I have a Windows 7 computer and use DUMeter to monitor traffic coming in and out of my computer. Every once and awhile, such as while I’m typing this, I can see a large download coming to my computer. I’ve checked my information area, lower right in the taskbar, and I don’t see a Microsoft icon, which usually appears when they’re downloading fixes. Plus, today’s Monday and it’s usually Wednesdays when I actually get them. I also have Norton 360 which never really tells me when its downloading definitions or other program updates.
Sometimes a big download is from someone who has sent me a large video file without asking or by mistake. I get concerned when I see such activity and I want to protect my computer. I’ve asked a number of people and searched your site for how to identify what website is downloading to my computer and I found no answers. I may just be asking the question incorrectly but I suspect you probably understand what I’m looking for.
What web site is downloading to my computer?
Yes, I understand what you’re looking for. Unfortunately, we can’t necessarily tell exactly what is being downloaded; but we can take a pretty good stab at what program on your computer is trying to do that download.
Become a Patron of Ask Leo! and go ad-free!
Websites only download what your browser requests
First I want to clear something up: it’s probably not a website that’s doing this. Remember, websites are those things that you visit in your browser. So askleo.com is a website; google.com is a website; microsoft.com is a website. Those are places that you go to using a browser such as IE, Firefox or Chrome.
Typically, things that are downloaded by your web browser are things that you’ve requested. Web pages that have to be downloaded before they can be displayed, programs, and PDF or Word documents are all things that won’t download without you asking for them explicitly, or at least not without your explicit permission.
But, many programs will automatically update themselves. So will Windows itself.
Automatic and background updates
What that means is that any program on your computer, including the browsers that I just talked about, could in fact be downloading an update. These downloads don’t come from a website per say, but from another server out on the internet that has the programs that these programs are checking for updates.
It may also happen to be a web server, and have some websites on it, but these kind of downloads are often coming from locations that actually have nothing to do with websites, depending on the program and the specifics.
Some programs- like your anti-malware tools- also update periodically. As you point out, some aren’t telling you that they’re doing it. They just go ahead and do it. And of course, your email program could be checking for and downloading email.
Malware can do anything
Now everything I’ve talked about so far are normal processes that happen on everybody’s computer. But we also need to talk briefly about malware. The problem here, of course, is that malware can do anything. So if you have an infection of some sort, your computer could be downloading or uploading all sorts of things.
It could even be sending email; a classic example of one of the ways that botnets are used. They hijack people’s machines and use those email programs to send spam.
So, step one is of course to make sure that your security software is all up to date and that you’re running scans. I’d also consider running a scan with malwarebytes.org’s free tool. It tends to catch a few things that some other tools don’t.
But honestly, it sounds like you’re probably already there. It sounds like you’ve already got some decent anti-malware software on the machine, and I will just assume that it’s probably up to date and doing what we think.
Monitoring network activity
This article talks about using a Windows 7 utility called Perfmon to see which programs are accessing the network. It’s a program that’s already installed on your machine as part of Windows 7. It actually does a pretty nice job of showing you which programs are connected to something out on the internet; which ones are downloading lots of data, and which ones are not. This can possibly at least give you a clue.
Sometimes, unfortunately, the clue is very obscure. For example, sometimes Perfmon will show that the process called svchost is the one doing the download. Well, that doesn’t really help you a lot because svchost can actually be downloading on behalf of many, many different services and programs.
But on the other hand, sometimes it will be really obvious. It will say, “It’s this program over here; this program is just downloading like crazy from the internet”. And then all of a sudden a light bulb will go on and you’ll think, “Oh, of course. This program does that; it makes total sense”. And at other times you’ll think, “Oh this program does that; it doesn’t need to do that. I will turn that part of the program off”.
At the least it will allow you to gather some more information about exactly what’s being downloaded on to your machine when you see this happening. Give it a try.