Lenovo desktop w/ fresh WIN7 install eating data - any ideas?

[mset]

Hi guys

I have a strange problem on my hands. I grabbed a used Lenovo Desktop
for my Dad from our BST site up here, RFD. Seller is a trusted guy, and he installed WIN7
fresh for me. I set the rig up on Jan. 14.

Yesterday my Dad got a popup from his ISP warning him that he's near
his data limit. Now, my Dad does nothing but check email and visit the
New York Times and a few other sites. In 5 years he has never used
more than 15% of his monthly data limit. Starting Jan 14, there is 2-5
GB per day being consumed. There is no way that he has used anywhere
near that.

Does anyone have any idea what might be going on here? I haven't
installed anything unusual. The seller got me a Microsoft HUP version
of Office, which I installed. I haven't had time to put anything else
on there other than VLC Media Player, Skype, and a few others that
were all on his old rig.

Thanks

 

[VirtualLarry]

If Skype was running in the background (installs default to starting with Windows), then it could have used that much traffic. Skype uses a peer-to-peer network, and routes calls and call data through other PCs on their network.

 

[Lemon law]

My guess may be a virus that may have come through on some old apps from your Dad's previous rig, but VirtualLarry might have the better guess.

But that is the point, don't guess, know.

So I recommend you download a program call Networx, which is a network monitoring program which you can watch in real time, and then you can use MSconfig or similar program to take apps on and off the start up list. And when you find the app that is eating data when the computer should be dong nothing, you may find your culprit.

In my case with a Vista system, that method did not work except to find out something was eating data. I ended up having to do a boot time scan with Avast, to find a virus hiding in a backup drive, which is why I guessed Virus.

Good luck OP and when you solve it let this forum know, especially since you will probably get other suggestions.

 

[Ketchup]

Is there a wireless network and is it properly secured?

 

[C1]

Ensure always that you and/or your dad does their surfing/internet access using a non-administrative account (ie, separate limited account created to help ensure that nothing is able to install itself from the networks and operate behind the scenes).

 

[denis280]

Is there a wireless network and is it properly secured?

Yeap

 

[C1]

And along with that is "did you update the OS for all MS security patches?"

After an OS is freshly installed, I spend a good 30min going thru things to lock down the system (eg, firewall, AV, wifi WEP/WPA, create limited accounts, lock down browser settings, etc) before attaching or enabling the network as something can easily sneek in/install itself if your running wide open even for a few minutes.

 

[mset]

Thanks for the responses and sorry for the delay in getting back to you all. I was over at his place for a while checking things out. Unfortunately, things aren't much batter after a phone support session with the ISP. I'll try to answer these in order.

If Skype was running in the background (installs default to starting with Windows), then it could have used that much traffic. Skype uses a peer-to-peer network, and routes calls and call data through other PCs on their network.

When I installed Skype I made sure to set it not to run on startup, and I used msconfig to confirm that it is not running.

 

[mset]

So I recommend you download a program call Networx, which is a network monitoring program which you can watch in real time, .

I will try that. The ISP had me download a similar freeware program from CNET and using it we are able to see large amounts of data being downlaoded but of course we cannot see where they are going, or which program is doing the downloading. I'll try Networx tomorrow.

 

[mset]

Is there a wireless network and is it properly secured?

All right, check this out.

We are using a modem from the ISP, an SMC modem. Early on, my Mom was having issues with her WiFi connectivity and a friend suggested we try a Linksys router with Tomato installed. I got one and set it up by plugging it into the SMC modem, while leaving my Dad's desktop plugged into the modem as well. All was working okay, although my Dad was having some occasional page load problems. Tonight, the ISP told me that this setup is sub-optimal and that I should run the modem in 'bridge mode', plug the router into it and then plug the desktop into the router as well. The ISP guy had me power cycle the Linksys router and change the setup. All was well..until I tried to log into the Linksys to check the wirless network. Suddenly I could not log into it! I had just logged into it 10 minutes before calling the ISP!

So now I start a search to try to figure out why I can't log in. Finally I use ipconfig in the cmd window to check the default gateway, and it was not the IP address I had been using to log into the router all these years. I tried what it showed but that didn't work either.

So... now I am unable to log into the Linksys router in order to check/change the wireless security settings.

Any help on this would be hugely appreciated as there doesn't seem to be much else that the ISP is suggesting. They said 'virus or wireless security issue'. and if it's not wireless security, I am going to have to reinstall Windows. That would be okay, except that the guy who sold me this Lenovo asked me if I knew how to install WIN7 on a Lenovo rig, and when I asked him 'why, is it tricky?', he said there are some things that are required form the Lenovo site and they are 'tricky to find' so he ended up doing them himself. I have installed WIN7 before and it's pretty straight ahead... unless it isn't, if you know what I mean. I have no idea about the special requirements for installing WIN7 on a Lenovo rig (drivers etc).

 

[mset]

Ensure always that you and/or your dad does their surfing/internet access using a non-administrative account (ie, separate limited account created to help ensure that nothing is able to install itself from the networks and operate behind the scenes).

Thanks, I think he is on an admin account now. I will change that.

And along with that is "did you update the OS for all MS security patches?"

After an OS is freshly installed, I spend a good 30min going thru things to lock down the system (eg, firewall, AV, wifi WEP/WPA, create limited accounts, lock down browser settings, etc) before attaching or enabling the network as something can easily sneek in/install itself if your running wide open even for a few minutes.

I asked the guy who installed windows to do that and he said he had fully updated it. Right now I think there is a green shield in the Windows update area and it says there are 0 updates available (I think, I just glanced at it tonight because someone told em that the data use I am seeing could be related to Windows update settings, but I can't believe that).

 

[Smoove910]

what ip address and subnet mask did ipconfig show you?

 

[Ketchup]

If you reset the router you should be able to log into it with the factory credentials.

 

[mset]

what ip address and subnet mask did ipconfig show you?

Thanks for your input

Subnet mask.......255.255.254.0

Default Gateway.......174.116.160.1

The old IP address that got me in to the router was 192.168.1.2

If you reset the router you should be able to log into it with the factory credentials.

Thanks. I assume I can find the factory credentials by searching the router's model name. This router was flashed with Tomato and the current credentials including the key are on a sticker on the bottom, and those are the only credentials I'm familiar with.

PS - Gotta crash, will check back soon. Thanks again to all who took the time to respond.