N
-Nisko-
Any ideas on what happened and how to fix this one? Thanks.......
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Gabriele Neukam
Any ideas on what happened and how to fix this one? Thanks.......
Maybe it is related to the AlCan worm removal procedure, that you
reported in your previous posting? Somehow, your system is seriously
broken.
Time for some reading
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
Gabriele Neukam
(e-mail address removed)
N
-Nisko-
I hope it isn't seriously broken. I rebooted and it's working fine (for
now). I made the Services changes that thecreator recommended before
rebooting. Keeping my fingers crossed. I have the feeling that the MS
Malicious Software Recovery Tool is giving me a false positive. Hope I'm
right..........
now). I made the Services changes that thecreator recommended before
rebooting. Keeping my fingers crossed. I have the feeling that the MS
Malicious Software Recovery Tool is giving me a false positive. Hope I'm
right..........
D
David H. Lipman
From: "-Nisko-" <[email protected]>
| I hope it isn't seriously broken. I rebooted and it's working fine (for
| now). I made the Services changes that thecreator recommended before
| rebooting. Keeping my fingers crossed. I have the feeling that the MS
| Malicious Software Recovery Tool is giving me a false positive. Hope I'm
| right..........
|
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
| I hope it isn't seriously broken. I rebooted and it's working fine (for
| now). I made the Services changes that thecreator recommended before
| rebooting. Keeping my fingers crossed. I have the feeling that the MS
| Malicious Software Recovery Tool is giving me a false positive. Hope I'm
| right..........
|
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
N
-Nisko-
David, I was able to run Sophos overnight - here are the results:David H. Lipman said:From: "-Nisko-" <[email protected]>
| I hope it isn't seriously broken. I rebooted and it's working fine (for
| now). I made the Services changes that thecreator recommended before
| rebooting. Keeping my fingers crossed. I have the feeling that the MS
| Malicious Software Recovery Tool is giving me a false positive. Hope
I'm
| right..........
|
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
You can choose to go to each menu item and just download the needed files
or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
Could not check C:\Documents and Settings\Bob Onysko\Local
Settings\Application Data\IM\Notifier\envelopee.imn\EnvelopEMoreMail.swf
(virus scan failed)
Scan aborted due to an unrecoverable error.
11181 files swept in 2 hours, 20 minutes and 29 seconds.
3845 errors were encountered.
No viruses were discovered.
3800 encrypted files were not checked.
Ending Sophos Anti-Virus.
The results are 'cryptic' to me. Doesn't look like Sophos found malware -
but, what are the 3,845 errors? Should I be concerned? Going to run Trend
now.
N
-Nisko-
It's 11:18am EST and I'm running the second AV app. Guess I should haveDavid H. Lipman said:From: "-Nisko-" <[email protected]>
| I hope it isn't seriously broken. I rebooted and it's working fine (for
| now). I made the Services changes that thecreator recommended before
| rebooting. Keeping my fingers crossed. I have the feeling that the MS
| Malicious Software Recovery Tool is giving me a false positive. Hope
I'm
| right..........
|
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
You can choose to go to each menu item and just download the needed files
or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
asked you exactly what I'm doing and why. Running this app is unusual for
me (DOS mode and five programs in one). Also, I have to run them
consecutively. Also, I was thinking, if it's possible to identify what
processes called up svchost.exe, it should also be possible to trace them to
determine which one(s) are chewing up my processor - Yes? I should mention
that the svchost that is using 90% of my processor has about 30 processes
attached to it. Thought that was unusual. However, when svchost is
behaving normally, I still have one instance of svchost that is attached to
about 30 processes. Does that make sense? Thanks......
D
David H. Lipman
From: "-Nisko-" <[email protected]>
| It's 11:18am EST and I'm running the second AV app. Guess I should have
| asked you exactly what I'm doing and why. Running this app is unusual for
| me (DOS mode and five programs in one). Also, I have to run them
| consecutively. Also, I was thinking, if it's possible to identify what
| processes called up svchost.exe, it should also be possible to trace them to
| determine which one(s) are chewing up my processor - Yes? I should mention
| that the svchost that is using 90% of my processor has about 30 processes
| attached to it. Thought that was unusual. However, when svchost is
| behaving normally, I still have one instance of svchost that is attached to
| about 30 processes. Does that make sense? Thanks......
|
It is NOT DOS or DOS Mode.
It is a full Win32 Command Console.
Yes, what you post makes sense.
| It's 11:18am EST and I'm running the second AV app. Guess I should have
| asked you exactly what I'm doing and why. Running this app is unusual for
| me (DOS mode and five programs in one). Also, I have to run them
| consecutively. Also, I was thinking, if it's possible to identify what
| processes called up svchost.exe, it should also be possible to trace them to
| determine which one(s) are chewing up my processor - Yes? I should mention
| that the svchost that is using 90% of my processor has about 30 processes
| attached to it. Thought that was unusual. However, when svchost is
| behaving normally, I still have one instance of svchost that is attached to
| about 30 processes. Does that make sense? Thanks......
|
It is NOT DOS or DOS Mode.
It is a full Win32 Command Console.
Yes, what you post makes sense.
N
-Nisko-
Yes, what you post makes sense.
I can't. That was over a year ago. My ability to explain it would fall
short of my ability
to demonstrate it.
I think I now understand what I have to do with PE to find the root cause of
svchost using so much of my CPU. When I have the problem, I should open PE
and hover the cursor over the instance of svchost.exe that has the high
usage. Doing this opens a popup (light yellow) window that shows all the
Services tied to it. All I need to know now is how to see the CPU usage
associated with each Service - and I've found my culprit. Assuming that
Service is on Automatic, I can then set it to Manual or Disable depending on
whether I need it or not.
1. Can you instruct me on how to see the CPU usage for each Service?
Couldn't figure this out on my own.
2. Next to each Service is a short definition and it tells what happens if
you disable it. Is there another place I can go to get a better 'layman's'
description of each Service?
3. If I set a Service to Manual, and a needed Service tries to start, does
a window pop up asking the user if he wants to start it?
Thanks again..........
D
David H. Lipman
From: "-Nisko-" <[email protected]>
||
| I think I now understand what I have to do with PE to find the root cause of
| svchost using so much of my CPU. When I have the problem, I should open PE
| and hover the cursor over the instance of svchost.exe that has the high
| usage. Doing this opens a popup (light yellow) window that shows all the
| Services tied to it. All I need to know now is how to see the CPU usage
| associated with each Service - and I've found my culprit. Assuming that
| Service is on Automatic, I can then set it to Manual or Disable depending on
| whether I need it or not.
|
| 1. Can you instruct me on how to see the CPU usage for each Service?
| Couldn't figure this out on my own.
Nope. You really can't "directly" tie a NT Service [ such as "Automatic Updates" (aka;
wuauserv)] to CPU utilization.
|
| 2. Next to each Service is a short definition and it tells what happens if
| you disable it. Is there another place I can go to get a better 'layman's'
| description of each Service?
Not really. You would have to study the OS and read of on the subject matter.
|
| 3. If I set a Service to Manual, and a needed Service tries to start, does
| a window pop up asking the user if he wants to start it?
Nope.
- If a NT Service is set to "automatic" it will start when the OS boots
- If a NT Service is set to "manual" it will only start when a program or other service that
depends upon it will start it and when it is done will stop it. [ example; BITS ] Or if
the user "manually" starts the service and the user would have to manually stop it.
- If a NT Service is set to "disabled" it will NOT start unless its state is altered to one
of the above. [ "automatic" or "manual" ]
||
| I think I now understand what I have to do with PE to find the root cause of
| svchost using so much of my CPU. When I have the problem, I should open PE
| and hover the cursor over the instance of svchost.exe that has the high
| usage. Doing this opens a popup (light yellow) window that shows all the
| Services tied to it. All I need to know now is how to see the CPU usage
| associated with each Service - and I've found my culprit. Assuming that
| Service is on Automatic, I can then set it to Manual or Disable depending on
| whether I need it or not.
|
| 1. Can you instruct me on how to see the CPU usage for each Service?
| Couldn't figure this out on my own.
Nope. You really can't "directly" tie a NT Service [ such as "Automatic Updates" (aka;
wuauserv)] to CPU utilization.
|
| 2. Next to each Service is a short definition and it tells what happens if
| you disable it. Is there another place I can go to get a better 'layman's'
| description of each Service?
Not really. You would have to study the OS and read of on the subject matter.
|
| 3. If I set a Service to Manual, and a needed Service tries to start, does
| a window pop up asking the user if he wants to start it?
Nope.
- If a NT Service is set to "automatic" it will start when the OS boots
- If a NT Service is set to "manual" it will only start when a program or other service that
depends upon it will start it and when it is done will stop it. [ example; BITS ] Or if
the user "manually" starts the service and the user would have to manually stop it.
- If a NT Service is set to "disabled" it will NOT start unless its state is altered to one
of the above. [ "automatic" or "manual" ]
N
-Nisko-
| 3. If I set a Service to Manual, and a needed Service tries to start,
OK, then what's the downside to setting everything to Manual? My thought
is: If I can identify all Processes associated with the svchost that's
hogging my resources, why can't I just set all those on Manual (if they're
not already Disabled). Then, if one of them is using a lot of CPU time, it
will only happen when the Process is called for - and will stop when the
process is no longer needed.
does
| a window pop up asking the user if he wants to start it?
Nope.
- If a NT Service is set to "automatic" it will start when the OS boots
- If a NT Service is set to "manual" it will only start when a program or
other service that
depends upon it will start it and when it is done will stop it. [
example; BITS ] Or if
the user "manually" starts the service and the user would have to manually
stop it.
- If a NT Service is set to "disabled" it will NOT start unless its state
is altered to one
of the above. [ "automatic" or "manual" ]
OK, then what's the downside to setting everything to Manual? My thought
is: If I can identify all Processes associated with the svchost that's
hogging my resources, why can't I just set all those on Manual (if they're
not already Disabled). Then, if one of them is using a lot of CPU time, it
will only happen when the Process is called for - and will stop when the
process is no longer needed.
N
-Nisko-
Had to stop the scans - the second one was taking all day and I needed the
PC for something else. Besides, for now, there's no CPU hogging.
PC for something else. Besides, for now, there's no CPU hogging.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.