RUNNING PROCESSES

[daveT]

Noticed that there are 42 running processes on my computer and thought to
see if any of them can be stopped. Checked a few websites and it appears
that the following can/should be removed (they all show up when I hit
CONT-ALT-DEL:

WNLOGON.EXE
SMSS.EXE
SVCHOST.EXE
ALG.EXE
CSRSS.EXE
services.exe (maybe)
LSASS.EXE
realsched.exe

Does anyone have any ideas about what I should do, if anything. I did start
shutting down SVCHOST.EXE in TASK MANAGER then a dialogue box appeared
telling me that my computer was going to shut down with a minute or so due
to a "DCOM service..." problem.

I have always uses AVG any virus, Zonealarm and Adaware. So I don't quite
see how I might have got a virus or worm. I'm not so confidant with
computers so I don't know if I can clean up unwanted rubbish from the
starting up process, is there any free download that might assist.

 

[David H. Lipman]

From: "daveT" <[email protected]>

| Noticed that there are 42 running processes on my computer and thought to
| see if any of them can be stopped. Checked a few websites and it appears
| that the following can/should be removed (they all show up when I hit
| CONT-ALT-DEL:
|
| WNLOGON.EXE
| SMSS.EXE
| SVCHOST.EXE
| ALG.EXE
| CSRSS.EXE
| services.exe (maybe)
| LSASS.EXE
| realsched.exe
|
| Does anyone have any ideas about what I should do, if anything. I did start
| shutting down SVCHOST.EXE in TASK MANAGER then a dialogue box appeared
| telling me that my computer was going to shut down with a minute or so due
| to a "DCOM service..." problem.
|
| I have always uses AVG any virus, Zonealarm and Adaware. So I don't quite
| see how I might have got a virus or worm. I'm not so confidant with
| computers so I don't know if I can clean up unwanted rubbish from the
| starting up process, is there any free download that might assist.
|

All of those are legitimate programs *if* they are executed from legitimate locations.

Realsched.exe is a RealPlayer Player stub and is wasting RAM.

You can remove Realsched.exe from being loaded by executing MSCONFIG.EXE and going to the
startUp tab and the looking for the line that loads realsched.exe and disable it.

A better program to use is Process Explorer by Sysinternals --
http://www.sysinternals.com/Utilities/ProcessExplorer.html

With it you can determine both what is running and where it is being executed form. For
example...

If you have c:\windows\system32\lsass.exe as a running process that is OK.

If you have c:\windows\lsass.exe as a running process then that is is a sign of a malware
infection

 

[Art]

Noticed that there are 42 running processes on my computer and thought to
see if any of them can be stopped. Checked a few websites and it appears
that the following can/should be removed (they all show up when I hit
CONT-ALT-DEL:

WNLOGON.EXE
SMSS.EXE
SVCHOST.EXE
ALG.EXE
CSRSS.EXE
services.exe (maybe)
LSASS.EXE
realsched.exe

These all are or might well be normal legit processes.

Does anyone have any ideas about what I should do, if anything.

Learn which processes are normal when your PC is clean and keep a
record of them. Remember though that malicious code sometimes uses
legit file names. But at least it's a good idea to be able to
recognise unusual file names.

I did start
shutting down SVCHOST.EXE in TASK MANAGER then a dialogue box appeared
telling me that my computer was going to shut down with a minute or so due
to a "DCOM service..." problem.

I have always uses AVG any virus, Zonealarm and Adaware. So I don't quite
see how I might have got a virus or worm. I'm not so confidant with
computers so I don't know if I can clean up unwanted rubbish from the
starting up process, is there any free download that might assist.

Do a scan with the free KASFX scanner available from my web site. It's
based on the Kaspersky scan engine, and it's far superior to AVG. I
also suggest using Spybot.

Art

http://home.epix.net/~artnpeg

 

[Duane Arnold]

Noticed that there are 42 running processes on my computer and thought
to see if any of them can be stopped. Checked a few websites and it
appears that the following can/should be removed (they all show up
when I hit CONT-ALT-DEL:

Apparently, you didn't understand.

WNLOGON.EXE
SMSS.EXE
SVCHOST.EXE
ALG.EXE
CSRSS.EXE
services.exe (maybe)
LSASS.EXE
realsched.exe

Does anyone have any ideas about what I should do, if anything. I did
start shutting down SVCHOST.EXE in TASK MANAGER then a dialogue box
appeared telling me that my computer was going to shut down with a
minute or so due to a "DCOM service..." problem.

Some things you shutdown on a NT based O/S that has a direct connection
and some you don't and some holes you close.

There is a link for Win 2K too.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

I have always uses AVG any virus, Zonealarm and Adaware. So I don't
quite see how I might have got a virus or worm. I'm not so confidant
with computers so I don't know if I can clean up unwanted rubbish from
the starting up process, is there any free download that might assist.

Well, you better learn and do it for yourself if need be. There are links
on the how to(s) use Google.

Use the proper tools and look for yourself and don't depend upon the
crutches above to tell you everything is OKAY DOKEY.

Long version

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html


Short version

http://tinyurl.com/klw1

Duane