Massive data upload when dialup adapter is running
After a few minutes without a browser running using DU Meter as a in/out monitor I'm getting a massive (for a analog connection) upload of unknown data to a unknown destination by a unknown process. I have: Done a virus scan (though not up to date definations) Used AdAware V6 and SpyBot V1.
After a few minutes without a browser running using DU Meter as a in/out monitor I'm getting a massive (for a analog connection) upload of unknown data to a unknown destination by a unknown process.
I have:
Done a virus scan (though not up to date definations)
Used AdAware V6 and SpyBot V1.2
Checked processes running
I am running 2k w/sp3 The laptop was upgraded with Idiot Exploiter 6 from M$'s site (this isn't my laptop BTW).
Before the dialer was starting byself, now it seems ok, but not sure yet.
The laptop freezes where only a reboot solves the condition (no browser running the last time).
The IE update was the last upgrade/change AFAIK.
It is almost as this machine was doing a DOS attack to another site by uploading massive amounts of data somewhere.
I have:
Done a virus scan (though not up to date definations)
Used AdAware V6 and SpyBot V1.2
Checked processes running
I am running 2k w/sp3 The laptop was upgraded with Idiot Exploiter 6 from M$'s site (this isn't my laptop BTW).
Before the dialer was starting byself, now it seems ok, but not sure yet.
The laptop freezes where only a reboot solves the condition (no browser running the last time).
The IE update was the last upgrade/change AFAIK.
It is almost as this machine was doing a DOS attack to another site by uploading massive amounts of data somewhere.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
All came up negitive.
Tried to install Zone Alarm, but I get a KMODE exception when I try to run iy. I guess there are problems with display drivers and this is a Laptop with no updated driver. I even turned the accerlation down all the way and I still get a BSOD.
Tried to install Zone Alarm, but I get a KMODE exception when I try to run iy. I guess there are problems with display drivers and this is a Laptop with no updated driver. I even turned the accerlation down all the way and I still get a BSOD.
There was a virus that did this same kind of thing called the Backdoor.NTHack virus. Norton's explains it here: http://www.symantec.com/avcenter/venc/data/backdoor.nthack.html
To make a short story long, it appears to be a worm;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.A
Problem is I can't install that M$ patch because the install I did is a slipstreamed SP3 burned CD and on top of that I also I do a 'LittleWhiteDog NTOSKRNL mod' using Resource Hacker to change that damn M$ splash screen.
I get a error when I try to install that patch stating I need something newer that SP2. I already have SP3 installed.
Not to stop there, since I didn't know what was doing this and thought it was the dialup adapter I connected the Laptop to my network so I could d/l a updated virus package from TrendMicro (which I did). After running the updated virus definitions that NACHI.A worm showed up.
I had my main box on also and that got affected also!
NACHI.A just did my machine.
I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.A
Problem is I can't install that M$ patch because the install I did is a slipstreamed SP3 burned CD and on top of that I also I do a 'LittleWhiteDog NTOSKRNL mod' using Resource Hacker to change that damn M$ splash screen.
I get a error when I try to install that patch stating I need something newer that SP2. I already have SP3 installed.
Not to stop there, since I didn't know what was doing this and thought it was the dialup adapter I connected the Laptop to my network so I could d/l a updated virus package from TrendMicro (which I did). After running the updated virus definitions that NACHI.A worm showed up.
I had my main box on also and that got affected also!
NACHI.A just did my machine.
I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.
Quote:
{snip}
I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.
Is there any P2P app installed on the machine or some extra .SCR files say from a news group ?!?
As for the Slipstream install CD, you can update it to SP4 the same way, just create a new Slipstreamed CD with SP4 instead then add the hack back afterwards unless of course the hack doesn't work with SP4
{snip}
I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.
Is there any P2P app installed on the machine or some extra .SCR files say from a news group ?!?
As for the Slipstream install CD, you can update it to SP4 the same way, just create a new Slipstreamed CD with SP4 instead then add the hack back afterwards unless of course the hack doesn't work with SP4
