Unusual traffic from your computer network

[Networx]

http://support.google.com/websearch/bin/answer.py?hl=en&answer=86640





Unusual traffic.jpg

Malwarebytes Pro, Avast Free, Online Armor Premium Firewall, Comodo Firewall, all say clean.

CA Yahoo Antispy says MFplay.dll is a home page hijacker. Unlocker is not working, Windows 7 64 bit Ultimate. All these starts very recently.

Mobile broadband option get automatically disabled in Ubuntu (can't enable from Network settings). Please help.

[Ceyfer √]

Malwarebytes Pro, Avast Free, Online Armor Premium Firewall, Comodo Firewall, all say clean.

This set-up is overkill, if you ask me.

Follow what Google had asked you to do. You have 3 options there. In some instances, it has something do with a sluggish/faulty internet connection and the worse is your system is leaking outside due to a malware infestation ( zombie infested pc ). You have to confirm first if your Pc is clean and so follow the next step...

[Networx]

I had Avast Free + OA Premium

-- > Changed to comodo

--> Installed Malwarebytes

CA Yahoo anitspy does not have real time protection. It runs as and when we do it.

Hijack this is not saving a log and when I click analyze, it simple shows a page saying analyzing, but nothing happens.

---------- Post added at 02:07 PM ---------- Previous post was at 02:05 PM ----------

And my bandwidth meter shows much higher usage than normal even after setting it to monitor only my USB based CDMA modem.

[Raymond]

I would suggest you to install NetLimiter and check what process is using the traffic.

[Networx]

Thanks Ray. Installing Netlimiter. Attaching the Hijack This pro log got through Anvir.

hijack this to do.txt

[Networx]

Netstat log

http://www.mediafire.com/?orh6k3qd28188x1

[Networx]

Traffic details 2.jpg

Traffic details.jpg

Traffic stats.jpg

My traffic details. More or less similar tool as Netlimiter.

[leofelix]

Clean your browser cache.
Then click Start>run type "cmd" (without brackets), then type "ipconfig -flushdns" (without brackets), hit Enter.
Disconnect your router/modem for about 10 minutes.
Reboot Windows.
Get connected again.
Your ISP should give you a new IP address.

Google won't display that message again.

On a side note: I would unistall immediately "CA Yahoo Antispy " toolbar

[Networx]

Thanks leo. I formatted C drive and reinstall Windows 7. But funny things are happening, page loading is terrible and at times does not load with connection. Now using hotspot shield and the difference is amazing. Even the download speed is kind of 5 to 10 times otherwise.

Also mobile broadband gets disabled by itself in Ubuntu. I take network settings and try to enable by moving the button, but it simply stays disabled. Could there be a cross platform malware. Now no Ubuntu (I mean yet to enabled GRUB2), left avast as avastsvc.exe was behaving strangely, downloading even when updates are turned off.

[Raymond]

Sorry for not responding because I had very limited internet connection in my hometown for chinese new year.
Hijackthis log is incomplete.
Netstat log is pretty useless since rootkits can bypass that.
Never tried Kingsoft PC Doctor so don't know how accurate is the traffic monitoring feature.

Should have given Netlimiter a try since it uses a low level driver and is able to monitor any hidden traffic including rootkits.