Spyware Toolbar Diverting Traffic - HUGE amounts of data DL

Wireshark.

If that doesn't help, get sys internals as well and use procexplorer and procmon.

Thanks Xennith.

It's a little late in the day now, but I was contemplating virtualising the image (the machine cannot go back on the network) and running Wireshark to see what happens.

I will give the sysinternals tools a run in the morning and post my findings (if any).

Thanks again.

Sounds like some Browser Helper Object (BHO). HolaSearch is one of many such bits of software that hijack searches and can generate a lot of traffic. Have you looked into those?

If you can run the machine (real machine or virtualized one) run HiJackthis, it usually gets quickly any Registry key/file associated with BHO's
http//sourceforge.net/projects/hjt/

jaclaz

A quick bit of Googling has identified the computer is likely to have picked up a browser hijack which is diverting the traffic to this location in order to provide the user with 'relevant' advertising.

Okay, if I understand this correctly, you Googled the issue rather than actually analyzing the system?

A quick bit of Googling has identified the computer is likely to have picked up a browser hijack which is diverting the traffic to this location in order to provide the user with 'relevant' advertising.

Okay, if I understand this correctly, you Googled the issue rather than actually analyzing the system?

No, you don't understand correctly; perhaps I phrased it poorly. For the record (and so people don't read your comment and think I'm just another two-bit point-and-click examiner), I thoroughly analysed this computer to the best of my abilities using the tools I have, and have identified the entry point for this software, the changes this software has made on the computer, and the behaviour of this software. All this I detailed in my original post.

I came here to ask other examiners if they have had any experience of such software, or if they could provide advice on any other local locations I can check with regards to the excessive bandwidth usage, so that I may also better my knowledge.

If you can provide me with any help with this, or believe there is something I have not done or missed, I will gladly take your advice onboard, and use it to further my investigation. As you can see from the posts above yours and below mine, others are already providing such help.

Thanks to Xennith, BitHead and jaclaz. I will try your suggestions out tomorrow. BitHead this the SmartBar toolbar, which I guess is the same animal as HolaSearch. Thanks again for your help.

Harlan, I apologise if I've come across as rude. It's been a long day. I have the utmost respect for you, however I would appreciate it if you could make your posts a little less sharp and little more helpful. The purpose of this forum is for people to learn and to share. Right now, I'm looking to learn.

Thanks. Andrew.

For the record, there is a Smartbar (linked to snap.do) and a Linkury Smartbar, this latter seemingly much more "naughty" and "persistent".
http//fearlessweb.trendmicro.com/2012/viruses-and-malware/what-you-need-to-know-about-smartbar-and-snap-do/
http//forums.anvisoft.com/viewtopic-45-1208-0.html

http//www.zimbio.com/Latest+Computer+Threats/articles/bHDT3pu8Lc_/Uninstall+Linkury+Smartbar+Remove+Linkury
Also, judging form the Registry keys listed here
http//www.cleanpcguide.com/remove-linkury-smartbar-removal-guide-how-to-remove-linkury-smartbar/
http//techvts.com/remove-linkury-com-smartbar-virus
it really seems something "insecure".

jaclaz