Who's using the Shared Internet Connection

I have noticed that something is opening up the shared Internet Connection that appears in Network Connections along with my LAN connection. I disable it and it disappears, but comes back sporadically. I also see large amounts of data going in/out over the connection. No other symptoms. I run AVG and SuperAntiSpyware regularly, am firewalled and use a MAC filter on my WLAN. Using Netstat, sysinternals processmon, etc, I have been unable to identify what program is opening this connection. Is there a good utility for identifying the opener.

Help.

 

You might try this app - http://www.majorgeeks.com/CurrPorts_d5079.html

 

Thanks. I used it and while it was running, I saw a process with an unknown process name, a process id of 0, using port 3410 connected to an IP address of 207.211.21.18. I googled ip port 3410 and it is a port associated with the Optixpro trojan. Guess it's on to the malware forum.....thanks again.

 

Not trying to keep 2 threads going on this and this will be my last post on this in this forum, but I thought the networking folks should be aware of what I think is a very scary hole in UPnP and routers that can compromise a system. It involves both networking and malware. This thread explains.

http://forums.majorgeeks.com/showthread.php?t=178836