cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Heavy Usage whilst idling

fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Heavy Usage whilst idling

‎27-04-2011 12:01 AM

My problem is that since yesterday, my computer is downloading and uploading whilst I am on a single page, say “view my Usage”. Today I left my laptop on my ‘Usage’ page, and when I returned a few hours later my usage had jumped by 200MB, and indeed the light in the router was flashing, yet if I come out of internet explorer, it stops.
I do not have wireless on, I have run a full virus scan, checked that nothing else was running, checked that there was not any MS download, and finally rang PN support, but they say they could not help either.
Please, has anybody any ideas for what is causing  all these phantom activity.
Message 1 of 13
(10,304 Views)
0 Thanks
12 REPLIES 12
JamesM
Grafter
Posts: 1,103
Registered: ‎24-06-2009

Re: Heavy Usage whilst idling

‎27-04-2011 12:51 AM

Smiley
Message 2 of 13
(862 Views)
0 Thanks
fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Re: Heavy Usage whilst idling

‎27-04-2011 3:01 PM

I am aware of the delay, but I think that it must be a virus because I see 4/5 tcp connections to IE that cannot be mine.
I have done a full scan with AVG but it has not found anything. I think that whatever it is, is my IE because the phantom connection happen only when I am on line using IE.
I would be grateful for any advice, as it is eating up my allowance rapidly, as well as slowing me down.
Message 3 of 13
(862 Views)
0 Thanks
jojopillo
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 9,786
Registered: ‎16-06-2010

Re: Heavy Usage whilst idling

‎27-04-2011 3:14 PM

Hi fxbronte,
It could be a number of things, tool bars, plug-ins. What page where you on at the time? Have you got updates to warn you before downloading as there's a lot they could be using if you haven't.
Jojo Smiley
Message 4 of 13
(862 Views)
0 Thanks
WWWombat
Grafter
Posts: 1,412
Thanks: 4
Registered: ‎29-01-2009

Re: Heavy Usage whilst idling

‎27-04-2011 3:27 PM

Is there a windows/office update going on in the background, that only starts up when IE starts? Or perhaps the virus checker is downloading new data.
There is a tool called Wireshark, whose job is to capture all the network packets sent in & out of your machine, and to help you analyse where they are coming from/going to, and what they are for. Plusnet recommend using this tool when analysing slow performance caused by traffic management. The tool can be equally used to see what rogue connections are being made, and where the data is coming from or going to. You may need something of a techie head on to use it though...
If IE continues to get in the way, an alternative solution might be just to stop using it, and install something like Firefox or Google Chrome instead.
Plusnet Customer
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Message 5 of 13
(862 Views)
0 Thanks
fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Re: Heavy Usage whilst idling

‎27-04-2011 3:30 PM

It happens with any page, for example 'view my usage'. If I try to kill them with TCPview they disappear and a new/same set connects
The only additional toolbar I habe is Google
Message 6 of 13
(862 Views)
0 Thanks
bengolia
Grafter
Posts: 63
Registered: ‎08-04-2011

Re: Heavy Usage whilst idling

‎27-04-2011 3:37 PM

did you try a scan running in safe mode? often new gen viruses/worms come with a rootkit so it won't be detected by an AV (it takes about 10 minutes to compile a virus undetected by the most recently updated AV) nor you will see the process running
also keep en eye in case it's windows update downloading packages
Message 7 of 13
(862 Views)
0 Thanks
fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Re: Heavy Usage whilst idling

‎27-04-2011 4:05 PM

WWWOBAT
Thank you. I run wireshark, but as you said it is understanding what it means, one entry eg
Time                            Source                  Destination                                      Info
0.076888             209.85.147.103       192.168.x.x TCP        https > pdap-np [ACK] Seq=1 Ack=1648 Win=65535 Len=0.
where 192.168.x.x I think it is me

But in any case knowing where is going or coming is secondary, the root of the problem is what is initiating these connections?.
Message 8 of 13
(862 Views)
0 Thanks
Gus
Aspiring Pro
Posts: 3,236
Thanks: 26
Fixes: 3
Registered: ‎31-07-2007

Re: Heavy Usage whilst idling

‎27-04-2011 4:27 PM

209.85.147.103 = google after a quick Google, have you got that nasty google addon?
edit: meh missed the reply with the google addon reply, would suggest you kill it
FTTP 500 regrade from Tues 28th November
Message 9 of 13
(862 Views)
0 Thanks
fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Re: Heavy Usage whilst idling

‎27-04-2011 4:36 PM

Gus
As far as Iknow I only have Gmail, and IGoogle that I have had for years. Where are the add ons? How do I remove them?. Thanks
Message 10 of 13
(862 Views)
0 Thanks
Gus
Aspiring Pro
Posts: 3,236
Thanks: 26
Fixes: 3
Registered: ‎31-07-2007

Re: Heavy Usage whilst idling

‎27-04-2011 4:44 PM

In IE via Tools/Manage add ons
FTTP 500 regrade from Tues 28th November
Message 11 of 13
(862 Views)
0 Thanks
fxbronte
Grafter
Posts: 97
Thanks: 3
Registered: ‎09-06-2007

Re: Heavy Usage whilst idling

‎27-04-2011 4:56 PM

Gus
Thank you, I think that you indicated where the problem was.
For some reason (I have not done it) my Google toolbar privacy settings had been changed to send information to google, and the additional setting of “send usage statistics to Google” to  ticked. As soon as removed the said settings the additional connections have disappear. Thank you again.
Message 12 of 13
(862 Views)
0 Thanks
WWWombat
Grafter
Posts: 1,412
Thanks: 4
Registered: ‎29-01-2009

Re: Heavy Usage whilst idling

‎27-04-2011 5:07 PM

Quote from: fxbronte
WWWOBAT
Thank you. I run wireshark, but as you said it is understanding what it means, one entry eg
Time                            Source                   Destination                                      Info
0.076888             209.85.147.103       192.168.x.x TCP        https > pdap-np [ACK] Seq=1 Ack=1648 Win=65535 Len=0.
where 192.168.x.x I think it is me

But in any case knowing where is going or coming is secondary, the root of the problem is what is initiating these connections?.

Yup - 192.168.x.x addresses are inside your LAN, so is likely to be yourself. In this case, the other address is important.
The trick is, once you know the IP Address, finding out who owns or uses the machine behind it. Gus used "Google" with the address, which worked well (take a look at http://www.ip-adress.com/ip_tracer/209.85.147.103).
Other ways to help identify the owner can be command-line tools like "nslookup" or "tracert", both of which can help find domain names for those addresses.
Once you know who you are connecting to, you can probably guess what the application is that is doing it. And I see you've worked that out now... 200MB is a bit cheeky for a toolbar, isn't it?
Plusnet Customer
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Message 13 of 13
(862 Views)
0 Thanks