10/20 - Computer may be under the control of a foreign program - East Valley Tribune: Business

10/20 - Computer may be under the control of a foreign program

Print
Font Size:
Default font size
Larger font size

Posted: Monday, October 20, 2003 9:36 am | Updated: 1:14 pm, Thu Oct 6, 2011.

Q: My computer seems to be doing things when I am not using it. The hard drive light flashes, my Internet connection shows activity even when I don’t have a browser open. Is there something in my system or am I just paranoid? — Josh

A: With all of the vulnerabilities, Trojan horse programs, spyware, adware, worms and viruses that are floating around, it is prudent to be somewhat paranoid.

The specific causes of the activity that you are noticing could be nothing more than one of the many background utilities that should be running. Or, it could be a malicious program that has made its way into your computer and is using it for sending out spam, worms or is hosting pirated software for others to download without your knowledge.

Virtually every anti-virus program on the market automatically checks for updates on a regular basis, as do all of the Windows XP operating systems, which could be some of what you are experiencing.

A somewhat technical method of checking to see if something is accessing the Internet from your computer is to use the netstat (which stands for NETwork STATe) utility that is built into most operating systems.

Before you use this utility, make sure that all of your programs are closed, especially your browser and e-mail programs.

Click the Start button, then Run, then type "command" for Windows 95, 98 or ME and "cmd" for Windows NT, 2000 or XP. This will open a box that looks like an old DOS screen, known as a command line.

Once the box is open, type the command "netstat," which will bring up a series of headings that read Proto, Local Address, Foreign Address and State.

If you closed all your programs, there should not be anything under any of the headings, which list the following information:

Proto lists the protocol (usually either TCP — Transmission Control Protocol or UDP — User Datagram Protocol).

Local Address is your machine.

Foreign Address is another machine on the Internet or a local network.

State lists the current state of any of the connections and is the one that you will be most interested in.

If the word "Established" appears under the State heading, then something is causing your computer to connect to another computer on the Internet.

To see what a normal connection looks like, open your browser and connect to any Web site, then run netstat again to see what a legitimate connection looks like.

If you see any "established" connections when you run netstat and no Internet-related programs are running, you likely have a program running in the background that is accessing the Internet.

The Web site address that it’s connecting to will generally appear under the foreign address heading (ending with :http) which is a starting point for figuring out whether this is a legitimate or malicious connection.

If you feel you have been infiltrated, try running programs such as Ad-Aware (www.Ad-Aware.com) or SpyBot (www.safer-networking.org)

which will track down and remove known adware and spyware programs.

Ken Colburn is president of Data Doctors Computer Services and host of "Computer Corner" radio show at 10 a.m. Saturdays on KTAR (620 AM) and the "Tech No Phobia" television show at 5:30 p.m. Tuesdays on COX9. Readers may send questions to datadr@aztrib.com.

  • Discuss

'EV Women in Business'

A PDF of the Tribune special section, featuring a mix of sponsored content from our loyal advertisers and newsroom coverage of the East Valley business community.

Your Az Jobs