>Hi Jos
>
>>It could be Windows Update running and checking for updates. What have you got that set to? Auto, download but confirm?...
>
>No just to notify me.
That still requires access to check for updates.
>>What about AV updates?
>
>Probably but I have recently updated to the latest version so the patch should not be so big, practically went on for half a day or more, plus the AV does not seem to be in the final list. Plus it was persistent, disable the network card and it stops, enable the card and it is back again.
>
>Had it been a virus/torjan or what have we, could/would it have shown on TCPView?
That would depend on how sophisticated it is. It is possible for malware to remain virtually undetectable. One option would be to attach a protocal analyzer to the outbound stream to try to start figuring out what is being communicated. You could try getting a program like WireShark and see if that can see the traffic. If not, you would have to get the traffic after it leaves your computer. Starts to become a mission...
Start with running some rootkit detection software. A decent rootkit coverage website including links to many anti-rootkit tools;
http://www.antirootkit.com/and some reviews;
http://www.informationweek.com/software/showArticle.jhtml?articleID=196901062http://tinyurl.com/28dvys
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.
