Helping people with computers... one answer at a time.
Most often, uninitiated connections to the internet are the result of your computer updating itself. Occasionally, it is malware and there is a good tool to help you sort it out.
I have a download meter installed on my Windows 7 system. It shows uploads and downloads. Sometimes, it shows data being uploaded or downloaded when I know nothing should be happening. Is there some way to find out what this data is and where it's coming from or going to? I thought it might be a virus of some sort, but according to my virus protection, the computer is clean.
In this excerpt from Answercast #43, I look at ways to capture and analyze which programs are connecting to the internet and what sites they are accessing.
One thing many people don't realize is that several applications on your computer may very well be doing uploads and downloads in the background that you're not aware of. For example, Windows itself.
When applications get updated (and when Windows gets updated), that's simply a download.
Microsoft Windows may very well be downloading the most recently released updates while your computer is apparently doing nothing else.
The same is true for other applications.
I know that Google and other different applications that I have installed on my machine will (when updates are available) automatically and transparently download those updates in the background.
That could easily appear as a download happening when your computer is "doing nothing." In reality, it is doing something. It's updating itself.
Now, how to find out exactly what's going on.
Things get a little tricky. The approach that I'm going to recommend (if you really want to dive into this) is to use a utility called Process Monitor. That's a utility that will:
Allow you to capture information for a period of time;
And then allow you to quickly analyze exactly what's happening on your computer during the period of time that that data was captured.
So, for example, if you notice that something is running or uploading and downloading:
You would fire up Process Monitor.
It would immediately start capturing information.
You would let it continue to capture for a while.
Then you'd stop the capture.
Then run, on its Tools menu, a summary report that would show you exactly which applications are accessing the network – and potentially what remote end point (in other words, what resource on the internet are they connecting to?)
My guess is nine times out of ten, you're going to find out that it is something very benign – and something that is really a function of your computer simply updating itself or doing something similar.
One time out of ten, absolutely, you're going to find malware.
Not all anti-malware programs can find all malware. It sounds like you are already protected to some degree, which is great. But that doesn't necessarily mean that something can't slip through, so it is good to take a look.
That's the approach that I would take.
Unfortunately, it's not terribly simple, but it is effective; and it should
tell you exactly what application is causing the uploads and downloads.
Next from Answercast 43 – Can I prevent someone from saving photos shared over Yahoo IM?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.