft security essentials etc etc

    i gonna check the task manager to see what running but any other shortcuts or ideas?

    i keep forgetting to check laptop at 6-7am doh...

    help appreciated
    thanks
    bill
     
  2. Fishaman

    Fishaman

  3. If you do some monitoring while the download is happening, you should be able to know the image name.

    e.g. Run Task Manager, trigger "Resource Monitor" (In Win7, not sure if it is the same in earlier Windows versions). Use the "Disk" tab. It should show all image names that have disk I/O activities at the time. e.g. Then you can google the image name and understand what software it is.

    [​IMG]
     
  4. Eight

    Eight

    prio is free, install it and you can see what internet addresses you are connected to. You can google them to find out more about them...
     
  5. Check your scheduled tasks.
     
  6. get a good packet sniffer (whatever that is)
     
  7. thanks all for some ideas...gonna try them now that i swapped them to a diff laptop
     
  8. tlow

    tlow

    Hey,

    A couple things...first are you sure something is being downloaded or is a process just running or both?

    I would disconnect yourself from the internet or wifi or hardwire or whatever during the times which you think it is downloading and then take a look at your system processes that Boli mentioned earlier to see if anything is running. If something is running, you likely have a virus or trojan or something of the sort.

    If not, someone may be using your computer to send information or whatever...as others have mentioned, try a packet sniffer such as wireshark but unless you know what you are looking at it may not help.

    A little computer geeky is Snort, there are rules based in the program to help identify suspicious traffic.

    http://www.snort.org/news/2010/09/29/new-set-up-guide---snort-2-8-6-1-for-windows-7/
    http://en.wikipedia.org/wiki/Snort_(software)

    You can also download Nmap, which is a port scanning tool to see if your firewall is weak and/or someone is finding something open on your computer. google "what is my ip address" and then type that into Target area and hit scan. Some ports may be open, just google them to see if they are used for everyday use such as http which is port 80. If you have a bunch of ports open, you may want to look into a better firewall.

    http://nmap.org/download.html

    Alternatively, you can use Shields up which will also scan your computer for open ports, however, you must be directly connected to the internet...meaning not running through a router. In a perfect world, all your ports will come up as "stealth" meaning no one knows they even exist on the internet.

    www.grc.com/x/ne.dll?bh0bkyd2

    Hope that helps. Good luck. In any case, I would back everything up on that computer that you deem important to an external hard drive or something. If your computer is infected it may be best just to wipe the OS and start over.
     
  9. 377OHMS

    377OHMS

    During the downloading I would just pull up a DOS window and use:

    netstat -r -n

    You'll be able to see the IP and do a whois.