dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7033
share rss forum feed


gwalk
Premium
join:2005-07-27
West Mich.
reply to dbirdman

Re: [HN9000] Something on new computer is draining my bandwidth

I have a hard drive selector switch in mine:

»www.cooldrives.com/index.php/4po···3ba.html

Allows me to run 4 different operating systems without having to dual boot.
Works really well.


sarah81

@direcway.com
reply to dbirdman
Okay, so I had no problems with draining bandwidth yesterday afternoon and evening, and thought maybe the issue was fixed (like I said, I've already turned off all the auto updates I can think of), but then this morning the exact same thing happened again. Before I remembered to check, I had dropped from 500 to 230 MB. So I immediately disconnected my ethernet cable before I lost the rest. After a few hours, I plugged it back in, and now the number is holding steady and nothing is draining it.

What could be causing this to happen only in the morning? I generally only put my computer in sleep mode at night, I don't shut it down. So it's not as if Windows is booting up or the Hughesnet system is restarting.


gwalk
Premium
join:2005-07-27
West Mich.
Being a new computer probably everything installed on it wants to update. It can be hard to change everything to "manual".

I still think it may pay to keep it off the net until the first opportunity to update everything during the free time.

Once everything is updated you should be good to go except perhaps on "Patch Tuesday"

You really don't want to run un patched.
You are running Anti-virus and anti-malware software I hope.

laserfan

join:2005-01-14
Texas
reply to sarah81
As dbirdman has said already, everyone on HN *really* needs to set their BITS service to download only during FAP-free periods. It has never failed me (how long has it been since we figured this out Don, a year maybe?).

The only quirk of doing the registry change for FAP-free BITS operation is that the Windows logs will contain numerous messages about "getting downloads" that don't actually happen until the 200a ET start, at which time the downloading commences.


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
said by laserfan:

(how long has it been since we figured this out Don, a year maybe?)

Just over a year, December, 2011. I don't know about the "we" - the reg file I ended up recommending used your settings rather than mine.
--
Motosat self-pointing dishes: .74 meter G74 on 127W, SL-5 HD DirecTV|Hughes HN7000S|Verizon UMW190 Air Card|1990 Blue Bird Wanderlodge Bus "Blue Thunder"|Author of hnFAP-Alert, PC-OPI and DSSatTool


sarah81

@direcway.com
Okay guys, I think I've figured out what the problem is, but I still have no idea how to fix it. I've been watching the damn Task Manager, and the thing that keeps popping up when the bandwidth is draining is "svchost.exe (netsvcs)" I looked it up and it seems other people have had problems with this thing constantly downloading, especially with Windows 7. But I'm so computer illiterate, I'm still not sure exactly what it is or how to go about getting rid of it. I've been trying to shoot it down as it pops up by either clicking "end process" or "suspend process," and it goes away for a few minutes only to come back.

If anyone could give me simple steps for how to turn this horrible thing off or get it out of my system (or point me in the direction of where those steps might be), I would be so grateful.


gwalk
Premium
join:2005-07-27
West Mich.
For some info read here:

»www.neuber.com/taskmanager/proce···exe.html

Do you have an anti-program installed ?
Do you have an anti-malware program installed ?

Have you ran scans with these yet ?

silbaco
Premium
join:2009-08-03
USA
reply to sarah81
svchost is not malware.

One More Too

join:2010-09-09
Galena, IL
said by silbaco:

svchost is not malware.

That is absolutely correct. The svchost is a legitimate Windows process, and it is likely that several instances of it will show up in the task manager at any given time.

That said, it is possible for malware to initiate svchost, but, especially with a brand new computer, I think it unlikely. My guess would be that you are still getting automatic updates to either Windows or other software, which is quite normal with any new computer for a period of time after the computer is put into service. Have you changed the setting for Windows Update to the choice that notifies you of updates and lets you decide which to download and install? And have you also disabled automatic updates to all other software installed on the computer? If you haven't done those two things, you are likely to continue to have "surprise" use of your bandwidth.

In any case, to be certain that you don't have malware, I would suggest running several malware scans. In addition to running a full system scan with your installed anti-virus program, I would also suggest running full scans with Malwarebytes and SUPERAntiSpyware. Free additions of both can be found with a quick Google search. I would also suggest running a scan with the free version of HijackThis. The HijackThis results are a bit harder to interpret but, if you run the scan and paste the results here, we can either help you interpret them or point you toward an on-line analyzer that will help you interpret them.


sarah81

@direcway.com
reply to gwalk
Norton came preinstalled on the machine, but I haven't actually run a scan yet. (I hope that isn't another thing that's downloading updates without my permission.) I'm downloading Microsoft's Malicious Software removal tool right now. What are the best free ones to use?

I ran that Svchost Analyzer in the link you posted, but it's hopeless. I just don't understand the results or what to do about them.


krakkks

@telus.net
reply to sarah81
Here is an important question to ask:
Are you running a Windows 8 that came on disc(as in direct from Microsoft),
Or is it an OEM that was preinstalled on a name brand computer? What is that computer brand name? There should be lists online that show bloatware per OEM.
A quick overview of bloatware of windows 8
»bgr.com/2012/11/27/windows-8-cri···oatware/

I know you don't have Windows 7 but for those who do.. This link shows how to get a clean version of Windows 7 to reinstall and have a clean computer.
»arstechnica.com/information-tech···-new-pc/
It is an ISO that you burn to disc. Microsofts online distribution partner. 3GB's + .
Do you know someone with a full version windows 8 disc?(an upgrade version can also do a clean install if you know what to do)... You can use it to install a clean version, and you use your OEM label(product key) to authenticate. disclaimer: beware that if your computer does not accept the clean version(note a 64bit can replace a 32bit if the processor is 64bit), you should of made your oem backup discs from the protected OS reinstall archive on your hard drive.

OEM computers love to add on crapware that keeps calling home. Now why it seems to have an update schedule that downloads at specific times is up to debate.

malwarebytes
»www.malwarebytes.org/

spybot 1.6. As version 2 is shit.
»www.safer-networking.org/mirrors16/

comodo windows8 firewall free version. uncheck at install all things that are not 'firewall'. The download is more than just firewall(sales pitch for trials of their other products).
»personalfirewall.comodo.com/
Used to be able to block pre-installed crap from calling home. Nothing can update unless you say it can or the program determines something is safe for auto internet access.

By the way the above 3 may be up to about 150MB's for download combined.

Zonealarm has a free version as well. Beware of download links that are about 2MB's, as they are actually an installer that is used to download the full package. Nothing wrong with them but people then don't realize how big the real download is.

Check running/future tasks in the task manger.
In windows8 , Move mouse to lower left corner and right click(where start button was),
control panel,
administrative tools,
task scheduler,
And have a look around.

You can also look on the 'services tab' to check for junk programs that wants to run too.


gwalk
Premium
join:2005-07-27
West Mich.
reply to silbaco
You are correct, it is not. However it can be corrupted/infected..use your own term..

As a process of elimination it costs nothing to be sure the system is virus/malware free.


krakkks

@telus.net
reply to sarah81
Almost forgot about the 'live tiles' on the start screen. Thats one area I right click and uninstall all the little buggers as I only use desktop mode(keep the desktop tile).

push notification for live tiles.
A generalized article.
»www.alltechienews.com/posts/micr···-battery
That of course required a new system to handle the push notifications that the operating system would be forced to handle. Microsoft built something called, you guessed it, the 'Windows Push Notification Service (WNS),' for this task.

Interestingly, Microsoft tapped the Live Messenger architecture for WNS. Given the number of updates that Windows 8 will eventually have to handle, the company said that that team was required, as "[t]here are not many teams in the world with the expertise and knowledge to be able to build a globally scalable service that can ramp up to such large numbers so quickly."

And finally, all of that mostly takes care of the system performance question, but what about bandwidth usage? Apps that are constantly sucking data from the Great Cloud in the Fiber will certainly negatively impact battery life. Well, Microsoft is leaving that to the user by providing bandwidth usage data for Live Tiles in Task Manager. It's up to you, kid.
,,
The 'resource monitor' should tell you whats running and using bandwidth.
Right click over the clock and choose the task manager and then click 'resource monitor'
.

laserfan

join:2005-01-14
Texas

3 edits
reply to sarah81
said by sarah81 :

I ran that Svchost Analyzer in the link you posted, but it's hopeless. I just don't understand the results or what to do about them.

Not sure what you ran, but try "svchost viewer" which requires you know the PID of the specific svchost in question:

»svchostviewer.codeplex.com/

This at least will tell you exactly what executables are running with that particular svchost and narrow things down for you.

said by dbirdman :

I don't know about the "we" - the reg file I ended up recommending used your settings rather than mine.

Ok well then I figured-out the "best way", but db you gave it credibility!