«

On 8 Sep 2003 21:52:42 -0700, (wave) wrote:

>Hi All,
>whenever I boot my NT, I got some kind of contact, would anyone
>help me out? or give me a pointer, it will be appreciated.
>
>>netstat -a,
> TCP nt1:1043 80.67.68.39:80 TIME_WAIT
> TCP nt1:1044 80.67.68.39:80 TIME_WAIT
>
>the foreign IP, changes sometime they are different.
>I can't find any virus on this NT.
>Thanks.
>WV

Most likely either spyware or an auto-update service. The IP traces to
Akamai Technologies, a major hosting and data warehousing service.
They are like a third-party hosting provider for many companies. They
may carry anti-virus updates or ads. That probably explains why the IP
changes. I can't say who. Use TCPview from www.sysinternals.com to see
what process is using that.

Here's some standard advice:
1. Also, did you try running the "Big Three" -- Ad-Aware
(http://www.lavasoft.de), SpyBot (http://security.kolla.de), and
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
All are free, and both scan and innoculate your system from many kinds
of spyware, trojans, parasites, and other undesirable things. Download
them, run their update feature so you have the latest database files,
and run them. Odds are very strong you'll turn up some kind of malware
which may be responsible for some of that uplink bandwidth. Run these
periodically -- they are must-haves, like a good virus scanner.

2. If that doesn't solve the problem, try running HijackThis!
(http://tomcoyote.org/hjt) and post your findings here.

Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge