Helping people with computers... one answer at a time.

Most often, uninitiated connections to the internet are the result of your computer updating itself. Occasionally, it is malware and there is a good tool to help you sort it out.

I have a download meter installed on my Windows 7 system. It shows uploads and downloads. Sometimes, it shows data being uploaded or downloaded when I know nothing should be happening. Is there some way to find out what this data is and where it's coming from or going to? I thought it might be a virus of some sort, but according to my virus protection, the computer is clean.

In this excerpt from Answercast #43, I look at ways to capture and analyze which programs are connecting to the internet and what sites they are accessing.

Background updates

One thing many people don't realize is that several applications on your computer may very well be doing uploads and downloads in the background that you're not aware of. For example, Windows itself.

When applications get updated (and when Windows gets updated), that's simply a download.

  • Microsoft Windows may very well be downloading the most recently released updates while your computer is apparently doing nothing else.

  • The same is true for other applications.

I know that Google and other different applications that I have installed on my machine will (when updates are available) automatically and transparently download those updates in the background.

That could easily appear as a download happening when your computer is "doing nothing." In reality, it is doing something. It's updating itself.

Analyze the downloads

Now, how to find out exactly what's going on.

Things get a little tricky. The approach that I'm going to recommend (if you really want to dive into this) is to use a utility called Process Monitor. That's a utility that will:

  • Allow you to capture information for a period of time;

  • And then allow you to quickly analyze exactly what's happening on your computer during the period of time that that data was captured.

So, for example, if you notice that something is running or uploading and downloading:

  • You would fire up Process Monitor.

  • It would immediately start capturing information.

  • You would let it continue to capture for a while.

  • Then you'd stop the capture.

  • Then run, on its Tools menu, a summary report that would show you exactly which applications are accessing the network – and potentially what remote end point (in other words, what resource on the internet are they connecting to?)

My guess is nine times out of ten, you're going to find out that it is something very benign – and something that is really a function of your computer simply updating itself or doing something similar.

Potential malware

One time out of ten, absolutely, you're going to find malware.

Not all anti-malware programs can find all malware. It sounds like you are already protected to some degree, which is great. But that doesn't necessarily mean that something can't slip through, so it is good to take a look.

That's the approach that I would take.

Unfortunately, it's not terribly simple, but it is effective; and it should tell you exactly what application is causing the uploads and downloads.

Article C5686 - August 12, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Mike
August 12, 2012 1:39 PM

I'd like to note that sometimes the browser is also doing network activity that isn't an update. This can be caused when sites like Twitter check for new tweets and download them automatically so you can click the link at the top of the tweets that says "x new Tweets" to see those new tweets.

Scott Currier
August 14, 2012 9:41 AM

Thank you Leo, I just downloaded the program and have it running. Very interesting program. Thanks for the tip.

Suzanne
August 14, 2012 10:23 AM

In the last couple of days my computer has slowed to a crawl and is running all the time and it keeps giving me a script error so I'm going to download this and see if I can figure out what's going on instead of doing Restore like I usually do. Also, I've been running malware and my virus programs every day, afraid something bad is going on. I hope this can help.

Gwyn
August 14, 2012 1:38 PM

You mention Process Monitor, but if you click on the link it's Process Explorer that is discussed. I gather there is aso a cprogram (/ Sorry about the typos why is it that your comments box makes it ijmpossible for me to correct things. It doesn't seem to hapen to je anywhere else !

Sorry about that - link's been updated to http://go.ask-leo.com/procmon.
Leo
14-Aug-2012
Steve Casey
March 27, 2013 9:10 PM

I am having the same problem this page addresses. Something seems to be using up a LOT of my bandwidth at times. I've got to identify what's doing this so as not to excede my monthly data limit. I downloaded Process Monitor but cannot access the Help file. If I click on Help from the program, a window pops up that says "Unable to open help file" and when I try to open the included help file from Windows Explorer, the left column shows help topics but the right column says "Navigation to the webpage was canceled" no matter which help topic I select to display. I also noticed that a file (procmon.chw) seems to have been created after I first ran the program and I haven't been able to open it yet. There is very little on this page to explain how to use Process Monitor to identify what's calling for downloads and where it's going to. I've also explored Process Explorer and can't see anything to tell me what's being downloaded, what's doing the downloading, and where it's coming from and going to. Maybe I'm not enough of a geek. Do you know of a good online Geek University?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.