PDA

View Full Version : virus type problem



Jens
2010-Jan-07, 04:47 AM
I'm not so computer savvy, and have a problem that I need some advice with. I'm pretty sure it's a kind of malware problem. I'm using XP, and there is a process that is taking up 99% of CPU time. It's a svchost.exe, and runs two processes that seem legitimate (dcom server and terminal services). The problem is with TCP/IP. When I run "process explorer" and look at that process, it is using a TCP/IP connection to some funny site. I have a firewall on the computer, and normally this process is taking all the CPU, but when I cut off the Internet with the firewall the problem instantly goes away, and the computer returns to normal. The site is not always the same. What I'm wondering is, how to deal with this? Is it something I can stop from my computer, or is it some vulnerability that can only be stopped by updating software?

Veeger
2010-Jan-07, 04:53 AM
Svchost allows a .DLL or similar program run as a service. Look at your services and see if some strange one appears in the list of running services. If so see if you can disable it. (although if it is malware you likely will not be able to disable it with the service manager) You may need to identify the file being executed and delete it.

To delete the offending file may require something like killbox. But, the bad news, these bugs always have a friend (another program) which restores the deleted file. When trying to get rid of the file, work in "safe mode" because if it loads, it can protect itself.

cran
2010-Jan-07, 06:06 AM
I had similar issues when I had XP ...

The following tips came from Stefan Johnson (managing editor of The Windows Advisor)

Best if you are logged in as Administrator

Click Start > Run
type: SERVICES.MSC
Click OK

This opens the Service Manager

Any service listed as automatic launches with System Start

if you click the automatic, it will show two other options:
manual (requires your OK to start)/ deactivate

Open Ports - allows external computers to access your files -
recommend deactivate or manual ...
unless you are in the habit of accessing your own computer remotely?

Automatic Updates - (this was the cause in my case)
recommend deactivate (will cause a complaint message every time you start up - ignore them) ... update your antivirus, etc, manually
(they might also complain of security issues over not being able to automatically update - but it was unscheduled antivirus auto updates that were hogging my CPU)
or manual (if you want pop-up reminders every hour or so until you give in)

Error Reporting Service -
recommend deactivate or manual - you decide when your remote access protocols should be given out

Help and Support -
if deactivated, you close one of the last avenues for outside access to your computer

Remote Registry -
recommend deactivate or manual ...


............

None of these change your internet connection or email settings; they will be on or off as you normally have them ...

............

Click Start > Run
type: msconfig
Click OK
Click on the Startup tab

untick any programs you don't want automatically loaded every time you start up ...

programs like Office or Word only take a few seconds to start up manually ...


.............

Click Start > Run
type: regedit
Click OK

Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

check the list in the right hand panel; you may find programs you thought were removed or disabled but still listed (ie auto start via registry) - if you don't use the program or don't want it starting up automatically, right-click on it and click delete (doesn't remove the program, only the shortcut in the registry).

.............

Right-click Start
Click Explore All Users
Double-click Programs, then Startup

again, you might find among the list of shortcuts some you either don't want or don't trust

Right-click on the icon, and Delete (only deletes the shortcut)

.............

From memory, you'll have to reboot ...

then you'll get the complaint box about stuff being changed that Microsoft (or Windows) wanted left alone (like remote access and automatic trips through the net) ... be strong, and if it's there, click the "don't tell me again" box ...

after that, things should move faster, and no more surprise CPU choke-ups ...

Jens
2010-Jan-08, 10:27 AM
I had similar issues when I had XP ...



Thanks. It appears to have worked. Though I'm not exactly sure what worked. I did most of the things you suggested, and later on in the day I was finally able to download one security update from micro$oft. So it could be the update, but maybe just closing those loopholes, but in any case the computer is not longer misbehaving. I'm still going to see if I can find what it was that was causing the problem, but at least I have a working computer.