Over 1 million tech questions and answers.

Encrypted network traffic. Untrusted certificate.

Q: Encrypted network traffic. Untrusted certificate.

Sorry for the inconvenience, about 3 days to the date this message is appearing to me, usually when visiting microsoft sites.

This happens to me both with version 10 of ESS and Kaspersky. But it does not happen with other antivirus and version 8 of ESET Smart.

It happens in Chrome and occasionally with Internet explorer 9.

Please, I am very worried about this behavior, which had never been presented to me before.

Read other answers
Preferred Solution: Encrypted network traffic. Untrusted certificate.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers

I want to remove the certificate from untrusted publisher, but the Remove selection is unavailable.
If I add the certificate into Trusted Publishers, my app still works improperly due to security issue.

It seems I must remove it from here, but how with Remove not optional.

Read other answers

Hello everyone, I do not know anyone could explain to me that it is the message, which appeared seconds after opening Internet Explorer (to play by battlelog).
Yesterday I did the same but I did not get any message and it was only to play for a while and then turn off the computer.
Seeing the information in "more detail" seems to be something of Windows itself. So it is a bug and click on Allow or Block?

For some information I have Windows without the patches of November and December so now that I'm free I plan to do it.


A:ESET : attempted communication with an untrusted certificate. What is?

That message seems to have come from your Eset anti virus program. While I cannot read in your language it would seem that a dangerous website might have been accessed & it is issuing you with a warning & it's up to you whether you allow or block access.

If you are really worried by it contact the Eset forum if they have one & discuss it there.

Read other 3 answers

So i went on a trip during the weekend and left my PC unattended in the hands of my family. Nasty surprise when i got back; explorer.exe wasn't working during start up, i figured they installed some virus so i proceed to remove most of the infections i've found and also to fix the Registry files affecting the explorer.exe malfunction. After several hours of passing a couple of malware removal tools and stuff i think i got most of the infection cleaned but im getting this message:

Sorry for the spanish OS but basically when i open League of Legends a system pop-up says that there is an untrusted certificate running and if i want to proceed or not, after looking into the info provided i googled "Internet Widgits Pty Ltd" and found that is related to a Dyre Banking Malware. I got into work and tried to find the Origin of the problem but no success so far. Im posting here hoping to get a bit of a more skilled person to help me. Thanks in advance.

Read other answers

When on my google homepage I try to open gmail or to sign out og my google account, I get an "Untrusted Connection" box stating that the gmail certificate is invalid. I've seen many posts elsewhere suggesting I check the date function on computer (which I've done and it is correctly set). also saw an older posting here suggesting the user run Hijack This. We ran a "scan with logfile" but got messages that (1) system denied write access to hosts file . . . and (2) particularly large number of hijacked domains. Don't really have any idea where to go from here. Would appreciate any help. Thanks.

A:Gmail Untrusted Connection Invalid Secur. Certificate

Read other 6 answers

I keep getting this alert despite the amount of resources that I add to my Gateway.  
Our DC and Gateway are running virtually in VMware.  Distributed Virtual Switches are not an option so I have to resort to configuring Promiscuous Port Group.  
I configured a Promiscuous Port Group on the same Virtual Switch that the DC (and the rest of our servers) is connected , and assigned it the same VLAN ID as the DC. 
ATA is capturing and reporting traffic but I continually receive an alert for some network traffic is not being analyzed.  I have thrown double the resources at our Gateway's
than what the sizing tool identified, and still receive this alert.  At this point I have 24GB of RAM and 10 Cores allocated to my Gateway which is only capturing reporting on 1 DC.  At this point I am about ready to scrap ATA because of how resource
intense it is.  
Any ideas or suggestions?  Does it sound like I have the Promiscuous Port Group configured correctly, or is it possible that I am capturing ALL traffic for the VLAN assigned?  

Read other answers

Is there a good network traffic/broadband monitor that actually keeps track of ALL (really ALL) traffic in a network?
I have used quite a few (eg, Ethereal, ntop, network probe) but all of them kinda keep track of only traffic that is coming in and out of the PC they are run from.

I need one that really tracks every single transaction that goes on in the network, including PCs talking to PCs, PCs talking to servers, servers talking to PCs, PCs talking to printers, etc.

Would help a great deal if they are FREE too!

Anyone know of any good ones?

A:Network traffic/bandwidth monitor that tracks GLOBAL network traffic


You may find something here...


Read other 2 answers

Hello everyone here
Seem like I am and idiot to it's seem funny it's like lock the door and then throw the key to that room.
I was wondering whether how can I open certificate.ptx file if it's already encrypted. I suddenly found a video on youtube
about encryption thing that can be done by CMD i have no idea what is about just try and follow it i'm not really know
that all the files that save on my desktop are being encrypted automatically. I saw windows asked to save the certificate then I save it on my desktop later on my PC error so I move all my files on desktop to external drive and do Windows reset tool completely
reset. And I've just noticed I can open all my files which I back up :/
Please if somebody have solution please let's me know. Now i'm stuck with all my files like 120Gb :/

Read other answers

How does ATA deal with packet inspection of encrypted traffic?


Read other answers

Hi everyone!!!

I've been tasked with running message analyzer to determine if data is encrypted from an endpoint. We are using MBAM and want to ensure that any data sent to MBAM application server is encrypted. Now, we know it is via https, but, we still need to verify this
(for audit purposes).

Can anyone provide some insight as to how I could use microsoft message anaylzer (or perhaps something better) ?

We are planning to run a capture for 24 hours. We also want to ensure data is encrypted from app server to sql server. 

Thanks all! 

Read other answers

I encrypted the /Users/{username}/AppData/Roaming folder, which, I discovered afterward, contains the certificate needed to decrypt it. I have not forgotten the password used to encrypt and to login. Is there any possibility of decrypting the folder or the certificate?

A:Accidentally encrypted my certificate

I'm not sure if this will help, but it's an excellent tutorial on the subject: Encrypt or Decrypt a Folder or File. Reading it, you may note at the beginning there is a link to a 3rd party program (it's a trial version so use it to fix the problem and then cancel the trial) for difficult situations and yours seems to fall into that category. You can check the rest to see if anything helps, but I suspect you'll end up coming back to needing this program. There's no guarantee it will work (although the list of what it can do is impressive, it doesn't specifically include encrypting the certificate - but it's certainly worth a try).

I hope this helps.

Good luck!

Read other 2 answers

Hi there,

Since yesterday Eset is warning me very frequently while on Yahoo and on some other websites (such as Stacksocial). I know it happens occasionally to Eset to warn from time to time about an untrusted certificate. What's unusual is how many alerts there are (on Yahoo there are up to 5 in a row and the regularly as long as i stay on the website).

This happens on our 3 PCs using the latest version of Eset Internet Security with the latest database downloaded on Windows 10 CU (64 bit). Someone in my family using Eset is also experiencing the same warnings.

I've included a poll to know your opinions on this. I also included the screenshots of the warnings but since my systems are in French, i included as well a screenshot of the same alert in English that i found on a Eset forum somewhere.

Thanks for reading me, i was just curious to know your opinions on that

A:Eset throwing warnings about "Untrusted certificate" on Yahoo and other websites. False positive ?

What is being said by ESET - either by staff on the ESET forum or other places - about the issue ?

Read other 0 answers

I have a windows 10 operating system partition that is encrypted with bitlocker. Unfortunately I don't remember ever having activated bitlocker encryption nor can find and
.bek file or numeric pin or password.

My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device when installing
the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.

My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably
it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and
thus circumvent the necessity to enter the bitlocker code?

My third uncertainty is concerning the unlock key. I found a .pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/ where a drive
is indeed decrypted with the sha1 certificate thumbprint like... Read more

Read other answers

I have a windows 10 operating system partition that is encrypted with bitlocker. Unfortunately I don't remember ever having activated bitlocker encryption nor can find and
.bek file or numeric pin or password.

My first uncertainty is in why my device is encrypted in the first place and who encrypted it. There are two possibilities: I have encrypted it myself and forgotten about it. The manufacturer that shipped the laptop has encrypted the device when installing
the operating system (which I don't think is the case). I contacted the manufacturer and they do not have knowledge of any key.

My second uncertainty is in why the bitlocker lockout was triggered at this time when it worked fine for the last year or so. It says Boot policy has unexpectedly changed. From what I have red so far, there are a lot of reasons why this can happen. Probably
it happened because I did not properly remove a external USB harddrive or I changed some BIOS settings without knowing what I was doing. The only important question is if it is it in principle possible to roll back the boot policy to its initial state and
thus circumvent the necessity to enter the bitlocker code?

My third uncertainty is concerning the unlock key. I found a .pfx certificate file that I might have exported during the encryption procedure, I just don't remember. I found a post https://www.einfaches-netzwerk.at/teil-20b-bitlocker-dra/ where a drive
is indeed decrypted with the sha1 certificate thumbprint like... Read more

Read other answers

I recently purchased and installed a new modem, an Arris SB6183-RB. I went through the install with my provider and got everything enabled and set to go while I was on a direct ethernet connection. The ethernet connection still works fine.

My issue is once I send traffic over my wireless router, an ASUS RT-AC68U that I have had for two years and always worked great. Something is causing major security conflicts. Perhaps the firewall somehow? Basically, any device over the wireless network receives certificate security errors and websites cannot load. I have attached outlook.com screenshots as an example. I have two computers, and a smart phone, and any websites over the network now have problems. There are a few sites where certificates seem to work, and some apps on my phone seem to work fine. But the majority of websites:

1.) I get an alert from ESET antivirus about the faulty certificate.
2.) If I ignore that, Firefox is usually next on my tail.
3.) If I add an exception on Firefox and ignore, then it goes through OpenDNS and I am blocked on that end.

Basically, any traffic over my router is now hit with tons of warnings. I have tried the following:

1.) Updated the Firmware on the router, took a few flashes to get up to the most current Merlin version 380.62, did not help.

2.) I tried modifying a few settings in the router firmware that were recommended after updating to the latest Merlin, but these are more speed adjustments. Did not help.

3.) I went into the GUI fo... Read more

Read other answers

Was unable to access my encrypted XP data files after clean installing W7 onto the same machine. Fortunately found a certificate key on an old backup. Don't want to mess this up again so looked at certmgr and am unclear as to where to import the key to??

There's lots of info on how to encrypt your files but not much on how to properly import a certificate. Where should it go so I can access all my files?

Appreciate your time,

A:How to correctly import certificate key to read encrypted XP files

Hello Lorlin,

If you mean for a EFS certificate, then this may be able to help.

Encrypted File System (EFS) Certificate Backup

Encrypted File System (EFS) Certificate Restore

Hope this helps,

Read other 2 answers

I have a problem that started randomly where I was suddenly unable to access files encrypted with EFS. I get access denied errors and am unable to move or copy the files.
The files that were encrypted using a user's domain-issued certificate, the certificate is expired but still viewable if you search in certmgr.msc. There are subsequent self-issued certificates which I assume should have taken over but they don't seem to
have. The certificate with the relevant thumbprint expired over 12 months ago (15 months to the day).
The expired certificate with the correct thumbprint shows as having a private key but will not allow me to export with private key.

Read other answers


This update resolves the "'Certificate Revocation List Is Not Available' Error Message Appears with Encrypted Outlook Mail" issue in Windows 2000 and is discussed in Microsoft Knowledge Base Article (KB) 308707. Download now to prevent an error message from appearing when you receive an encrypted e-mail message.

System Requirements
This update applies to Windows 2000




Read other answers


I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.

However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com

Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

Read other answers

I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate".  "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Eye Gee

A:Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

Read other 8 answers

I come to you as a PC ignoramus in need of some expert advice with regards to a serious issue I am facing,
I have had hackers completely takeover my network and have not only taken control of all webtraffic from the network on all devices but also have installed some form of software which stops me from changing AV etc,
Only reason I noticed is I went TCPview (Will attach pictures) and noticed these connections, i have tried reinstalling and it only comes on as soon as I connect to the network.
Also, I have run Spyhunter and it is consistently coming up with large amounts of cookies threats
Namely 207, Sex -??,
Name: Media
Path: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies::ipinfo_13054458043766831
Severdyby and numerous others
I have no idea what to do and need your assistance, Its much appreciated BC members
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Owner at 17:43:06 on 2014-09-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.6098.3272 [GMT 10:00]
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.... Read more

A:Complete Network takeover - Whole network traffic hijacked + PCs Infected HELP!!

Anyone able to help me?
Would be much appreciated

Read other 3 answers

I'm not sure if I'm trying to do the impossible but I'll explain the situation.

I have this roommate that is excessively consuming the majority of the networks bandwidth. I've blocked all service ports except for 443, 80, and a few other ones used for every day task. The problem is that he is still consuming a ton of bandwidth, I'm guessing by streaming or downloading through HTTP.

I have *two* WGR614v10 router, and a Realtek PCIe LAN card controller at my disposal. I attempted to set QoS settings on what we will call Base Router. That did not seem to do the trick because router QoS only blocks ports and slows upload speed. Since that did not work I hid the SSID/MAC filtered connections to the Base Router and then connected my computer to the Base Router and rebroadcasted the signal using a Secondary Router using a shared connection, which I gave him access to. The point of this was an attempt to control bandwidth through the Realtek LAN card; I am not having any luck with this though. I've set the adapter to 10Mbps at half duplex already.

Does anyone have any suggestions on what I can look into for limiting bandwidth? I want him to have Internet but not abuse it like he's doing because that is not what we agreed upon.

A:How to limit network traffic speeds with a network card?

If you want to solve the issue using your existing equipment, you can try dd-wrt on one WGR614v10. See this thread (DD-WRT Forum :: View topic - WGR614v10 Support - Jump to post 9) which claims that there is a dd-wrt flash for WNR1000v3 which works on WGR614v10. Then look a thread like this (DD-WRT Forum :: View topic - Steps for Permanently limit Bandwidth of a PC using DD-WRT ?) to setup the limits. You can start a new thread in those forums if you want someone to walk you thru the steps.

Or you can just buy a router/access point that has a bandwidth limiting feature for each SSID that it broadcasts.

Read other 2 answers

I have about 300 computers on my network and want to isolate a department. That department is generating to much traffic. I don't know if I should use a bridge,Ethernet switch or create a workgroup for them. I still need the deparment to be on the same network.

Thank You,


A:Traffic on the Network

A workgroup won't really help with router traffic. It's just a logical arrangement for the computers.

I don't honestly know enough to say whether a bridge would be better, but I would think a switch would be more cost effective.

Hopefully someone with a bit more knowledge about this will reply soon.

Read other 2 answers


I have a LAN of about 10 computers and we conect to internet via a switch. I want a software to monitor which computer consumes internet speed

A:Network traffic

Would resmon not do the trick?

Read other 1 answers

Dear All,

I want to monitor my network traffic. Which tool I will have to use for that and how to monitor network traffic. Please help me everyone because this is very important question which I will have to face in interview.

Thanks in advance

A:Network Traffic


Read other 2 answers

Can anyone walk me through trying to fix my networking issue? Is that allowed in this section?

If so, I've got a computer connected to our network, and it's able to access all the other computers on the network, but trying to access it from the server and I get nothing. Even trying to ping it from the command prompt it times out. However, pinging the server from the computer it kicks back immediately. It's not a firewall issue because I've turned it off and still cannot connect to it from the server. I recently had to remove some scareware from this computer, and that's when the networking issue started.

Any ideas?

A:One-way traffic on a network



ICMP enabled, DHCP enabled, firewall off. Nothing doing. Workstation sees everything on the network and can access shared folders and ping all other workstations. But the rest of the workstations and the server "see" the troubled workstation, but cannot contact it.

Read other 18 answers

I use NetMeter to monitor in and outbound traffic to my computer, and starting a coupple of months ago, every once and a while, a series of a thousand or so 2.25 to 3Mb/s upload spikes start, amounting for almost 1Gb per day!!!!!

the spikes occur every 20 seconds, like clockwork.

i'll post a screenshot from netmeter next time it happens.

the odd thing is, no antivirus i've tried has found anything! same goes for antispyware!

whenever i start deleteing processes from the process list, it stops, then comes back after a coupple of minutes! also, if i am running on wifi, plug in my network cable, wait for it to connect, and disable wifi, the pulses subside for a bit, then come back!

i'm concerned because of the incredible ammount of data involved, and, it seems to have been increasing iver the past month.

Luckily, all the important data on my machine is encrypted, but, if the spikes are a data transfer, encryption won't mean $#!7.

any ideas?
screenshot comming soon.

A:Odd network traffic

Read other 8 answers

Hi Sirs,

Good day!

For those who encounter this kind of network problem, please help me solve mine.

My setup is like this;

Router - patchport - 48pins switch - patchport - 32 PC

My problem is if all the PC is open some of the PC will be disconnected to the mapped shared drive on network from a PC that is a server storage type but they are still connected to the internet. Sometimes also the internet connection of the server type storage PC itself will disconnect like an X in its network icon.

What could be the possible cause of this problem?

Thank you!

Best regards,

Read other answers

We start using Microsoft ATA within our environment, but the following events keep popping up;
Gateway, DCx, is receiving more network traffic than it can process. A portion of the network traffic is not analyzed.
We disabled the offload settings on our NICs on both the DC's and the ATA Server.
The DC's and the ATA Server are both running Server 2016 and we are using the lightweight client.
The output of the sizing tool:

The DC Specs;
DC1; Physical 40CPU, 32GB
DC2; Hyper-V, 16CPU, 32GB
DC3; Physical, 20CPU, 32GB
DC4; Hyper-V, 16CPU, 32GB
The ATA Server Specs;
Especially DC1 generates lot's of this notifications.

Read other answers

I've got a client who has his office in his home. Unfortunately, his two teenaged sons are also on the network with their own PC's. Last month there was over 200 GB's of traffic through the ISP. I've gone through the business end of the network and haven't found any viruses or spyware (due dilligence) and I know its those two little *$#^. Of course, the owner thinks the kids are the best thing since sliced bread, so he's pointing the finger at me. Soooo...I need to not only capture packets as they route through the server, but I need to determine the nature of the packets either via protocol or better yet application, and it would be nice to determine the IP they're coming from. I'm sure they're doing extensive file sharing, but other than getting onto their PC's I can't prove it.
Can someone suggest an app that can provide this kind of detail? I've tried Ethereal but I either dont' understand the logs or they simply don't provide the info I need.


A:Determining network traffic on LAN

I remember seeing hardware that does this for you, I forget the name of it but I'll look around.

Read other 3 answers

Is there a way I can measure the bits/second going into/out of a given network port number - such as 9090? I need to separate the rate of network traffic going through port 9090 vs other ports (such as port 80, for example). 

Is there a program that will provide that information?

Read other answers

I have a laptop and a desktop networked through a router. The laptop is attached to a domain (running Win7 Enterprise 32-bit), the desktop is not (running Win7 Professional 32-bit).
In the "Network" folder on the desktop, I can see the desktop and the laptop, and I can access both. Same on the "Network Map".
But on the laptop, in the "Network" folder, I can only see the laptop. Any attempts to access the desktop by IP address or UNC path are met with a network error ("Windows cannot access \\desktop"). The desktop appears in the "Network Map" but it cannot be clicked or otherwise interacted with.
I have a homegroup set up on the desktop but I cannot join it from the laptop.

What do you think I can do to allow the laptop to see the desktop?

A:One-way traffic on home network

Hi atlight, Welcome to Seven Forums.

This is what I did. File sharing.pdf

Read other 3 answers

if I were to share a secured dsl wifi connection with someone else.. would it be possible for others on the network to sniff or through any other possible means available get access to passwords or content I browse???

A:Traffic Safety on a network

It is possible to have access to a DSL system via a router without sharing local files, after all this is what happens at every coffee shop with free Wifi access

The "trick" is to make sure that the network is set to private which will disable the file and printer sharing and network discovery (by default, unless this has been edited).

If you have an existing multiple user system where sharing is already set-up, and wish to add an extra system with just internet access you should, dependent on your router, be able to enable guest access to the net but with no sharing access, (this may be the best option as the security would be managed in the Router, and i's hardware firewall/NAT)

One thing to ensure whichever way you go is to use strong passwords on all systems and especially the router, (both the wireless security and the router admin account)

Read other 4 answers


I am a network administrator of a Software Company
and using Symentec Corporate Edition 2000.
It is updated on regural basis for every nodes on our
network and our network consists with one Cisco PIX
Firewall which is connected with Cisco switch and all
the computers are connected with the cisco switch.
Every Nodes on our network using PIX internal IP
Address i.e. as a Getway and accessing
broadband(256 KBps) internet, no Proxy is installed
over here.

Now the problem, that we are facing for last two days
are when more number of PCs are starting on LAN, the
packet broabcusting is increasing upto 900KBps which
is showing on firewall inside interface traffic
monitoring software and internet access speed is
becoming slow.

After Scaning all the machine no Virus or Spyware or
worm is being detected.

please help me by proper susession.


A:Network traffic problem

you may also want to use network monitor to find the problem.

here is the case study we had. quoted from http://www.howtonetworking.com/casestudy/spywareblockinternet1.htm

Case Study - Trojan and spyware block accessing the Internet

Situation: Small Company has a Linksys router connecting to the Internet. In the early morning, accessing to the Internet seems to work fine. After half hour or one hour, accessing to the Internet is slow and slower. Eventually, no one in the office can access the Internet. The temporary solution is reset the router or reboot all computers.

Investigation: 1. We checked and tested all hardware connections such as NIC and cabling. They are OK and they donít have any issues to share files and printers.

2. TCP/IP configuration looks good too. Used nslookup to check the status of DNS and it looked good.

3. Network Monitor and the log of the router listed a lot of packets sent to the router.

Resolution: Based on the Network Monitor and log, we found the problem computer with many Trojan and spyware. After we cleaned the computer and install a firewall, they donít have the same issue any more. A happy ending!

Related Topics

Troubleshooting Internet Access
Troubleshooting Spyware

Read other 3 answers

First off, I am not sure if this is where this post goes. This seems to be the best thread since my question sort of falls in the security side of things.

OK, say I have a network setup at my house. Someone brings over a laptop and plugs it into my network. Would it be possible to tell what program they are running on their computer from one of my computers without accessing their computer? Say, the program requires HTTPS port to remain open and the program runs non-stop while the computer is plugged in. Is there a way to figure out what program they are running or what website they are connecting to is?

A:Network Traffic Question.

Yes and no. If their computer has a firewall (and you don't have access to their computer), you cannot tell what programs they are running. That's one of the purposes of firewalls.

However, once they leave their computer, you can detect this.

One way is to put a sniffer on your network. That will tell you what traffic is passing by. Although there are plenty of free sniffers out there, very few will put your network card in promiscuous mode (the mode it needs to be in to see their traffic).

Second, try checking your router. Many keep logs of all the connections they make.

Third, install a proxy server. That way, all web traffic would have to hit the proxy in order to get out to the Internet. That way, you can see everything.

Finally, you could install a DNS server on your network and point everyone to it using whatever DHCP server you use. All requests for web traffic would then be routed through your DNS server which would cache the responses. I use one to speed up web browsing (my ISPs DNS servers are not that great), but you could use it to check traffic through the cache if you wanted to.

FYI: Most businesses use option 3.


Read other 2 answers

I know this sounds funny but my network has been running really slow since we installed the DST patches. I thought it was Mcafee but have taken it completely out of the picture and its still really slow. Did a virus check & spyware and got nothing. Even when I print something it takes 2 minutes to finally print.

A:Network traffic is slow

What are the system specifications? Computer, RAM, Windows....etc.

Do you have an active anti-virus now? What is running when you look at the processes in the task manager....can you attach a screen shot?

Read other 3 answers

When i connect to the internet(broadband) of late, i notice excessive network traffic.I installed Sygate Personal Firewall a couple of months ago after going through this forum. What I'd like to know is which processes should be allowed access via the firewall. Recently, I've seen warnings like "Port Scan Attack Logged"I hope i've been able to make some sense. I've included the HijackThis logfile below.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:07:18 PM, on 8/18/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINNT\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32&... Read more

A:Excessive Network Traffic

Hi brindanaik,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 5 answers

I am having problems printing. I need to capture the traffic from the workstation across the network, to the printer. I believe the problem is actually with the printer itself (such as the nic card, or the system board) but I would like to have some to show the tech from the printer company as they have tried to blame it on our network in the past.

I assume what I need is a sniffer, but if there is one out there a little more user friendly then another that would help.

Thanks in advance

A:Capture network traffic

I use WireShark as a protocol sniffer.

Read other 1 answers

I have 10 Windows XP Clients, 1 Windows 2000 Advanced Server configured as a domain controller, 1 Windows 2000 Advanced Server with SQL Server 7.0 installed and 1 Windows 2000 Workstation.

Here is the problem:

When the Win2000 workstation logs on in the morning and gets into the system, everyone else slows to almost a complete stop. If I unplug the Domain Controller after she logs on, everyone else speeds back up. If the domain controller is not plugged in the win2000 workstation can't log on. This is a serious problem and I can't figure out why the network would slow. My Domain Controller is the only machine with a 10 MBPS ethernet card. The SQL server sits outside the domain in a workgroup.

My boss is really pissed off because this has been going on for weeks now.

Please Help,



A:Network traffic problem

Read other 10 answers

I am going to be using a lot of unsecured wifi, and need to tunnel all my network traffic using SSH to a computer at my house. Does anyone know how to do this? I have read some guides, but they talk about only internet explorer and not everything I am sending out, including pings and DNS requests. Any help would be great.

Read other answers

I'm looking for a good network analyzer software that allows me to monitor the network. maybe have some features on discovering devices, ports, bandwidth in a certain amount of time, etc. Thanks.

A:network traffic analyzer

That would depend on the network topology. Any global network monitoring will have to be done with access to a common point where all the traffic converges. Addressed traffic between workstations will go directly between them via any switches and gateways in the path, so you can't do this with just a workstation.

Read other 1 answers


I have downloaded an SSH server called WinSSHD and an SSH client called Tunnelier. I'm attempting to have traffic encrypted on my home network.

The way i am attempting this is with a client to server setup, which means that traffic from laptop one is encrypted by the client which is also on laptop one, then sent to the server to be decrypted, and the server then sends that traffic to its final destination which is laptop two. The question i have is this... isn't this pointless if i have the ssh server on the same computer as the ssh client? Because then the traffic is sent to the client, encrypted, sent to the server, decrypted... all while being on my local machine! It's then tramsmitted unencrypted to the second laptop. Is that what happens? If i'm right about this, then are there any web based SSH servers which can be used instead of a local one installed on my machine? And i know a solution might be to install the server on laptop two, but this isn't how i'd like to achieve this.

Thanks for any repiles.

A:trying to encrypt network traffic using SSH

Only the portion of the traffic between Tunnelier and WinSSHD is encrypted. If Tunnelier and WinSSHD are on the same machine, then no external traffic is encrypted. In order to encrypt the network traffic, you need to install the SSH server on the machine you are accessing.

If you cannot do this, you need to install some crypto software on the destination machine, which crypto software needs to interoperate with the software installed on the source machine. I.e., if it's not SSH, then it needs to be something else, but whatever technology you choose, the crypto needs to be on both machines.

Using an internet server won't help you for encrypting local network traffic, unless, again, you install some software on both machines that accesses the internet server securely and passes the data through it. Such a solution will also be considerably slower than a straight LAN connection.

Read other 1 answers

Hey guys I have an issue that im not sure is an issue but im pretty sure it is as my other pc isnt doing it. My computer constantly is sending and receiving data. even though im not downloading anything. or updating or am on any instant messenger, nothing is running that should need internet yet, constantly there is traffic.

Now I normally prolly wouldnt think much of it but i have another computer in the same state just sitting there doing nothing. So that worries me. Ive run AVG, Mcafee, Spybot and adaware and all of them turned up nothing (other than the usual like tracking cookies annd the sort). Anyone have any suggestions on what I could run next to try and resolve this please Thanks. Rlincoln24

Additionally if anyone knows of a tool that will allow me to monitor my network connection and see waht is using it where data is going and what not id appreciate it thanks.

A:Constant Network Traffic

Look in the Task Manager and see what applications and processes are running.

Read other 8 answers

Hello all.
I have a 50 user network with multiple switches and WAPs.  Im noticing that all the activity lights on all ports are constantly showing traffic.  I would imagine that one of my computers is doing some sort of port blasting or spaming.  How do I go about finding that computer?
Thank you,

A:Excessive Network Traffic

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507604 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers

I have a computer that is experiencing much higher than expected network activity. Over the course of a 6 hour period, it received 1.7 GB of data and sent 300 GB; this is actually a mild sample of the last months issues. We have had the computer use as much as two gigs in an hour. It will use data whether people are working on it or not, as long as the computer is powered on.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by lks (administrator) on HANDSINHARMONY (30-03-2016 08:29:38)
Running from C:\Users\lks\Desktop
Loaded Profiles: lks & QBDataServiceUser22 (Available Profiles: lks & Lara & QBDataServiceUser22 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.)... Read more

A:Tons of network traffic...

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 3 answers