freezing up

[Guest]

I too have been experiencing frequent freeze ups. I scanned for spyware using
several different programs. Finally Adware-Pro (the last one I tried) found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection

 

[Mr. Arnold]

I too have been experiencing frequent freeze ups. I scanned for spyware
using
several different programs. Finally Adware-Pro (the last one I tried)
found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps
coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection

Now, malware can use something like Svchost.exe. Svchost.exe, a key O/S
component running out of the System32 directory, can host O/S programs and
non O/S programs, even malware programs can be hosted by Svchost.exe to do
something on its behalf.

So, it's not Svchost that's doing it as Svchost does nothing on its own it
just hosts other programs and provides the means.

 

[Guest]

So is this something that is bad? What's the Target line mean?
Thanks for your help.

 

[Mr. Arnold]

So is this something that is bad? What's the Target line mean?
Thanks for your help.

I don't know what it means. However, nothing should be changing the
register, unless you're installing software that you know about. And maybe,
if the registry is being changed and you don't know about it, then maybe
you should surf the Web using a Limited User account, if you're not using
one.

Maybe, you can get some more information from the links.

http://www.google.com/search?hl=en&q=SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV&btnG=Google+Search

Maybe you can take a tool like Process Explorer and look at what any given
Svshost is hosting. Maybe, you'll spot something that shouldn't be hosted,
like malware.

 

[Jon]

I too have been experiencing frequent freeze ups. I scanned for spyware
using
several different programs. Finally Adware-Pro (the last one I tried)
found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps
coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection

SpySweeper protecting its own registry entries from 'tampering' by the looks
of it.

A quick google turned up this on one page, which should show you what the
initials stand for

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000]
"DeviceDesc"="Spy Sweeper Hookrack MiniDriver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000]
"DeviceDesc"="Spy Sweeper Interdiction Driver"

 

[Guest]

I don't know what it means. However, nothing should be changing the
register, unless you're installing software that you know about. And maybe,
if the registry is being changed and you don't know about it, then maybe
you should surf the Web using a Limited User account, if you're not using
one.

Maybe, you can get some more information from the links.

http://www.google.com/search?hl=en&q=SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV&btnG=Google+Search

Maybe you can take a tool like Process Explorer and look at what any given
Svshost is hosting. Maybe, you'll spot something that shouldn't be hosted,
like malware.

thanks for the info i will see what i can find

 

[Guest]

I too have been experiencing frequent freeze ups. I scanned for spyware
using
several different programs. Finally Adware-Pro (the last one I tried)
found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps
coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection

SpySweeper protecting its own registry entries from 'tampering' by the looks
of it.

A quick google turned up this on one page, which should show you what the
initials stand for

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000]
"DeviceDesc"="Spy Sweeper Hookrack MiniDriver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000]
"DeviceDesc"="Spy Sweeper Interdiction Driver"

--
Jon


thanks Jon, so it might be nothing to worry about. I hope. How do you google something like this??

Denise

 

[Jon]

I too have been experiencing frequent freeze ups. I scanned for spyware
using
several different programs. Finally Adware-Pro (the last one I tried)
found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps
coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection

SpySweeper protecting its own registry entries from 'tampering' by the
looks
of it.

A quick google turned up this on one page, which should show you what the
initials stand for

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000]
"DeviceDesc"="Spy Sweeper Hookrack MiniDriver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000]
"DeviceDesc"="Spy Sweeper Interdiction Driver"

--
Jon


thanks Jon, so it might be nothing to worry about. I hope. How do you
google something like this??

Denise

To google it you can use portions of the error message eg 'LEGACY_SSHRMD' or
'LEGACY_SSHRMD' along with something like "Tamper Detection" and see what
turns up.

I'd also run this command from an elevated command prompt (right-click >
Run as administrator), to verify the integrity of your files (since it's
clearly been infected).

sfc /scannow

Also if you want to be thorough then this command will show what services
each 'svchost.exe' is hosting.

tasklist /svc

You can use this information ensure that the services that are running
should be running.

Otherwise, and perhaps simpler, you could run your various spyware
detection tools again and verify that they give you the all clear.

 

[Guest]

I too have been experiencing frequent freeze ups. I scanned for spyware
using
several different programs. Finally Adware-Pro (the last one I tried)
found
212 parasites!!!! My system has not froze up since. My question is---in
looking at the session logs from Webroot SpySweeper this entry keeps
coming
up---anyone know what it means??


Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\
Source: C:\WINDOWS\SYSTEM32\SVCHOST.EXE
11:22 AM: Tamper Detection





SpySweeper protecting its own registry entries from 'tampering' by the
looks
of it.

A quick google turned up this on one page, which should show you what the
initials stand for

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000]
"DeviceDesc"="Spy Sweeper Hookrack MiniDriver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000]
"DeviceDesc"="Spy Sweeper Interdiction Driver"

--
Jon


thanks Jon, so it might be nothing to worry about. I hope. How do you
google something like this??

Denise

To google it you can use portions of the error message eg 'LEGACY_SSHRMD' or
'LEGACY_SSHRMD' along with something like "Tamper Detection" and see what
turns up.

I'd also run this command from an elevated command prompt (right-click >
Run as administrator), to verify the integrity of your files (since it's
clearly been infected).

sfc /scannow

Also if you want to be thorough then this command will show what services
each 'svchost.exe' is hosting.

tasklist /svc

You can use this information ensure that the services that are running
should be running.

Otherwise, and perhaps simpler, you could run your various spyware
detection tools again and verify that they give you the all clear.


--
Jon


Thanks Jon...what is an elevated command prompt??