SNMP and a virus?

griffy · 29 Jul 2007 at 12:20

I'm currently having problems with my Windows XP machine.
I noticed that I was uploading a hell of a lot of data when doing nothing on my machine. Using Analog X's netstat live program (very handy) my machine's upstream was working at over 70k/sec

I tried the dos command netstat-a and saw a lot of connections that didnt seem to make sense, some were mail servers etc?

I use AVG anto virus and the firewall, I booted into safe mode and did a full scan, and found nothing. I then blocked everything with the firewall, and began re-enabling programs net access. Now it seems everything is fine, until I give SNMP.exe access to the net, then the upstream gets very busy again....

Any ideas what trojan/virus/silly program is at fault and how I can fix it?

Thanks in advance

Jimbeam3678 · 29 Jul 2007 at 12:27

The process called snmp.exe is used by Windows applications when communicating with network devices using SNMP (Simple Network Management Protocol). SNMP is used to perform remote administration of network hardware such as Routers and Hubs. Snmp.exe is required for your system to remain stable, you should not terminate this process.

snmp.exe is flagged as a system process and does not appear to be a security risk. However, removing Snmp Agent may adversly impact your system.

The Process Server database currently registers snmp.exe to Microsoft.

This is part of Microsoft Windows.

griffy · 29 Jul 2007 at 12:55

Inetinfo.exe found in c:\windows\system32\inetsrv\

seems to be the culprit now....If that gets net access, my outgoing data rises to max upload speed :rolleyes:

This is getting nasty

griffy · 29 Jul 2007 at 13:29

Screen shot of netstat -a

Surely this aint right? My pc is infected and is trying to send out lots of emails? AVG cant detect anything wrong :mad:

Jimbeam3678 · 29 Jul 2007 at 14:43

Have you tried using a different anti virus try NOD32 that wil pick it up no doubt

Anthony · 29 Jul 2007 at 18:15

divaboy said:
The process called snmp.exe is used by Windows applications when communicating with network devices using SNMP (Simple Network Management Protocol). SNMP is used to perform remote administration of network hardware such as Routers and Hubs. Snmp.exe is required for your system to remain stable, you should not terminate this process.

snmp.exe is flagged as a system process and does not appear to be a security risk. However, removing Snmp Agent may adversly impact your system.

The Process Server database currently registers snmp.exe to Microsoft.

This is part of Microsoft Windows.

You don't need the SNMP service to be running for the system to remain stable. Unless you have a good reason for it, eg; you want your MIB to be managed or are sending traps to somewhere, I'd disable it.

The netstat shows lots of SMTP connections which are incrementing so something looks to be up to no good. I'll leave it to the Windows experts to advise on the best software to use to search for the culprit.

mattyrigby00 · 29 Jul 2007 at 18:59

oops double post

mattyrigby00 · 29 Jul 2007 at 19:00

try netstat -b and see what that says. (the -b makes it show what program the connection belongs to.)