I have been getting large ( 300MB +) unknown bandwidth usage from:
173.199.122.4.choopa.net PORT 80
Google comes up with a blank - Does anyone know what program uses this or what the bandwidth is from - I have never visited this site?? and all my updates are set to manual.
I only use Windows xp firewall - is there a way to block this address without having to install commercial firewall software - I find these programs annoying and they slow everything down.
Thx for any help
choopa.net
Moderator: LW Moderator
-
Meddle
- Super Member
- Posts: 2621
- Joined: Sun Nov 05, 2006 9:44 pm
- Location: In the driver's seat.
- Has thanked: 78 times
- Been thanked: 123 times
Put a line in your HOSTS file with a localhost address. This can be found at "C:\Windows\System32\drivers\etc\". Whether this will actually stop it or not I don't know, although I do know that it kills most ads on the web.
as such:
choopa.net is a managed hosting site with Tier 1 bandwidth available. The address you've given is a sub-domain of that site. And port 80 is used for http for both TCP and UDP packets.
Lastly I have no idea why this site is sucking bandwidth from you.
as such:
Code: Select all
127.0.0.1 173.199.122.4Lastly I have no idea why this site is sucking bandwidth from you.
-
zobraks
- Super Member
- Posts: 2192
- Joined: Tue May 15, 2007 7:13 pm
- Location: Eurosongland 2008
- Been thanked: 55 times
Re: choopa.net
Bad choice. The Windows XP built-in firewall cannot check & block outgoing traffic on your PC.jjim wrote:I only use Windows xp firewall - is there a way to block this address without having to install commercial firewall software
You can install the free version of ZoneAlarm (download link). I've been using it since 2003 with no problem whatsoever.
-
otiscrusher
- Super Member
- Posts: 1680
- Joined: Tue Aug 21, 2007 9:18 pm
- Location: Russia
-
otiscrusher
- Super Member
- Posts: 1680
- Joined: Tue Aug 21, 2007 9:18 pm
- Location: Russia
-
3dslUserLoad
- Super Member
- Posts: 187
- Joined: Fri May 02, 2008 10:28 am
- Been thanked: 7 times
Looking at the site http://choopa.net indicates that this is a commercial internet provider with domicile in New Jersey, USA.
It seems there is some choopa.net customer with the IP 173.199.122.4 who uses your computer as a proxy server for downloading/uploading processes. Maybe you are victim of a trojan or you run software which acts as a proxy. Therefore you have to locate and to eliminate this software which can be very difficult. I don't believe that installation of some Antivir stuff will help because the software is already active. I personally don't use any.
The HOSTS file is an old remnant from the time of the juvenile internet and is provided to speeding up DNS name resolution to IP addresses, for example if you want to access another computer in your home network by name instead of the IP address.
If you resolve the domain name "173.199.122.4.choopa.net" to your local IP of your computer (127.0.0.1) by HOSTS, then all outgoing requests to this domain name will be redirected to your local computer which will result in a timeout after some seconds. This can be used to block domain names (advertising sites).
But if the evil user changes its IP, e.g. to "173.199.134.70.choopa.net" or he changes his provider or uses yet another proxy to access your computer, then he will be able to misuse it again and you will have to insert another block entry into the HOSTS file. Therefore blocking by HOSTS is no perfect solution.
A better solution for general URL blocking is the network router if you have one and if it permits block entries.
The Windows firewall is very spartan and only able to block UNREQUESTED INCOMING connections, actually it is a slimmed router software.
To change properties of the Win-FW, run "control.exe", doubleclick "Windows Firewall", check "Active", choose tab "Exceptions" and revise the entries there. In my opinion there should no one be checked here, except you chitchat and/or do torrent or something. The same applies to the tab "Advanced", "Lan Connection Properties". (I don't know the English titles, so they might differ)
If the Win-FW isn't blocking traffic to the offending site but it is activated and maybe justified properly then you are running software which initiates such connections.
If you have some experience you can also take a look at the list of running services by invoking "services.msc" and search for suspicious entries there.
For example, if you have an NVIDIA card then there might be a running service like "NVIDIA...NVSvc" (don't know the correct name), which is being started after the installation of a graphic card driver. Or there might be something like "Update...blahblah". Such dubious services can be stopped and deleted afterwards by invoking "sc.exe delete <internal_service_name>".
Good luck.
It seems there is some choopa.net customer with the IP 173.199.122.4 who uses your computer as a proxy server for downloading/uploading processes. Maybe you are victim of a trojan or you run software which acts as a proxy. Therefore you have to locate and to eliminate this software which can be very difficult. I don't believe that installation of some Antivir stuff will help because the software is already active. I personally don't use any.
The HOSTS file is an old remnant from the time of the juvenile internet and is provided to speeding up DNS name resolution to IP addresses, for example if you want to access another computer in your home network by name instead of the IP address.
If you resolve the domain name "173.199.122.4.choopa.net" to your local IP of your computer (127.0.0.1) by HOSTS, then all outgoing requests to this domain name will be redirected to your local computer which will result in a timeout after some seconds. This can be used to block domain names (advertising sites).
But if the evil user changes its IP, e.g. to "173.199.134.70.choopa.net" or he changes his provider or uses yet another proxy to access your computer, then he will be able to misuse it again and you will have to insert another block entry into the HOSTS file. Therefore blocking by HOSTS is no perfect solution.
A better solution for general URL blocking is the network router if you have one and if it permits block entries.
The Windows firewall is very spartan and only able to block UNREQUESTED INCOMING connections, actually it is a slimmed router software.
To change properties of the Win-FW, run "control.exe", doubleclick "Windows Firewall", check "Active", choose tab "Exceptions" and revise the entries there. In my opinion there should no one be checked here, except you chitchat and/or do torrent or something. The same applies to the tab "Advanced", "Lan Connection Properties". (I don't know the English titles, so they might differ)
If the Win-FW isn't blocking traffic to the offending site but it is activated and maybe justified properly then you are running software which initiates such connections.
If you have some experience you can also take a look at the list of running services by invoking "services.msc" and search for suspicious entries there.
For example, if you have an NVIDIA card then there might be a running service like "NVIDIA...NVSvc" (don't know the correct name), which is being started after the installation of a graphic card driver. Or there might be something like "Update...blahblah". Such dubious services can be stopped and deleted afterwards by invoking "sc.exe delete <internal_service_name>".
Good luck.
Thanks 3dslUserLoad
Very concerned that someone may be using me as a proxy.I use Netlimiter 3 pro which never shows the activity from choopa.net.
I have just installed the free Zonealarm but the settings look pretty basic and There dosen't appear to be any settings to block anything but programs.
Any tips on how else to block all instances of choopa.net much appreciated.
Thx.
Very concerned that someone may be using me as a proxy.I use Netlimiter 3 pro which never shows the activity from choopa.net.
I have just installed the free Zonealarm but the settings look pretty basic and There dosen't appear to be any settings to block anything but programs.
Any tips on how else to block all instances of choopa.net much appreciated.
Thx.
-
otiscrusher
- Super Member
- Posts: 1680
- Joined: Tue Aug 21, 2007 9:18 pm
- Location: Russia
I meant dl, install, scan, uninstall, move on to the next one, because you surelly got a virus. Go to wbb and dl Avast, Kaspersky, Norton, Trojan Hunter, Avg , smth Antispyware and so on. If you cought polymorphic virus, then youre <i>fudge</i>. Only full format would help.
As for me... I dont even use antivirus or firewall.
As for me... I dont even use antivirus or firewall.
-
otiscrusher
- Super Member
- Posts: 1680
- Joined: Tue Aug 21, 2007 9:18 pm
- Location: Russia
May be just not enough sunshine?because you surelly got a virus
There're a few solutions but formatting probably gonna be faster. I had such virus and I dealth with it pretty easily. The operation was very time consuming though.If you cought polymorphic virus, then youre fudge. Only full format would help.
Yeah, I don't wear any clothes either.I dont even use antivirus or firewall.
-
Trey
- Super Member
- Posts: 1671
- Joined: Thu Jul 12, 2007 3:43 am
- Location: U.S.A. - Just like Disneyland! (but with more Porn, Drugs, and Guns)
- Has thanked: 2 times
- Been thanked: 13 times
You're going to want to run a Rootkit scan, try running MalewareBytes see if that picks up anything.
http://www.malwarebytes.org/
http://www.malwarebytes.org/
-
hfric
- 3DSL Moderator
- Posts: 5026
- Joined: Sun Jan 09, 2005 2:51 am
- Has thanked: 49 times
- Been thanked: 233 times
1. install and use Spybot
2. install and use hijackthis
Code: Select all
http://www.safer-networking.org/index2.htmlCode: Select all
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬