svchost problem after log off

[kevin]

First, I am a first-time poster. Second, I have searched the forums
with help on this problem extensivly to no avail.

I am having a problem with the svchost using up to 99% (as others
have) on XP Home SP1 with all updates. My problem originates only
after the first user (after powering-up) logs off and then logs back
on, or if a new user logs on. It doesn't matter which user logs on
first...it will always be stable until after the first log-off and a
new log-on.

The history on this is:
- I got the W32.Beagle.M@mm virus and I ended up cleaning it up with
Symantec's download
- I then ran a scan and found Welchia worm and cleaned this up as well
- My system was very unstable after this so I formatted and started
over
- After reinstalling, Norton AV still found the Welchia virus in a
svchost file and could not repair it but quarantined it and the system
was working without any problems
- I reloaded the majority of my programs and then began noticing this
new problem
- I went back to the Norton AV Control Panel and from there deleted
the quarantined svchost file
- I ran many virus scans and I am clean
- I searched manually for the Blaster worm and it is not found
- I have done a protected file scan to no avail
- In Tasklist (which I added to XP Home as per other posts) the
svchost in question is using "rpcss" which when queried using the id#
it only states it is the "console"

What I have found out is this:
It has something to do with System Restore. I found that if it is
disabled I do not have the problem. It is only when it is enabled.
Obviously I would like this function working. I am hoping that someone
can help solve this mystery for me.
Thank you in advance.

 

[Rocket J. Squirrel]

System Restore can become corrupted by viruses. Your only recourse is to
turn off system restore (make sure it is turned off on every partition),
reboot, and then turn it on again. This will delete all existing restore
points and start you off with a fresh restore point.

It seems that the larger problem is avoiding viruses in the first place. You
do this by setting NAV Auto-Protect to start with Windows and then run in
the background at all times. You also configure NAV for maximum protection.
(Use the application defaults if you are unsure on how to do this.) Last,
you must run Live Update at least weekly.

Use the 2004 version of NAV for bext protection, and do not run any other
antivirus program at the same time.

Rocky

 

[nkjg]

It seems that the larger problem is avoiding viruses in
the first place. You

do this by setting NAV Auto-Protect to start with Windows and then run in
the background at all times. You also configure NAV for maximum protection.
(Use the application defaults if you are unsure on how to do this.) Last,
you must run Live Update at least weekly.

WEEKLY?!?! Are you nuts? After a week, certain viruses
have gone around the globe 5 times over.

Run LiveUpdate on a daily basis.

Hope this helps,

Nick
nkjg/at\interchange/dot\ubc/dot\ca

 

[Rocket J. Squirrel]

Please notice that I wrote "at least" weekly.

The most important thing that a user can do to protect their computer is to
not engage in behaviors that allow viruses into their systems. This is even
more important than the frequency with which one updates virus definitions.

Rocky

 

[kevin]

Thanks for a starting point to solve this. First to update you:

- I do use NAV System Works/AV 2003 and I do have autoprotect and I
have never had a virus prior. I did not perform a liveupdate for 4-5
days and in that time the virus was released and an infected file was
inadvertantly opened on the computer...so I'm good on the antivirus
info...thanks

Now back to the problem... I did a removal of all system restore
points both mannually and by the method you have suggested prior to my
original post.

Any more advice pertinent to the issue would be greatly appreciated.