I didn't manage to download a firewall and as soon as I connected and started downloading the sygate personal firewall (free and good firewall) i noticed that by the end of the 1mb download I had uploaded 40mb to someplace. So I got the firewall running and this thing was sending to some 239.255.255.250. After a search I found it had to do something with local networks but I had some SVCHOST.exe sending data there constantly. So i block it in the firwall.
Now the really weird thing. Some DLLHOST.exe file starts uploading like mad instead. I block it too and now after 6mb of uploaded data it stopped. It started uploading to EVERY IP starting with 62.193 62.192 62.191 62.190 or so I think. It keeps trying 100 IPs in a second but i blocked it. Even blocked, it is wasting my internet connection and its realllly slow. I can hardly use the damn thing.
I also got a file access monitor to see if it was drawing any files off my machine. I found that when I started IE it scanned my desktop and my whole C drive for data structure, and then opened the infamous CONTENT.IE/INDEX.DAT file and wrote to it. I'll deal with that later. But this is obviously all part of IE. Also it was accessing files so quickly i couldnt really catch what it was doing (the log file grows huge and the peice o sh*t is slow). I don't think it scanned my D drive.
Anyway, i never heard of this happening before. Am I being hacked? Why is this happening? I also found some remote PC control programs are in use some WMBP , Koreg authentication, object.something files bla bla...
I just came here to find out how to get linux back up and running cos i really need the net (i'm a webmaster!) and window$ is not only shit but I can't use the net at all. (You can help me with that problem in the Linux fourm, cheers)
