Mrs Beeble Brock wrote:
> Hi again guys, now that I have Net Meter running (thanks Chris) I can
> see internet traffic happening even when I have no browser open.
>
> Is it possible to see from my running processes whether I've got clever
> spyware that would be accounting for huge volumes of traffic?
>
> This is what I have - some means nothing to me and other names I can
> guess at but maybe something here will jump out at at one of you
> experts. Processes I know are legit are marked with a - in front. I have
> no idea what the others are. Obviously I had all applications closed
> when I did this capture.
>
> System Idle Process,0,99 , 1:30:29,16 K
> System,8,00 , 0:00:04,220 K
> smss.exe,144,00 , 0:00:00,376 K
> csrss.exe,172,00 , 0:00:04,"1,344 K"
> winlogon.exe,192,01 , 0:00:01,"1,400 K"
> services.exe,220,00 , 0:00:00,"6,296 K"
> lsass.exe,240,00 , 0:00:00,652 K
> - FileBX.exe,300,00 , 0:00:00,"5,560 K"
> - WFXCTL32.EXE,480,00 , 0:00:00,"14,404 K"
> svchost.exe,496,00 , 0:00:00,"4,072 K"
> spoolsv.exe,532,00 , 0:00:00,"5,184 K"
> ccEvtMgr.exe,560,00 , 0:00:00,"4,332 K"
> SAgent2.exe,652,00 , 0:00:00,"3,644 K"
> svchost.exe,664,00 , 0:00:00,"10,264 K"
> hidserv.exe,696,00 , 0:00:00,"1,620 K"
> - KodakCCS.exe,720,00 , 0:00:00,"2,852 K"
> - navapsvc.exe,752,00 , 0:00:01,"1,008 K"
> nvsvc32.exe,800,00 , 0:00:00,"2,348 K"
> ptssvc.exe,864,00 , 0:00:00,"3,044 K"
> regsvc.exe,888,00 , 0:00:00,976 K
> - MSTask.exe,924,00 , 0:00:00,"5,048 K"
> ScsiAccess.EXE,944,00 , 0:00:00,872 K
> orvwsrzd.exe,1024,00 , 0:00:00,"3,920 K"
> stisvc.exe,1068,00 , 0:00:00,"1,724 K"
> - Tablet.exe,1116,00 , 0:00:00,"2,464 K"
> - WFXMOD32.EXE,1132,00 , 0:00:00,"10,352 K"
> - WFXSVC.EXE,1148,00 , 0:00:00,"3,804 K"
> WinMgmt.exe,1168,00 , 0:00:02,"3,908 K"
> mspmspsv.exe,1188,00 , 0:00:00,"1,808 K"
> svchost.exe,1204,00 , 0:00:00,"6,916 K"
> point32.exe,1288,00 , 0:00:00,"4,712 K"
> - taskmgr.exe,1304,01 , 0:00:00,"3,496 K"
> - InCD.exe,1500,00 , 0:00:00,"5,608 K"
> - wfxsnt40.exe,1512,00 , 0:00:00,"1,452 K"
> - Explorer.EXE,1524,00 , 0:00:02,"2,864 K"
> - NetMeter.exe,1548,01 , 0:00:00,"4,612 K"
> - MSGTAG.exe,1552,00 , 0:00:00,"3,060 K"
> RunDll32.exe,1608,00 , 0:00:00,"2,252 K"
> - FreeWheel.exe,1656,00 , 0:00:00,"2,364 K"
> - FileEx.exe,1820,00 , 0:00:00,"2,656 K"
> ccApp.exe,1884,00 , 0:00:00,"10,628 K"
> - TextGrabber.exe,1908,00 , 0:00:00,"2,424 K"
You could try google, and work your way through the list. "csrss.exe",
for example, according to a google search, shows that it is part of
windows, as well as part of some spyware, key loggers, and worms - in
these cases they are using a file name the same as a "trusted" source
(windows) to lead people to believe that it's OK to leave it there. You
have to be able to figure out what it's actually doing.
Maybe you could look at your firewall log - look for programs that are
accessing the internet when you know your not using the internet. It
maybe an idea to close your email etc while not at the computer so as to
discount those programs when looking at the loggs.
With regard to Net Meter, the previous version of the program didn't
appear to be keeping proper totals, though the latest version appears to
have fixed this bug. It is still only beta software though.
--
Similar Threads
