Location:
State:
Carrier
Country
Status

Excessive sessions open immediately after boot


I've been having problems with Internet speed variations recently. Today I had a Tech from my ISP here to look at the problem and he discovered that immediately after boot I have over 50 active sessions open on my PC, even before I open a browser window. This machine has Norton Security installed and active and I've recently run Norton Eraser As Well as Malwarebytes and neither of them have found anything significant while scanning.

Any idea what could because of these sessions to open?

I've been having problems with Internet speed variations recently. Today I had a Tech from my ISP here to look at the problem and he discovered that immediately after boot I have over 50 active sessions open on my PC, even before I open a browser window. This machine has Norton Security installed and active and I've recently run Norton Eraser As Well as Malwarebytes and neither of them have found anything significant while scanning.

Any idea what could because of these sessions to open?
Hi.
I see you've got a post over at Bleeping Computeron this as well.

Excessive active internet sessions can be caused by torrenting programs and botnets (clickfraud/DDoS attacks, etc.). I have also seen this when someone has gotten into a system with a lot of storage, and put their illegal stuff on it, selling it to customers and then linking to the compromised computer after the sale, for the download. And, just because you've got Norton running doesn't mean you're safe.

You could try Wireshark if you want to sniff your packets, for more information.

I would run RKILL, JRT, then an ESET Online Scan for starters, and see what comes up, while you're waiting for BC to answer. You'll need to disable Norton when running ESET.

EDIT: Have you noticed high activity on your CPU lately?

Thanks, I've run the 1st 2 already and they didn't find anything I'm working on running ESET right now.

I went ahead and ran Wireshark today after none of the other troubleshooting tools found anything. I'm attaching a copy of a Wireshark file to see if anybody can see anything interesting in it.
  • 2_18 1859.pcapng.pdf (343.9 KB, 2 views)

I went ahead and ran Wireshark today after none of the other troubleshooting tools found anything. I'm attaching a copy of a Wireshark file to see if anybody can see anything interesting in it.
Yeah, I can't really do much with the PDF. I think you need to be in the program to do the evaluating, using the various filters available. Have a look here:
Capturing network communication packets with Wireshark Utility | Symantec Connect
They have a wireshark tutorial video on there.

Did the ESET scan find anything?


Did the ESET scan find anything?
No It Didn't.

Have you reviewed your startup programs in task manager? Sounds like a virus, etc... to me

Following up with some of the information I collect on Wireshark I thought a lot of communications to the IP address of 204.79.197.213. A search came back showing that's a MS site. I created a firewall rule to block all communications to and from that site and suddenly everything seems to be working fine! I'm running Windows 10x64 Pro, and to the best of my knowledge have all of the MS data transfer stuff turned off but obviously something is still functioning.

No It Didn't.
Good. If ESET didn't find anything, then you can be pretty sure there's no virus lurking.

Following up with some of the information I collect on Wireshark I thought a lot of communications to the IP address of 204.79.197.213. A search came back showing that's a MS site. I created a firewall rule to block all communications to and from that site and suddenly everything seems to be working fine! I'm running Windows 10x64 Pro, and to the best of my knowledge have all of the MS data transfer stuff turned off but obviously something is still functioning.
Interesting. I hope that's not your OneDrive sync.

Actually after doing some more research that's the homepage for Bing, don't know why it was trying to communicate because I don't use it at all and have it turned off! Just more MS BS.

Excessive sessions open immediately after boot