Is Someone Uploading From My PC ?

Discussion in 'Computer Software & Operating Systems' started by J80FAB, Sep 15, 2007.

  1. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70
    Erm.... yes well I'm no expert at these things but I'm getting slightly annoyed as my PC has recently started to upload at times for no apparent reason.

    Is it possible that someone has 'hacked' into the PC & is uploading stuff from it :confused:

    When uploading starts I reset the PPP connection with my ISP which usually makes it stop until it starts again.

    I did recently update the 4oD (4 on demand) software & the uploading if I'm not mistaken seems to have started after that. Or it just might be a coincidence.

    Any advice would be appreciated.

    Thanks

    EDIT:

    Sorry forgot to mention I'm running Win XP Home Edition.
     
  2. Rattty

    Rattty
    Active Member

    Joined:
    Dec 30, 2006
    Messages:
    64
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    8
    Ratings:
    +6
    Install a firewall like Zone Alarm, this will show all network traffic and you can then stop any 'odd' activity.
     
  3. Singh400

    Singh400
    Distinguished Member

    Joined:
    Feb 21, 2006
    Messages:
    17,850
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Earth
    Ratings:
    +3,370
    How do you know someone is uploading from your PC? What (if any) tools/software are you using?
     
  4. Member 79251

    Member 79251
    Banned

    Joined:
    Jul 2, 2005
    Messages:
    13,421
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    ?
    Ratings:
    +2,187
    I would just look at my router lights ;)
     
  5. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    Well in answer to the above my router is next to my monitor so I can see the lights flashing :D, I have NetMeter installed which shows upstream activity when there shouldn't be any & of course my LAN icon at the botton right will show continuous activity with its flashing screens, that's how I know !
     
  6. Decadent Fool

    Decadent Fool
    Active Member

    Joined:
    Dec 27, 2006
    Messages:
    546
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Location:
    Shropshire
    Ratings:
    +33
    As previously mentioned, install ZoneAlarm and it will tell you the desired destination of anything trying to access the net
     
  7. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    in the maentime the output from a
    netstat /a
    could prove informative.
     
  8. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    I've tried downloading/installing ZoneAlarm but I keep getting an error message : 'setup was unable to find the msi package or patch' :confused: and then there's a URL given :rolleyes:

    EDIT:

    I assume I'm looking at the correct ZoneAlarm as there seem to be a couple around.

    Can someone please direct me to the correct one.

    Thanks
     
  9. Ianfromnotts

    Ianfromnotts
    Well-known Member

    Joined:
    May 16, 2003
    Messages:
    2,760
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    Nottingham
    Ratings:
    +174
  10. Singh400

    Singh400
    Distinguished Member

    Joined:
    Feb 21, 2006
    Messages:
    17,850
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Earth
    Ratings:
    +3,370
    Install a decent firewall and then recheck your findings. It could be Microsoft services auto updating.
     
  11. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    I have the automatic Windows Update feature turned off & always perform it manually as I prefer it that way.

    In any case with Windows Update it is a case of mass downloading rather than uploading.
     
  12. Curly99

    Curly99
    Distinguished Member

    Joined:
    Dec 29, 2006
    Messages:
    9,426
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Ratings:
    +2,255
    does 4OD work like the BBC one that uses a sort of Bit torrent affair to download programs, maybe it's that that uploading.

    Curly
     
  13. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    in the mentime the output from a
    netstat /a
    could prove informative.
     
  14. Singh400

    Singh400
    Distinguished Member

    Joined:
    Feb 21, 2006
    Messages:
    17,850
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Earth
    Ratings:
    +3,370
    Yes, but the Windows Update components auto update themselves - or else you would not be able to use WU/AU/MU. They can not be set otherwise.

    Anyhow I don't think it is that.

    Have you found any odds file on your computer? If they are uploading from your computer, your bound to have something there that isn't supposed to be there.
     
  15. fortean

    fortean
    Active Member

    Joined:
    Nov 28, 2004
    Messages:
    825
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Chorley
    Ratings:
    +71
    Have a look if you have a service running called Kservice. This is a peer to peer service that is used to distribute content for BBC iPlayer, 4OD, Sky Movies, etc.

    You can stop and disable the service in the services tab when you are not downloading anything.

    Right click the My Computer icon and select Manage.

    Near the bottom of the list on the left you will find Services and Applications; Open the list to see Services. Click this and all the Services will be shown on the right hand side.

    Find Kservice, double click it, stop it, then change the Startup type to Disabled.

    You may need to enable it, change to manual, then start it to download content though.
     
  16. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    As I mentioned in my opening post I did update the 4oD software as I was prompted to do so therefore it's possible that this has had some effect.

    I've installed the ZoneAlarm as recommended and currently one application which keeps popping up saying it 'wants to connect to the internet' or 'act as a server' or something like that, is described as a Delivery Manager Service. And further investigation shows that it is indeed Kservice being used by 4oD.

    I've done as you said so it will be interesting to see if it makes any difference.

    As you mentioned disabling Kservice makes access to 4oD for example not possible. Setting it to 'Manual' makes ZoneAlarm respond by asking if I want to allow or deny the Delivery Manager Service access to the internet.

    I've disabled it for now to see what happens. And probably will have to enable it if I want to use 4oD.

    Thanks for the info.
     
  17. richard plumb

    richard plumb
    Well-known Member

    Joined:
    Jan 27, 2002
    Messages:
    14,524
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    133
    Location:
    Windsor
    Ratings:
    +1,054
    Kservice will be the culprit. BBC, 40d and sky anytime all use this to save their bandwidth costs by using P2P to share the load.

    So yes, your computer will be uploading all the time when your internet connection is normally idle.

    One reason I don't install those apps. I'd almost pay them a little fee to use normal downloading.
     
  18. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    Mmmmm...... yes from initial observations it would seem that Kservice is indeed the culprit.

    I just used 4oD & watched something I downloaded a couple of days ago. I had to cover the router LEDs because they were putting me off what I was watching !!!

    Anyway when I stopped Kservice as suggested earlier in this thread the frantic upload activity also stopped & 4oD disappeared :rolleyes:

    I've never really taken much interest in P2P so don't know much about it. Why does uploading from my end take place and what's the significance of it ?
     
  19. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    It takes bandwidth and increases your load. if you sail close to a FUP it may not be for you.

    main significance in sharing apps is that you need to make sure you lock down what directories they can upload to the net from.
    If it is unrestricted then 'all your files are belong to us'.
     
  20. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70
    Sorry don't quite understand your explanation & why something like Kservice would want to use one's upstream bandwidth :confused:

    What's an FUP ?
     
  21. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    Phased around P2P in general (in line with your question).
    FUP - Fair Use Policy. ISPs use this stop folks hogging comms lines.

    Sharing apps run both ways - besides letting you download from lots of places they also let lots of places download from you.
    Sharing apps use a directory structure to store downloaded files - mostly you have to tell them where to put downloaded files when you install/set them up.
    For uploade files 9from your machine to other P2P sharers out there) you need to tell your P2P app what directories you will allow to be read by these unknown remote machine from all globe. If this information is not locked down it can easily be that a P2P app is allowing all these remote shares to read ALL your files.
     
  22. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70

    :oops: Just realised what FUP stands for - doh !

    I think I know what you mean now.

    A few days ago I used 4oD to download some programmes to watch later rather than watching them being streamed over the net - don't know if it makes a difference either way.

    Anyway as the downloaded content from 4oD is on my hard drive I am assuming that my PC is being used as a 'server' to distribute the downloaded stuff to anyone wanting to download/stream the same material to their PC thus not clogging up the 4oD's servers.

    This would make sense because the ZoneAlarm firewall does report - when Kservice is enabled - that the Delivey Service Manager (Kservice) wants to use my PC as a 'server'. Brilliant, not !

    I think I might consider removing 4oD altogether from my PC.

    The interesting thing is that 4oD does charge for viewing some programmes whilst a handful are free. Surely it would be a bit off hand for them to use someone's PC for P2P after that person has paid to download/watch stuff from the 4oD site.
     
  23. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70
    Was wondering if someone could help again :lease:

    Seem to have got to the bottom of the uploading business - Kservice.exe application which installs with Channel 4's 4oD service and uses your PC as a server for P2P.

    I've disabled Kservice so that it doesn't work.

    However now when I start up my Windows Messenger Live the blighter starts doing the same :suicide:

    OK it may not start straight away but after some time has elapsed uploading begins :rolleyes: If I close Windows Messenger it stops.

    Anyone have any idea what's going on in this instance :confused:
     
  24. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    Disable it. run scans.

    you have been in p2p land - it pays to check you really are clear.

    of course while these uploads are happening the output from a

    netstat /a

    could prove informative....

    Should add that TCPVIEW andor Process Explorer (both free) can give a lot of good info. But if it is a nasty it may hiding..
     
  25. J80FAB

    J80FAB
    Active Member

    Joined:
    Jun 19, 2005
    Messages:
    1,843
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Ratings:
    +70
    Thanks for the info.

    I never ran netstat /a when you previously suggested as I did not know what this was. I've just run the command at the command prompt so now I know.

    I've actually uninstalled ZoneAlarm as it was slowing things down. It nevertheless did not seem to report anything when Windows Live Messenger started uploading :rolleyes:

    Will reinstall it & monitor Messenger with that & the recommended netstat.

    Tried the recommended Sunbelt Firewall. Doesn't slow things down on my PC but drove me nuts with its continuous pop-ups warning of this & that.
     
  26. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    pop ups happen on anew firewall install while you build your ruleset. then things quieten down.
    trouble with p2p apps is that each IP (inbound or outbound) gives a pop up if no rule for it. A lot of folks end up giving their p2p apps unfettered access through the firewall so reducing the pop-ups. And so negating the firewall - cos they just drilled a hole in it for their p2p app. If you 'HAVE' to use p2p stuff then research a safe setup for it. IF one exists...and don't be logged on as (or 'run as ') Admin...
     
  27. edward

    edward
    Active Member

    Joined:
    Apr 2, 2003
    Messages:
    878
    Products Owned:
    1
    Products Wanted:
    1
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +33
    If you do netstat/o it will show much the same as /a but the 5th column shows you the PID as well.

    If you don't recognise any of the addresses shown, do a ctrl/alt/delete to get the task manager up, go to the process panel, click the header of the PID column to sort them into order and then scroll down until you find the PID you want explained - it will show you what image is running. If you don't recognise the image name, put it in google and you'll get an explanation.

    I've got a freebie called Net Medic on my desktop so I can see when stuff is coming and going and how much bandwithd its taking up.

    In my case, it was Skype that was the culprit.
     

Share This Page

Loading...