P
Philip Herlihy
I have two (!) machines brought to me by friends with superficially similar
problems. Both have been scanned for viruses and now scan "clean".
I've installed Process Explorer from sysinternals.com on both.
On the Win2000 (SP4) laptop, one instance of SVCHOST had several threads
running rpcrt4.dll (spelling?) which seemed to be providing the load. I had
to kill the whole process to free the machine, as new threads appeared as
the last was killed. McAfee stinger found nine virus files including
Blaster. After cleaning, Windows Installer won't load, and I can't make a
dial-up connection. The rogue process restarts on reboot, and I can't find
what is starting it. I've looked in
HKLM\Software\Microsoft\WindowsNT\Svchost but can't spot an obvious villain.
The owner deserves it to some extent, as he hasn't updated virus definitions
in a year and a half!
On the XP Home desktop, Process Explorer shows a SVCHOST and LSASS hogging
the CPU. I've found that killing a SVCHOST thread "termsrv.dll" (followed
by what looks like a hex offset) quietens down the whole machine, including
the LSASS process. Similarly, I can't find what is starting this up despite
hours of investigation. Can't see anything on Google either. This owner
doesn't deserve it, as he's been very careful indeed, and his business is
hamstrung without his machine.
I'd be grateful for any pointers - I'm stuck!
problems. Both have been scanned for viruses and now scan "clean".
I've installed Process Explorer from sysinternals.com on both.
On the Win2000 (SP4) laptop, one instance of SVCHOST had several threads
running rpcrt4.dll (spelling?) which seemed to be providing the load. I had
to kill the whole process to free the machine, as new threads appeared as
the last was killed. McAfee stinger found nine virus files including
Blaster. After cleaning, Windows Installer won't load, and I can't make a
dial-up connection. The rogue process restarts on reboot, and I can't find
what is starting it. I've looked in
HKLM\Software\Microsoft\WindowsNT\Svchost but can't spot an obvious villain.
The owner deserves it to some extent, as he hasn't updated virus definitions
in a year and a half!
On the XP Home desktop, Process Explorer shows a SVCHOST and LSASS hogging
the CPU. I've found that killing a SVCHOST thread "termsrv.dll" (followed
by what looks like a hex offset) quietens down the whole machine, including
the LSASS process. Similarly, I can't find what is starting this up despite
hours of investigation. Can't see anything on Google either. This owner
doesn't deserve it, as he's been very careful indeed, and his business is
hamstrung without his machine.
I'd be grateful for any pointers - I'm stuck!