H
hairyharri
Since a few weeks my laptop is very slow with surfing (Internet
Explorer). I noticed high activity with my wireless interface and some
activity on the PnP Internet connection. I then checked the web and
found Ethereal Network protocol Analyzer, installed and ran it.
What I saw in the logfiles was constant activity appearing to originate
from the laptop, directed to the router (Sitecom WL-114) and back from
the router to the laptop. The portnumbers go up from about 1000 to
<unknown>. It just goes on and on. After 2 hours online the port
scanned is about 3900. It could be it has restarted from a certain
value but I haven't seen that.
I checked with Housecall from Trendmicro, Spybot S&D and AdAware with
recent libraries, nothing was found.
What could this be? A rootkit? How do I smoke it out? Anybody heard of
something like this?
When somebody knows how to read the capturefiles from Ethereal, please
let me know and I'll send it to you. I scanned for about 2 megs of
data.
Hope somebody can help.
Frank
Explorer). I noticed high activity with my wireless interface and some
activity on the PnP Internet connection. I then checked the web and
found Ethereal Network protocol Analyzer, installed and ran it.
What I saw in the logfiles was constant activity appearing to originate
from the laptop, directed to the router (Sitecom WL-114) and back from
the router to the laptop. The portnumbers go up from about 1000 to
<unknown>. It just goes on and on. After 2 hours online the port
scanned is about 3900. It could be it has restarted from a certain
value but I haven't seen that.
I checked with Housecall from Trendmicro, Spybot S&D and AdAware with
recent libraries, nothing was found.
What could this be? A rootkit? How do I smoke it out? Anybody heard of
something like this?
When somebody knows how to read the capturefiles from Ethereal, please
let me know and I'll send it to you. I scanned for about 2 megs of
data.
Hope somebody can help.
Frank
