1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Constant activity problem

Discussion in 'Virus & Other Malware Removal' started by omeganuepsilon, Jan 25, 2007.

Thread Status:
Not open for further replies.
  1. omeganuepsilon

    omeganuepsilon Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    1
    I almost posted this last night(well this morning, I'm a day sleeper):
    _______

    I've searched high and low here, google, and all sorts of other tech guides for 2 days, and still can't find what I'm looking for, or what i've found I tried and nothing worked.

    I got a virus/spyware a couple of days ago, it's my fault totally, and I knew the risks, but i've never had a problem this persistant before.

    I run XP and for tools, I use AVG free, Spybot S&D(not the resident shield, that's too much protection for someone who likes to....fiddle with things...)Lavasoft, and DoctorWeb*Cureit at certain times.

    No viruses found, or they were found and removed, repeated multiple scans untill everythign comes up clean, use a registry cleaner(easy cleaner, reg scrub-majorgeeks.com).

    Couldn't reach google. Deleted the 4 or 5 entries in my Host file in system32/drivers/etc folder.
    Can reach google now, as it was one of them.

    All seems to be runing fine now, but my network icon(lower left corner by clock) is showing constant internet activity(except for exactly just now, go figure).

    Used TCPview.exe to monitor what's going on, vast amounts of sites and IP's talking to my computer, and I mean VAST.

    Find a good thick copy of the host file(or hosts, whichever it is) and that doesn't seem to help, so I take about 1000 entries from TCP view and add them to host file.

    I'm still getting activity, but alot less varying websites are listed in tcpview.

    I update windows security problems(had a few), turn on firewall, still, activity.(turned off automatic updates cause I don't have the best DSL connection to let it run ffreely)

    So I decided to post here because I'm at my wits end, had to turn down security just to log into hotmail to validate account here.

    And well, as of right now, it's off, much to my dismay... Minutes ago it was constantly active all I've done is log into hotmail as listed above.

    I'm sorry if I crowd the forum, but I know if I just close this and don't post, it'll be there again when I get up in the morning(if it's not, well, I'll come back and let the thread know)

    A quick check of tcpview, and it looks mostly like task manager. It's so calm it's almost spooky.

    ___________
    And that's why I almost posted but didn't, it had stopped.
    But it's back again, many of the same or similar sites I saw before.
    *edit, I should mention i've been doing little to no browsing since coming here last night, one gaming forum site, guildwarsguru.com forums and hotmail.com is all.
    **Edit # 2, the name of my computer is Corrupt, eh, makes some thinks look worse than they are.
    Any help would be greatly appreciated, I'll post a snip of what I'm getting in tcpview below, anything quesiontable seems to be one version of svchost, or it will be similar to the first line.
    _____________________
    [System Process]:0 TCP corrupt:4858 mta-v10.mail.vip.mud.yahoo.com:smtp TIME_WAIT

    svchost.exe:3584 TCP corrupt:4258 spamkiller1.networld.com:smtp SYN_SENT
    svchost.exe:3584 TCP corrupt:4127 ironmx.mitene.ad.jp:smtp FIN_WAIT2
    svchost.exe:3584 TCP corrupt:4253 dsl093-203-236.ind1.dsl.speakeasy.net:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:3940 mx1.bmwdca.com:smtp CLOSING
    svchost.exe:3584 TCP corrupt:4294 64.12.137.168:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4305 dsl093-203-236.ind1.dsl.speakeasy.net:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4307 mta-v10.mail.vip.mud.yahoo.com:smtp FIN_WAIT1
    svchost.exe:3584 TCP corrupt:4316 earwig.opus1.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4318 mta-v11.mail.vip.re2.yahoo.com:smtp FIN_WAIT1
    svchost.exe:3584 TCP corrupt:4304 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4306 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4315 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4320 mta-v10.mail.vip.mud.yahoo.com:smtp SYN_SENT
    svchost.exe:3584 TCP corrupt:4321 mta-v11.mail.vip.re2.yahoo.com:smtp FIN_WAIT1
    svchost.exe:3584 TCP corrupt:4322 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4327 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4331 64.94.160.234:smtp FIN_WAIT1
    svchost.exe:3584 TCP corrupt:4328 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4330 earwig.opus1.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4335 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4336 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4332 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4334 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4339 mta-v10.mail.vip.mud.yahoo.com:smtp SYN_SENT
    svchost.exe:3584 TCP corrupt:4341 66.253.31.99:smtp SYN_SENT
    svchost.exe:3584 UDP Corrupt:4340 *:*
    svchost.exe:3584 TCP corrupt:4345 dsl001-144-196.phl1.dsl.speakeasy.net:smtp SYN_SENT
    svchost.exe:3584 TCP corrupt:4347 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4354 mta-v11.mail.vip.re2.yahoo.com:smtp SYN_SENT
    svchost.exe:3584 TCP corrupt:4349 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4350 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4351 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4352 mta-v10.mail.vip.mud.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4353 mta-v11.mail.vip.re2.yahoo.com:smtp ESTABLISHED
    svchost.exe:3584 TCP corrupt:4348 mta-v10.mail.vip.mud.yahoo.com:smtp CLOSING
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538402

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice