... what is leaving the computer when all the outbound (red bars) are flashing, all the time?
At this point, I know I have no virus, trojan, spyware etc. I have also turned off Automatic Updates in Windows XP (Home Edition), but as soon as I log on, the outgoing zone alarm bars start up... so I'm at a loss, and concerned.
Is there a simple way to find out?
Thanks in advance! I hope this made sense...
Carmen
Long
You can use the tools in the link above like Active Ports, Process Explorer and the other tools being mentioned and go look for yourself.
Yes and ZA and other personal FW(s) can and do get beaten.
Duane :)
Click on the ZA icon and look see what applications are running, thats a good start.
-- Jim Watt
Well, you could try looking at the raw traffic...
You could have no viruses/worms/Trojans/spyware, and still have lots of outbound traffic when you log on. Depends on what you've got installed.
E.g. if you have Yahoo Messenger installed, you will have lots of outbound traffic associated with the Bonjour Service installed with it. Windows Messenger will also quickly kick off outbound traffic.
Anti-virus programs will also quickly kick off outbound traffic. At a minimum, you will have outbound traffic with Generic Host Process for Win32.
To get specific answers for your PC, click on the Programs tab, and put question marks on all internet access for all programs, instructing Zone Alarm to ask your permission each and every time a program wants outbound access.
Michael O'D> ... what is leaving the computer when all the outbound (red bars) are
As already mentioned in the thread, you could have a look at the traffic using a sniffer, ethereal nearly being a standard today.
This examination will give you a lot of information even if the data uses a home made protocol and/or encryption, such as volume, used layers, *destination*, etc.
Doing whois queries on the destination addresses can help a lot.
Kind regards Ludovic Joly
Try to install NetLimiter 2 Monitor (freeware).
You can also use netstat command in command prompt (Windows console) to see active connections.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.