Copied / Moved / Reworked from Windows XP forum
( )
- - - - -
Help! I have a Win-XP-Pro-SP2 PC which, whenever it is connected to the Internet (either by cable, or wireless), gains an interface called "Internet Connection" which claims to be a "Gateway" connecting to the Internet via another Computer.
I don't have any computers in this environment which are hosting ICS, because both the wired and wireless connections are connected directly to Broadband routers, and provide direct (via NAT) Internet Access.
Also, the Properties of the interface won't show me the address of the other computer through which it is connecting.
It looks to me like something has installed itself to redirect my internet traffic and allow someone out there to see everything I use.
Neither SpyBot S&D nor Ad-Aware found this.
Any suggestions?
Background:
I have two ISPs at home, CABLE and DSL. The DSL connection has a Wireless Portal/Router attached, the CABLE does not.
I use three computers at my home, two desktop and one laptop (I use the laptop at other locations as well).
I will refer to each computer as "A", "B" and "C".
Desktop Computer "A" (Win-XP-Pro-SP2) is my primary PC when I am at home and is connected to both ISPs, both as wired connections.
I had thought that it does not appear to have been affected by this problem, because it does not show the bogus "Internet Connection" in Network Properties. However, I thought my CABLE ISP was down a couple days ago because I saw extremely limited traffic on that connection (like only 1 or 2 incoming bytes).
Desktop computer "B" (Win-XP-Home-SP2) is my wife's computer. It is connected only to the CABLE ISP. That one has been slow for a while, but does not show the bogus "Internet Connection" in Network Properties. Last night it stared not connecting at all - also showing only one or two incoming bytes.
(My wife's user-ID is configured as a "Limited User".)
My Laptop (Computer "C") (Win-XP-Pro-SP2) connects to the DSL via a wireless card, and to the CABLE via the wired network.
On Laptop "C", I use Yahoo! instant messenger, and I get mail via Yahoo. I also have Yahoo! toolbar with Anti-Spy installed.
Last night I notice that Laptop "C" was sending out tons of trafic on the CABLE connection. Desktop "B" was receiving almost no traffic on the CABLE connection. I did not check Desktop "A".
When I un-plugged the CABLE connection from Laptop "C" due to the volume of traffic, the bogus "Internet Conenction" went away, and although the Wireless (DSL) connection appeared to be working, I could not connect to anything on the Internet.
I have also seen the bogus "Internet Connection" on my Mom's computer "D", which uses a completely different CABLE ISP via a wireless router.
It may be noteworthy that the bogus "Internet Connection" is only visible in Network Connections when it is connected. Attempts to disable it are ignored.
- - - - -
More Information:
linney suggested the following, so I'll list the suggestions and the results.
"Does your ISP have any comment?": I don't think it's related to the ISP because I have connected to three different ISPs (two at home and one at another location) and seen the mysterious interface.
"Is there anything unusual in your Hosts file?": Nope. It is clean (only localhost).
"Anything in the Security or System Log of the Event Viewer about what or who you are remotely connecting to?": I still need to check this.
"How about any firewall logging?" - Does Windows Firewall keep a log? I don't have any other Firewall software installed on Laptop "C". But I'll check McAfee Firewall on my mom's Desktop "D" for logs.
"This trojan scanner has an online scanner you could try, you could even try the full trial version or free limited download. - Ewido security suite - Protection against Spyware, Trojans, Dialers, Keyloggers and other growing threats. - ": The only thing ewido found was cookies.
"This program will tell you what process is connecting to which ports from YOUR computer. - Port Explorer, it has a free 30 day or 50 uses trial.
": I have not run this one, but I got some limited info from ewido's connection analysis.
"Removing adware & spyware - FAQ608-4650 ( )": I've tried almost everything in this FAQ.
"Microsoft (GIANT Antispyware) Beta available - thread779-979113 ( )": I have installed and run Microsoft Anti-Spy and it didn't find anything except cookies.
- - - - -
So, now I am effectively "MOVING" this question from the Windows-XP forum to the Virus & SpyWare Forum.
(There have been a couple more ideas posted there, which I will try, then post the results here.)
Any ideas?
( )
- - - - -
Help! I have a Win-XP-Pro-SP2 PC which, whenever it is connected to the Internet (either by cable, or wireless), gains an interface called "Internet Connection" which claims to be a "Gateway" connecting to the Internet via another Computer.
I don't have any computers in this environment which are hosting ICS, because both the wired and wireless connections are connected directly to Broadband routers, and provide direct (via NAT) Internet Access.
Also, the Properties of the interface won't show me the address of the other computer through which it is connecting.
It looks to me like something has installed itself to redirect my internet traffic and allow someone out there to see everything I use.
Neither SpyBot S&D nor Ad-Aware found this.
Any suggestions?
Background:
I have two ISPs at home, CABLE and DSL. The DSL connection has a Wireless Portal/Router attached, the CABLE does not.
I use three computers at my home, two desktop and one laptop (I use the laptop at other locations as well).
I will refer to each computer as "A", "B" and "C".
Desktop Computer "A" (Win-XP-Pro-SP2) is my primary PC when I am at home and is connected to both ISPs, both as wired connections.
I had thought that it does not appear to have been affected by this problem, because it does not show the bogus "Internet Connection" in Network Properties. However, I thought my CABLE ISP was down a couple days ago because I saw extremely limited traffic on that connection (like only 1 or 2 incoming bytes).
Desktop computer "B" (Win-XP-Home-SP2) is my wife's computer. It is connected only to the CABLE ISP. That one has been slow for a while, but does not show the bogus "Internet Connection" in Network Properties. Last night it stared not connecting at all - also showing only one or two incoming bytes.
(My wife's user-ID is configured as a "Limited User".)
My Laptop (Computer "C") (Win-XP-Pro-SP2) connects to the DSL via a wireless card, and to the CABLE via the wired network.
On Laptop "C", I use Yahoo! instant messenger, and I get mail via Yahoo. I also have Yahoo! toolbar with Anti-Spy installed.
Last night I notice that Laptop "C" was sending out tons of trafic on the CABLE connection. Desktop "B" was receiving almost no traffic on the CABLE connection. I did not check Desktop "A".
When I un-plugged the CABLE connection from Laptop "C" due to the volume of traffic, the bogus "Internet Conenction" went away, and although the Wireless (DSL) connection appeared to be working, I could not connect to anything on the Internet.
I have also seen the bogus "Internet Connection" on my Mom's computer "D", which uses a completely different CABLE ISP via a wireless router.
It may be noteworthy that the bogus "Internet Connection" is only visible in Network Connections when it is connected. Attempts to disable it are ignored.
- - - - -
More Information:
linney suggested the following, so I'll list the suggestions and the results.
"Does your ISP have any comment?": I don't think it's related to the ISP because I have connected to three different ISPs (two at home and one at another location) and seen the mysterious interface.
"Is there anything unusual in your Hosts file?": Nope. It is clean (only localhost).
"Anything in the Security or System Log of the Event Viewer about what or who you are remotely connecting to?": I still need to check this.
"How about any firewall logging?" - Does Windows Firewall keep a log? I don't have any other Firewall software installed on Laptop "C". But I'll check McAfee Firewall on my mom's Desktop "D" for logs.
"This trojan scanner has an online scanner you could try, you could even try the full trial version or free limited download. - Ewido security suite - Protection against Spyware, Trojans, Dialers, Keyloggers and other growing threats. - ": The only thing ewido found was cookies.
"This program will tell you what process is connecting to which ports from YOUR computer. - Port Explorer, it has a free 30 day or 50 uses trial.
": I have not run this one, but I got some limited info from ewido's connection analysis.
"Removing adware & spyware - FAQ608-4650 ( )": I've tried almost everything in this FAQ.
"Microsoft (GIANT Antispyware) Beta available - thread779-979113 ( )": I have installed and run Microsoft Anti-Spy and it didn't find anything except cookies.
- - - - -
So, now I am effectively "MOVING" this question from the Windows-XP forum to the Virus & SpyWare Forum.
(There have been a couple more ideas posted there, which I will try, then post the results here.)
Any ideas?
