Internet... so... slow...

Geod

I'm having a huge problem with my internet and need some help/advice. Basically the internet has slowed to a crawl. I'm barely able to post on the forums.

It started this morning, I thought my internet had gone down. That's fine, it's happened before. So I reset my router and cable modem. Turn the modem on again, wait for it to be ready, plug back in the router. My internet works again. 30 minutes later, it dies again. I do the router/modem thing again. It works again. And undefined time later, it goes out again. I try to do the router/modem thing again - it doesn't fix the internet this time. So I call Comcast, and they tell me everything seems to be fine, have me go through a few steps, and nothing works. So they tell me my modem doesn't work for some reason. I don't believe them.

So I unplug my router/modem and let them sit for a few hours. In the meantime, I run all my antivirus stuff (Symantec) and anti-spyware(spybot, ad-aware, windows defender) all of which were updated recently. They find a few things, gets rid of em. I plug my stuff back in, and my internet works - but very slow. So I decide to plug my computer directly into the modem. Same thing, absurdly slow. For some reason it's fast when the connection first comes up, but then slows down. So if I disable the connection, re-enable it, I can go somewhere real quick. That's how I got to the forums.

I'm getting a legit IP address but what's interesting is the amount of packets sent and the ones received. Right now it's at:

900,000 packets sent, 165 received.

The packets sent increases even when I'm not doing anything on the net. The numbers above are only after about 5 minutes connected.

I don't recall that as being standard. Anyways, the only thing that I've done recently is updated Windows which I hadn't done for about 6 months. You would think that would help if anything, but this is Microsoft we're talking about. And that was a few days ago.

So any help you can give would be awesome, or suggestions. This thing has me stumped. My instincts tell me it's a virus of some sort... but I'm not sure. Thanks!

One more thing - I had another computer on the network, and it didn't work either but that was back when the internet didn't work at all. I don't have it hooked up right now... I should try it.

ElectricTurtle

Yeah that up/down is completely the opposite of what it should be. Unless you're the king of all uploads, you should definitely have higher receive numbers than sent. It does sound like something is running in the background and is using all your (likely asynchronous) bandwidth for some nefarious purpose. I'd go to sysinternals.com and get process explorer and autoruns and try to track it down. I also remember having seen utilities that list applications by their network usage. I don't remember one specifically, but you might try to find one that does that.

Fristle

If you can, boot Windows into safe mode with networking (press F8 at boot time), and see what the behavior is like there.

Also, open your cable modem properties page (usually http://192.168.100.1) and give us the signal stats. Specifically the lock status, SNR, and signal power levels.

Geod

Thanks for the responses. Here's what I could find on my modem pages:

Downstream

Frequency: 603000000 Hz Locked
Signal to Noise Ratio: 35 dB
Power Level: 1 dBmV

Upstream

Channel ID: 5
Frequency: 33000000 Hz Ranged
Power Level: 37 dBmV

I'm gonna *try* to get to sysinternals, and then if I can't or it doesn't work, we'll try safe mode. Thanks for the help so far!

Fristle

Ok, it's not a problem with your signal from your ISP. Those values are all operating within range of "ideal."

thatnerdyguy

My money's on a virus. Run the scanners again, I'll bet that something you removed is back again. It's fairly common that some of the nastier little guys can get into running memory and just re-insert themselves immediately. Booting into safe mode and cleaning may take care of it. You might also try scanning in safe mode with a few different AV tools, just to make sure the thing's nuked.

Also, if the second scan does turn up something, note the name of the virus and google it, you may be able to find manual removal instructions.

Sarcastro

Are you pulling your sent/received info from the PC or the modem?

From PC: probably a virus (Spamware - may have come with something and been officially installed by you as part of another program.) May not be detected as spyware if you gave it permission to install somehow, check ad/remove programs as well. You may also by getting raped by an open torrent on your PC.

From modem: Bad modem. Sometimes modems go crazy and start sending out storm traffic. This can happens with PC NIC's too, but its much rarer.

Either way, where you're getting your numbers from will point to the problem machine.

MikeRyu

I've had a similar-ish problem for while where my upstream dropped quite dramatically and I am often disconnected at random times. Also when turn on the computer for the first time in the day I usually have to wait a good twenty minutes or so until I can get a connection. I'm pretty sure that these are all related.

EggyToast

Do you have a buddy or friend near you that you could convince to download and burn a copy of, say, Ubuntu? Booting off a live Linux CD should let you see if it's something with Windows or some other problem.

Still, it looks like your computer is throttling the connection by uploading stuff like crazy. This happens to me when friends connect to my computer via FTP and download things, which is rare, and I even have that limited at 40kbps. If I upload something to, say, my website, it will try to max out the connection and will also make downloading slow. Tolerable, but slow.

So see if you can try out Ubuntu or a similar linux live CD. It's one of the reasons I always kept one around when I still ran Windows.

Sarcastro

Yah, usually upstream is a much smaller pipe than downstream, and when its clogged, you get the big zipola.

Geod

So, update time.

Computer still doesn't work, I booted it into safe mode and all the spyware and anti-virus stuff didn't find anything. And all of the software definitions were updated yesterday. Unfortunately, I didn't have internet long enough to download any other AV or anti-spyware programs. So I load back into normal mode, and connect my computer to the internet, slow as it is, to try and grab some information. A few minutes after connected, Symantec finds a virus. I forget what it's called, but i do a search for it, and it's a trojan but a low-risk one. So I get rid of it. Disable the connection, and re-enable to to surf some more and the trojan is detected again by Symantec. After about another time, it isn't detected again. But my internet still sucks.

I am only able to barely surf the internet when my computer is directly plugged into the modem. When the router is involved, I can't go anywhere, but the uploading packets is still as high as before.

I plugged in my laptop to the network in place of the desktop that was being affected. Trying both wireless and wired with the router and/or modem, it didn't work at connecting to the internet. It didn't show the tons of uploading packets though as the desktop. I say screw it, and leave the internet alone. A few hours later, I try my laptop again, and this time ---- it works. I'm on it right now. I can't try my deskop now though because it's packed in a box. I'm moving tomorrow out of my apartment. So tomorrow, I'll have a different router and modem to work with. I'm curious to see if my desktop will work or not. Regardless, I'm reformatting it. I usually try to do it at least once a year, and it's time to do it.

Anyways, thanks for all the help and suggestions, let me know if you think of anything else.

Mitsuhide

This same thing happened to me a few months ago.

Like, the exact same. (well, minus the laptop)

Anyway, I moved in around august to a new house, and it turns out that the only problem with the internet in my shitty apartment was that the lines in the building were really old, and to top it off, the lady who lived there before me didn't even own a phone.

But as soon as I moved to my awesome new house, the internet has been fantastic.

Fristle

Geod wrote: »

I booted it into safe mode and all the spyware and anti-virus stuff didn't find anything.

My original suggestion was not to use Safe Mode to find malware, but to use it as a "known good condition" where you can try out the Internet and see if it still isn't working for you. Others have suggested Linux Live CDs and stuff (which would be a better option if you had it ready) but I figured SafeMode would be quickest to try.

Geod wrote: »

A few minutes after connected, Symantec finds a virus. I forget what it's called, but i do a search for it, and it's a trojan but a low-risk one. So I get rid of it. Disable the connection, and re-enable to to surf some more and the trojan is detected again by Symantec. After about another time, it isn't detected again. But my internet still sucks.

Personally I don't believe in the feasibility of removing malware once it gets in. If you have discovered that your system was 0wned, I would recommend backing up your data files and reformatting/reinstalling the OS. Sounds like you're planning to do that anyway.

Geod

Fristle wrote: »

Geod wrote: »

I booted it into safe mode and all the spyware and anti-virus stuff didn't find anything.

My original suggestion was not to use Safe Mode to find malware, but to use it as a "known good condition" where you can try out the Internet and see if it still isn't working for you. Others have suggested Linux Live CDs and stuff (which would be a better option if you had it ready) but I figured SafeMode would be quickest to try.

Geod wrote: »

A few minutes after connected, Symantec finds a virus. I forget what it's called, but i do a search for it, and it's a trojan but a low-risk one. So I get rid of it. Disable the connection, and re-enable to to surf some more and the trojan is detected again by Symantec. After about another time, it isn't detected again. But my internet still sucks.

Personally I don't believe in the feasibility of removing malware once it gets in. If you have discovered that your system was 0wned, I would recommend backing up your data files and reformatting/reinstalling the OS. Sounds like you're planning to do that anyway.

Yeah, I would have used a Knoppix disk if I had another computer available to download it at the time (I do now). Anyways, the affected computer has already been backed up and reformatted. Runs as speedily as ever, thanks everyone. This can be locked now or whatever.

Xeno

Did you download some internet speed booster type thing? I know Google has one and I downloaded it and this same type of shit happened to me.

Geod

Xeno wrote: »

Did you download some internet speed booster type thing? I know Google has one and I downloaded it and this same type of shit happened to me.

Nope, those things don't usually work at all. I'm fairly paranoid about things I download, so it's odd how it got on my system in the first place.

Älphämönkëy

FWIW, the problem is the rate you are uploading. I don't know what is causing the problem, but Comcast does some funny things when you upload past a certain rate for a specified amount of time. Those numbers seem to vary by region and service plan, for me the magic number is ~40Kbps.

Slow down your uploads, and you'll see your latency drop back down to earth.

(you can test this by pinging google.com)