- Posts: 41
- Thank you received: 0
NIC Sent Packets keeps increasing
16 years 8 months ago #25697
by derk
Replied by derk on topic Re: NIC Sent Packets keeps increasing
Good day everybody!!
After I've reformatted my PC and installed XP and drivers, the problem with my NIC still persisted. So, I was thinking that maybe I can use some some kind of a low-level formating tool such as KillDisk to completely remote any malicious program that's infecting my NIC activity.
What do you think?
Thanks..
After I've reformatted my PC and installed XP and drivers, the problem with my NIC still persisted. So, I was thinking that maybe I can use some some kind of a low-level formating tool such as KillDisk to completely remote any malicious program that's infecting my NIC activity.
What do you think?
Thanks..
16 years 8 months ago #25699
by derk
Replied by derk on topic Re: NIC Sent Packets keeps increasing
Hello everybody..
I've already tried wireshark and I've seen through it that my PC is sending ICMP requests to networks 192.165.56.16 to 192.167.....and the network address is incrementing. I think this is the cause of why the sent packets of my NIC is significantly huge.
The problem now is, should I proceed with low-level formatting to completely erase what's been infecting my PC or should I continue troubleshooting and try to find the root-cause behind all this.
And also, has anyone here tried KillDisk to reformat a harddisk?
Please help all you guru's out there..
Thanks.
I've already tried wireshark and I've seen through it that my PC is sending ICMP requests to networks 192.165.56.16 to 192.167.....and the network address is incrementing. I think this is the cause of why the sent packets of my NIC is significantly huge.
The problem now is, should I proceed with low-level formatting to completely erase what's been infecting my PC or should I continue troubleshooting and try to find the root-cause behind all this.
And also, has anyone here tried KillDisk to reformat a harddisk?
Please help all you guru's out there..
Thanks.
16 years 8 months ago #25711
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: NIC Sent Packets keeps increasing
If you are formatting your hard drive before reinstalling your OS then any Malware will be removed.
Have you tracked down what application is causing the ICMP traffic ? Have you tried a new Network Card incase its becoming faulty ?
Have you tracked down what application is causing the ICMP traffic ? Have you tried a new Network Card incase its becoming faulty ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
16 years 8 months ago #25715
by derk
Replied by derk on topic Re: NIC Sent Packets keeps increasing
Thanks for the replies Smurf.
I have a 150 GB harddisk and after I erased all partitions I've noticed that my total unpartitioned space is now only 139 GB, but still I commenced formatting. I've created a 20 GB partition for my XP and left the rest unpartitioned/unformatted. I guess the malware still resides in the unpartitioned portion or in the missing 11 GB space.
I tried to track where the ICMPs were coming from (ie specific service) but I can't seem to find them cause I'm still studying howto's of wireshark. The second time I captured packets thru wireshark, the ICMP's were gone, but NBNS protocol is propagating from my interface. Everytime I disable - then enable my NIC, only the received packets counter was resetted back to zero; the sent packets counter increments and now it's around 70,000,000...
I've installed spyware blaster and run combofix but the problem is still there.
Thanks and please.
I have a 150 GB harddisk and after I erased all partitions I've noticed that my total unpartitioned space is now only 139 GB, but still I commenced formatting. I've created a 20 GB partition for my XP and left the rest unpartitioned/unformatted. I guess the malware still resides in the unpartitioned portion or in the missing 11 GB space.
I tried to track where the ICMPs were coming from (ie specific service) but I can't seem to find them cause I'm still studying howto's of wireshark. The second time I captured packets thru wireshark, the ICMP's were gone, but NBNS protocol is propagating from my interface. Everytime I disable - then enable my NIC, only the received packets counter was resetted back to zero; the sent packets counter increments and now it's around 70,000,000...
I've installed spyware blaster and run combofix but the problem is still there.
Thanks and please.
16 years 8 months ago #25721
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: NIC Sent Packets keeps increasing
Hi Derk,
I still find it hard to beleive that a reformat would keep Malware. For the Malware to work, it would need to be installed on the OS after its reinstallation, even if it is hidden in a partition somewhere on the hard drive (which again i cannot see as this would rely on the Hard drive having free space in order to create a hidden partition).
Is it not just that it is being displayed as 139Gb which would give 139 * 1024 actual file size ? I know that this is still not 150Gb but that could be it.
In Windows, you can take a look in the Disk Management to display partition information, even if there are Non Windows partions, they will still be displayed.
Its a strange one indeed.
I still find it hard to beleive that a reformat would keep Malware. For the Malware to work, it would need to be installed on the OS after its reinstallation, even if it is hidden in a partition somewhere on the hard drive (which again i cannot see as this would rely on the Hard drive having free space in order to create a hidden partition).
Is it not just that it is being displayed as 139Gb which would give 139 * 1024 actual file size ? I know that this is still not 150Gb but that could be it.
In Windows, you can take a look in the Disk Management to display partition information, even if there are Non Windows partions, they will still be displayed.
Its a strange one indeed.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
16 years 8 months ago #25810
by derk
Replied by derk on topic Re: NIC Sent Packets keeps increasing
Hello everybody..
Finally, I've formatted the whole space of my HDD as one partition and installed x64 XP. So far, it's been running good.
I'm planning to partition some space of my HDD so I can install some Linux on it and start my open-source learning from there. Any suggestion of a good partitioning tool?
Thanks for the time.
Finally, I've formatted the whole space of my HDD as one partition and installed x64 XP. So far, it's been running good.
I'm planning to partition some space of my HDD so I can install some Linux on it and start my open-source learning from there. Any suggestion of a good partitioning tool?
Thanks for the time.
Time to create page: 0.133 seconds