Mystery downloads

  • Thread starter Thread starter KumbiaKid
  • Start date Start date
K

KumbiaKid

I use a wireless broadband connection to the internet with a 3GB monthly
limit (uploads + downloads). Yesterday my systems apparently downloaded 900+
MB and I have no idea what application or website did that to me. I'd be very
concerned about malware if this traffic were upload traffic, but since it's
download, I feel it's probably some poorly designed web site I was connected
to for a while -- is that a reasonable assumption?

In any case, I would really like to find a utility that would log, for each
IP address I connect to, the upload and download volumes. Can anyone point me
to a reliable program that will do that? I'm using WinXP Pro SP2 updated to
date. I have several PCs on a LAN connected to the net via a wireless modem
using Windows ICS.

Thanks,
KumbiaKid
 
this is probably a stupid response, however it wouldnt be sp3 or other such
os updates?
 
The only stupid questiion is the one not asked. No, it's not OS updates (I've
got the Windows update set on all the PCs to notify but don't auto download
or install). However, one suspect (the newest bit of software
installed/updated) is AVG Anti-virus V8. I got another couple of bursts of
unexplained downloads yesterday (one around 11 MB and one around 21 MB) so I
disconnected one computer (the one with the new AVG) from my LAN. I didn't
see any more bursts for several hours, so I turned off auto-update on the AVG
installation and re-booted that PC and reconnected it to the LAN. Still no
more bursts for a few hours, but I don't feel confident that anything has
been determined or fixed yet. I'm watching my usage meter very carefully but
until I find a way to actually log the traffic in some appropriate way, I can
only speculate as to the cause.

So, I'd still very much appreciate any info about how to log the internet
traffic and and summarize download and upload volume by IP address. I found a
reference to WireShark, but I don't really know if that's appropriate. Any
ideas?

Thanks again,
KumbiaKid
 
The only stupid questiion is the one not asked. No, it's not OS updates (I've
got the Windows update set on all the PCs to notify but don't auto download
or install). However, one suspect (the newest bit of software
installed/updated) is AVG Anti-virus V8. I got another couple of bursts of
unexplained downloads yesterday (one around 11 MB and one around 21 MB) soI
disconnected one computer (the one with the new AVG) from my LAN. I didn't
see any more bursts for several hours, so I turned off auto-update on the AVG
installation and re-booted that PC and reconnected it to the LAN. Still no
more bursts for a few hours, but I don't feel confident that anything has
been determined or fixed yet. I'm watching my usage meter very carefully but
until I find a way to actually log the traffic in some appropriate way, I can
only speculate as to the cause.

So, I'd still very much appreciate any info about how to log the internet
traffic and and summarize download and upload volume by IP address. I found a
reference to WireShark, but I don't really know if that's appropriate. Any
ideas?

Thanks again,
KumbiaKid






- Show quoted text -
Click to expand...

How is this Internet access coneection set up? Is this directly
connected to this PC or to a wireless router? If to a wireless
router, you need to check the router and see if anyone else is"piggy-
backing" onto your Internet access without you permission. Then,
check on how to set up WPA wireless security.
 
Thanks smlunatick,

My connection is via a 3G (Australia Telstra Next-G) wireless modem that is
connected directly via USB to the NCS host PC. Note that the wireless part of
this connection is from the modem to the Telstra 3G (Next-G) network -- not
from our PCs to the modem. It is not possible for anyone to piggy-back this
connection in any way. In fact, it is impossible for anyone else to log on to
our account because the logon is linked to the IMEI Number of the modem.

KumbiaKid
 
KumbiaKid said:
I use a wireless broadband connection to the internet with a 3GB monthly
limit (uploads + downloads). Yesterday my systems apparently downloaded 900+
MB and I have no idea what application or website did that to me. I'd be very
concerned about malware if this traffic were upload traffic, but since it's
download, I feel it's probably some poorly designed web site I was connected
to for a while -- is that a reasonable assumption?

In any case, I would really like to find a utility that would log, for each
IP address I connect to, the upload and download volumes. Can anyone point me
to a reliable program that will do that? I'm using WinXP Pro SP2 updated to
date. I have several PCs on a LAN connected to the net via a wireless modem
using Windows ICS.

Thanks,
KumbiaKid
Click to expand...

Have you tried doing a search for files by date modified?

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Hi Lem,

Thanks for the suggestion. Yes, I tried that yesterday -- I searched all of
the PCs on my LAN for any files over 10MB Modified on the day in question. I
also searched for files over 10MB accessed on the day in question just to be
sure.

KumbiaKid
 
I think I've solved my mystery. I recently upgraded AVG anti-virus from V7.x
to V8. The new version includes something called Linkscanner which examines
all links found by Google (and some other search engines) to see if they are
safe. I had Google set to display 100 hits per page, so AVG Linkscanner
downloaded 100 web pages every time I did a search or went to another page of
a search or went back a page. HUGE download penalty for this AVG "safety
feature"!
 
Back
Top