My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?
Summary: A lot of network traffic can mean several things. It can mean that you're doing a lot on the internet or it could mean that some malware is.
My internet connection status shows millions of packets when I'm not doing anything; do I have a virus?
Maybe, maybe not.
Okay, that wasn't very helpful. But to be frank I can't give you a definite yes or no. But we can do a little investigation to determine if what you're seeing is expected or a sign of a real problem.
•
I'll start with the obvious: you are running anti-virus software, right? And you do have the latest and greatest virus signatures for it, right?
If the answer to either of those was "no", then get thee to an anti-virus tool immediately, get it up to date, and do that scan. 99% of the time a good anti-virus tool will answer your "do I have a virus" question properly.
If anti-virus tools say you're clean then we start investigating. First, understand what the numbers in your connection status mean. Have a look at mine (from Start-> Settings-> Network Connections-> Local Area Network):
You'll note that I have 2 million packets sent, and almost 4 million received. That's count of the number of packets since that connection was made. You can see that the connection has been connected for almost three days. So the longer you stay connected the larger those numbers will get.
What's more interesting is how quickly they're changing as you do nothing. Chances are they'll grow even if you're doing nothing simply because you may be running some internet aware software - say an instant messaging program, mail program, or something else. But if they seem to be growing quickly there's activity that might be worth investigating.
In a previous article, How can I tell what internet activity is happening on my machine? I discussed several tools and techniques to see what's transpiring over your internet connection. I'll jump right to the tool mentioned at the end of that article, Sysinternals' TDIMon. Run it, log the output to a file, and then after running it for a minute or so turn it off and view the file in notepad. You should see lots of internet activity. Much of it you'll recognize as your own or perhaps as discussed in that article, expected standard windows tools. But if there's a program there that you don't recognize that seems to be doing a lot then it's probably time to understand just what it is. For that I've outlined several techniques in What's This DLL? that will work with .EXE files as well. That research should help you determine if you have a problem or not.
Related:
Ask Leo! - How do I keep myself safe from viruses?
Ask Leo! - How can I tell what internet activity is happening on my machine?
Ask Leo! - What's this DLL (or EXE)?
Article C1901 - March 7, 2004
i have over 2,000 millions recevied i getting realy scared haha
Posted by: kizza at October 10, 2007 5:57 AMYou rock Leo! I've easily solved my slow internet virus problem with the super combo of TDImon & TCPView, weeding out what's causing the problem. The problem was in C: Windows\Prefetch, where the virus made tones of .pf or something like that files, which caused my laptop to become an email sending bot.
Thanks Leo!
Posted by: TK at November 7, 2007 1:32 PMwhere does the packets stored in our system
Posted by: aparna at November 29, 2007 1:23 AMHi Leo,
Posted by: Sharon at January 24, 2008 8:51 PMI have a problem with my Internet connection after accessing the Internet after about 1/2 hr or so. The Local Area Connection Status showed zero packets sent whenever I encounter this problem and I have to reboot my pc to get it started again. I've been trying to troubleshoot for a very long time and still can't find the root cause. I've changed my network card, rebooted my cable modem, etc and still encountered the same problem. Can I check if the problem is related to the motherboard or is it related to the network card driver? I had 2 network cards (1 DLink & 1 Linksys) and both gave me the same problem.. What else can I do to nail down the culprit? Thanks a lot, Leo..
I was sending "billions and billions" of packets until I updated the network card driver. Now the packets sent and received balance out nicely. In my case I went directly to the Intel website which had more recent drivers than the computer manufacturer. Of course first check for viruses, etc.
Posted by: JAG at August 12, 2008 8:21 PMI did the same, update my driver to the newest version available in the intel website. It works.
Posted by: Rafa at October 8, 2008 8:11 AMHi Leo,i have a lot of more sent packets than received (sent101.600) (received 50.276)...what to do?
Posted by: Mladja at March 22, 2009 5:35 AMHi when i stay on the internet i send and recieve loads of packets...please can you help on what to do?
Posted by: theo smith at March 27, 2009 2:54 PMHi, when I start my PC in Local Area Connection Status shows what I have 200000 send and 423000 received. Can u tell me what`s the problem? Couze I can`t play on-line games. They frozen all the time.But when I restart my PC LACS shows for example 400000 send and 200000 received and games works fine (but that happen not all the time) please HELP
Posted by: Rober696 at June 3, 2009 12:15 PMwhen i starts internet connection automatically received byte are increasing without opening any sites.even i stopped antivirus updating automatically.
Posted by: rajesh at October 27, 2009 6:24 PM