services.exe eating CPU time

[Bhavik]

Hi All,

I am using a Windows XP professional with SP1 and all updates applied
on that.
I have a strange problem since last few days. When I see in the Task
Manager, services.exe is running and is using most of the CPU time. So
my PC becomes very slow.

The cpu usage jumps between 4% & 85% continuously.
I have Sophos antivirus with the latest updates on my PC and I have
scanned my PC thouroughly but It has not found any virus on the system.

I have also checked my PC with Ad-Aware personal pro with lates updates
but that also did not find any malware on my PC.

I dont know whether this is because of some lates virus/trojaon/worm or
some malware.

I have read many postings on the net about this kind of problem. But I
couldn't find proper solutions to this problem.

If anyone of you know the solution, please let me know.

P.S. There are 3 instances of services.exe running on my PC. one is
with user name SYSTEM and other two are with my user name. When I try
to end any of these 2 instances it gives error that It can not end the
process because it is system critical process.

Please help me to solve this problem.

Thanks,

Bhavik

 

[R. McCarty]

Check your System Event Log for Error(s) -Red Icons.
Start, Run (Type) EventVwr.Msc [Enter]

Sounds like Malware, the arsenal needed to Clean/Prevent it keeps
getting larger. You need Spybot, MS AntiSpyware, CW Shredder
and perhaps HiJackThis. It's also a good idea to run any number of
on-line Virus/Trojan/Malware/Spyware tools. With recent events it
is also a good idea to run a check for Root Kits with either Blacklight
or SysInternals RootKitRevealer.

Any Erratic or Unusual System performance issues are cause for
concern. In your case, not using SP2 leaves your system open to many
more threats than using SP2- you should upgrade ASAP.

 

[David H. Lipman]

From: "Bhavik" <[email protected]>

| Hi All,
|
| I am using a Windows XP professional with SP1 and all updates applied
| on that.
| I have a strange problem since last few days. When I see in the Task
| Manager, services.exe is running and is using most of the CPU time. So
| my PC becomes very slow.
|
| The cpu usage jumps between 4% & 85% continuously.
| I have Sophos antivirus with the latest updates on my PC and I have
| scanned my PC thouroughly but It has not found any virus on the system.
|
| I have also checked my PC with Ad-Aware personal pro with lates updates
| but that also did not find any malware on my PC.
|
| I dont know whether this is because of some lates virus/trojaon/worm or
| some malware.
|
| I have read many postings on the net about this kind of problem. But I
| couldn't find proper solutions to this problem.
|
| If anyone of you know the solution, please let me know.
|
| P.S. There are 3 instances of services.exe running on my PC. one is
| with user name SYSTEM and other two are with my user name. When I try
| to end any of these 2 instances it gives error that It can not end the
| process because it is system critical process.
|
| Please help me to solve this problem.
|
| Thanks,
|
| Bhavik


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Bhavik]

Hi,

I have scanned my computer with Ad-aware SE v1.06, SpyBot Search and
Destroy v1.4, and MS AntiSpyWare with Spyware Definition Version: 5779
(06/12/2005 12:26:45 PM). All applied with latest updates. But I have
not got any success in removing this malware.

With MS antispyware, when I see the running process it shows 2
instances of services.exe running from E:\Windows\services.exe, but
there is no such file like that in E:\Windows. So I thing this must be
some serious malware.

With MS antispyware, I am able to stop 1 instance of above 2. but when
I stop the 2nd instance, my explorer.exe crashes, and when I start a
new instance of explorer.exe, these 2 processes come again with that.
Also If I restart my PC, Windopws gives exception in taskmgr.exe.

I'l try the latest solution that you've given about Multi_AV, and give
my feedback on it.
Meanwhile can you please suggst me some other ways to solve this
problem?

Thanks a lot!

Bhavik

 

[Malke]

Hi,

I have scanned my computer with Ad-aware SE v1.06, SpyBot Search and
Destroy v1.4, and MS AntiSpyWare with Spyware Definition Version: 5779
(06/12/2005 12:26:45 PM). All applied with latest updates. But I have
not got any success in removing this malware.

With MS antispyware, when I see the running process it shows 2
instances of services.exe running from E:\Windows\services.exe, but
there is no such file like that in E:\Windows. So I thing this must be
some serious malware.

With MS antispyware, I am able to stop 1 instance of above 2. but when
I stop the 2nd instance, my explorer.exe crashes, and when I start a
new instance of explorer.exe, these 2 processes come again with that.
Also If I restart my PC, Windopws gives exception in taskmgr.exe.

I'l try the latest solution that you've given about Multi_AV, and give
my feedback on it.
Meanwhile can you please suggst me some other ways to solve this
problem?

Run HijackThis and post your log to one of these forums (not here,
please):

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke