Help! Unexplained attempts to access the internet.

Discussion in 'Off-Topic Chat' started by Will the Sec, Nov 12, 2006.

  1. Will the Sec

    Will the Sec Active Member

    I am sure that the collective knowledge of tMP's genius will be able to help me...

    A programme is trying to access the internet when I'm off line.

    Now, it doesn't gain access in that scenario, because I've set up the dialler to ask first.

    BUT... I can't work out what the programme is, and if I'm already on oline, I'm not getting a request, so presuambly it's making contact.

    My AV and spyware scans are all up to date - and I've tried a couple of alternatives as well.

    Any ideas how to find out what is causing the attempts to access the internet?

  2. brassneck

    brassneck Active Member

    First question ... do you use a wireless router?
    2nd Question ... have you noticed any online transactions on your bank statement that aren't yours?
    3rd Question ... what evidence do you have that the dial-up facility has been hi-jacked? (any desktop notifications?)
    Last edited: Nov 12, 2006
  3. Anno Draconis

    Anno Draconis Well-Known Member

    Are you using Norton? I've found it to be almost as bad a some spyware in the way it takes over your computer, and it may be trying to run automatic live updates.
  4. Will the Sec

    Will the Sec Active Member

    1. No.
    2. No.
    3. Only that the dial up window appears when I'm off line.

    I'm using Zone Alarms, (which I'm no terribly happy with) but Norton comes free with the BT browser that is my second choice after firefox.
  5. brassneck

    brassneck Active Member

    Which programme is trying to access the net?
  6. impycornet

    impycornet Member

    The clue is in the question ???
  7. KMJ Recordings

    KMJ Recordings Supporting Member

    Can you see what it was in Event Viewer or in the firewall log?
  8. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    What are your Windows Update settings Will? It might be that.

    Another solution to this is to install a security application such as McAfee Internet Security. This essentially monitors all inbound and outbound traffic to and from your PC and prompts you if an application not on its list of accepted/permitted sites attempts to access the net. You may want to look into installting this or a similar such app.
  9. KMJ Recordings

    KMJ Recordings Supporting Member

    Zone Alarm works in that way John, although it's not the best app in the World.

    Windows Update is a good suggestion - it can be a real PITA.
  10. MRSH

    MRSH Supporting Member

    Why do you ask that question? What is the significance?
    I only ask because today Mrs H (Aardvark) noticed a transaction on her bank account for over £700 which isn't hers?
  11. brassneck

    brassneck Active Member

    - my slip! :redface: (been a busy last couple of days!)

    I would suggest trying the trial version of something like Prevx or Sana Security's Primary Response that could intercept and classify the action.
    Last edited: Nov 12, 2006
  12. brassneck

    brassneck Active Member

    - I work presently for a financial institution and sometimes we find indentity theft and fraud. If the source of the debit is online, then there is a risk of the customer's card details being hi-jacked. There have been instances of online dial-up information being used to generate bills for certain pay-for-access sites.

    - I would get Aadvark to contact her bank to get as much information on that transaction as possible then put a claim forward for a switch dispute. The card will have to be cancelled and a new one issued. If the transaction is recurring (set up as a regular debit using the card details) the account may have to be closed and a new one opened.
    Last edited: Nov 12, 2006
  13. timbloke

    timbloke Member

    Perhaps try getting Windows Defender (MS), it will quickly identify any software accessing the internet and identify if it is approved or not.
  14. MRSH

    MRSH Supporting Member

    Just to let you know Aardvark contacted her bank first thing this morning and without argument they agreed to refund the full amount of the rogue transaction. They traced the transaction to a Comet store in Hull - a place neither of us have ever been ;). Her card has been cancelled and a new one forthcoming.

    Thanks for your advice brassneck :tup
  15. andywooler

    andywooler Supporting Member

    I spent quite a few hours last night fixing issues following my son's use of my laptop.One thing I found both on the laptop and my desktop was an instance of internet explorer sitting in the background. Checking the startup options using msconfig I discovered exactly that - not too sure how it got there as also ran a clean virus and spyware check. As soon as I disabled the IE session in startup, the symptoms I had went away.
    (had I been on dial-up I suspect this would have given similar symptoms to those Will had).
  16. brassneck

    brassneck Active Member

    - glad to be of some help! :cool:
  17. Will the Sec

    Will the Sec Active Member

    OK, so having downloaded Internet explorer 7, I'm still getting phantom attempts to access the internet.

    These now also occur when the connection is current (and I'm using a different browser), i.e. the "do you want to connect to the internet" mini window appears. As I am already on line, I say no, and cancel it, and it breaks the exisiting internet connection.

    Any ideas? It's irritating. (OK, not as much as being given a 1 in 4 chance of having a job in 6 months, but still irritating...)
  18. BigHorn

    BigHorn Active Member

    If its trying to break your current connection and dial up on another then it may be a rogue dialler. Firstly see if you have more than one dial-up connection by navigating to
    Start / Settings / Control Panel / Internet Options / Connections and looking for an unusual connection - look in the properies of the dial-ip connection and see if it is your normal ISPs number. If it is not then take a note of the number and delete that dialer.

    After that you need to find the program that is trying to make use of the dialler.

    navigate to
    HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Current version\Run

    Look at the listing for anything unusual that could be the rouge dialer.
    If it is not obvious what the programs are in this start-up list, then google each name which should tell you what is legit and what is not.

    Sometimes these rougue diallers piggy back on some legitmate windows program so there may not be anything that looks out of the ordinary.

    If it is blatently obvious that there is something that shouldn't be there, then google it. You will not be the first one hit and there should be strategies for rendering it harmless.

    Have you tried installing spybot and spyware blaster - these have rogue dialler protection.

    Oh - and check your phone bill for any unusual numbers. If there are any then google these too for info.