Hi, a friend of mine seems to be having trouble with his rogers@home connection. It seems that it is constatly recieving and sending data even when the computer is idle. He's not totally computer illiterate, so he's tried the most common things. Unplugging the modem, then plugging it back in after a few minutes, ipconfig /renew, shutting down apps like kazaa, I even gave him a firewall program. Yet it still seems to be sending/recieving data from an unknown source. He's called Rogers and they can see that his connection is going berserk, but cannot track where these packets are coming from. Any thoughts?

Get and run HijackThis (http://www.spywareinfo.com/~merijn/) and asve th log from it, and then go to the config button => misc tool => Startup list and run it, post both logs here. It sounds like maybe some sort of spyware/malware.

Since either can "piggyback" with "approved" software they could bypass some firewalls.

Another possibility is a misconfigured network setting. Try running netstat -an from the commandline/DOS prompt (or downloading one of the "frontends" for it), I use TCPView (http://www.sysinternals.com/ntw2k/source/tcpview.shtml) from Sysinternals. It will show the active connections.

Thanks guys but I just called him and he formatted his HD. It's not as bad as it sounds since he has tons of spare HD's so backing up data was fast and he has all the cd's for the needed software. He consulted another friend of mine and they came to the conclusion that it was because he installed a p2p program called edonkey (emule?) and apparently it turns your HD into a web harddrive(?). If you guys have heard of this, can you explain the concept to me since I've never heard of it before. Also, how can you completely wipe such a parasite from your system?

There's an interesting thread over at dslreoprts.com that may explain this.
http://www.dslreports.com/forum/remark,5864443~root=security,1~mode=flat


_____________________________________

Ron

Another discussion of Edonkey can be found atSpywareinfo (http://www.spywareinfo.com/yabbse/index.php?board=6;action=display;threadid=3434)

Nasty stuff!

David