Huge number of active connections, few programs running.

Hello, I recently started having some issues with my internet connection in the form of disconnects and heavy lag.

It started with a random disconnect while playing a game (Legit Copy of S2's Heroes of Newerth).

After the disconnect certain programs would fail to connect to the internet, and my browser (Mozilla Firefox 3.6) wouldn't load certain websites, and others slowly.

I started ran Netstat in order to see what connections were active and I was blown away by the result. I'm sure there were more than a hundred connections active. My first reaction was to use Zone-Alarms internet lock, remove my network cable and restart my computer.

After rebooting I disabled the internet lock and reconnected my network cable.

After running netstat a second time, at least half of the connections were gone, but there were still far more than it should be.

See the attached archive for the netstat results in JPEG format.

The majority of the connections are made to my local router on 192.168.0.254

To do some additional testing I ran Wireshark and saw that my computer was making several failed connection attempts to 74.125.79.104

Browsing the IP displays a google site that wants to run scripts, tough they were blocked thanks to a Firefox addon.

After this I decided completely scan my system using your Malware removal guide.


The only problem I ran into during the guide was RootRepeal scanning forever. I saw it scan the same folder repeated times, and thought it was running different scans so I left it overnight (10h). When I woke up it was still scanning, and I saw the same folders being scanned, so I aborted it viewed the log. It said that I started it 1 minute before stopping.

All the other Scans yielded no positives. I still have the huge numbers of connections to my router and I still experience disconnects.

I do not have spare router to see if it's the current one misbehaving.

I'm not really sure what I should do next and was hoping you guys could help me.

If there is anything else you need, let me know.

And sorry if this is in the wrong forum. I was unsure if this should go in the Malware sub forum or this one.

I have attached two .zip archives - one containing screencaps of the netstat (parameters -aon) and the other one containing the logs.

I also included a DxDiag log containing my system information.

Pardon me if I should not have done that, but it was more efficient than uploading every file separately.

 

Done! Sorry for that.

 

Thank you for making sure this issue isn't Malware related, that's a relief since I was told by other people that my computer was infected and surely was in a botnet.

But the initial problem still remains. I have a tenfold of connections established to 192.168.0.254 (my router), and a new connection opens approx. every other second judging by repeating netstat every 2 seconds.

Do you, or someone else, have any suggestions what the problem might be or what measures I should take next in order to track down the source of this?


Another issue arose during the malware removal procedure. My mouse started lagging, and settings such as sensitivity and mouse acceleration keeps shifting, and every 5 minute the mouse stops responding and doesn't work until i disconnect and reconnect it to the USB.

I'll try reinstalling the drivers for it and see if it solves the problem.

 

Perhaps you should try netstat -nb ? You will get connection owner process name if you'll get lucky...

 

Yep, I do use ZoneAlarm. The problem is that it's my computer making connections to the router. My machine i successively connecting to each and everyone of the ports on my router. As can be seen on the screenshots contained in the Netstat Result.zip attached to my initial post, the first port in that Netstat was 16008. It has now reached... 27263!

That's about 11.000 ports in one day.

Something very suspicious is that the program making all these connection is "System Idle Process".

I have no idea why it would want to make 11.000 connections to my router.

 

I'm not really sure what you mean by "connection owner process name", but if you meant the name of the process which is trying to establish these connections, then the answer is "System Idle Process".

 

An update on my mouse problem:

Even though I reinstalled the drivers for my mouse after the Malware removal procedure, I'm still experiencing that my mouse freezes briefly, changes sensitivity, switching between mouse acceleration on and off and the mouse stopping responding.

There are no fixed time intervals for this. I leave the computer for 10 minutes and it still works. I use the computer and the mouse intensely and all of the above symptoms occur several times in 10 minutes.

Is this something that happens regularly after the malware removal procedure, and is there a fix?

Or have I just gotten myself another problem to worry about? :cool

P.S

Going to bed. Expect no replies in the next 16 hours.

 

Hello, I'm back with a clean installation of Windows - and the problems still persists.

Though, I think have tracked down the source of the problem with the connections. It seems as that it is directly connected to whether ZoneAlarm is running or not!

This is strange, since it has never happened before, and I currently have two other machines in the same network running ZoneAlarm as well, but neither displays those connections when I run netstat.

The reason I didn't notice this when I tried netstat during the malware removal (while zonealarm was disabled) is because the connections stays for some time or until I reboot.

I'm still not sure if this is the source of disconnects, or if it is my router going haywire.


Also, I'm still having trouble with my mouse. I've tried reinstalling the drivers multiple times and I've tried with no drivers. I tried with and without drivers after the clean windows install; still not working.

Maybe I should go make a post in the hardware forum since this is pretty much off topic in the networking forum