Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 25 Posts

·
Registered
Joined
·
283 Posts
Discussion Starter · #1 ·
I am working on a Gateway computer running Win 2000 Pro. This may be the slowest computer I have ever worked on. Anyway, I have run Ad-Aware, and Spy-bot, to remove the trash. Computer is still running slow. I noticed in Task Manager, under processes, there is something in svchost.exe, that is eating up most of the CPU. Where can I go to find out what that is, and how to fix it?? I see that whatever is running there is using an average of 75% of the CPU at any given time. Any assistance would be appreciated.
thyme
 

·
Registered
Joined
·
594 Posts
thymekiller said:
I am working on a Gateway computer running Win 2000 Pro. This may be the slowest computer I have ever worked on. Anyway, I have run Ad-Aware, and Spy-bot, to remove the trash. Computer is still running slow. I noticed in Task Manager, under processes, there is something in svchost.exe, that is eating up most of the CPU. Where can I go to find out what that is, and how to fix it?? I see that whatever is running there is using an average of 75% of the CPU at any given time. Any assistance would be appreciated.
thyme
Hi

I know there was a virus that used svchost.exe...think it was the welchia worm virus.

Anyway........do you have virus protection? If so, update and run a full scan. You might want to try House call online scan: http://housecall.trendmicro.com/

If all else fails download and run Hijackthis. Here is one link but there are many if you search on google: http://download.com.com/3000-2144-10227352.html

Run the scan but DONT change anything...save the log file to your pc..copy and paste the contents of the log file into this thread or start a new one in the security section (probably better off there). Someone should be able to help you from there.

Pileyrei
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #4 ·
I appreciate the help. This computer is on dial-up, and I only have a broadband connection here, so I cant go online with it. I do know that I am unable to run disk defragmenter, or install any service packs. I went to Blackviper's site, and disabled unnecessary services, but that still hasnt helped. I'm going to post a Hijack this log, but I am wondering if there is some way to scan for viruses without being online. Maybe a downloadable scanner?? I suspect a virus myself, now, because this computer has never had anti-virus software. And, its all thats left.
thyme
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #5 ·
Forgot to mention: when I try to run disk defragmenter, I get a server busy message. It says:

"This action cannot be completed because the other program is busy. Choose "switch to" to activate the busy program and correct the problem"

When I click on "switch to", the start menu pops up. I have never seen that message before, and I have no clue what program it could be referring to. Any thoughts on this message???
thyme
 

·
Registered
Joined
·
594 Posts
Hmmm........

I see no reason why disk defragmenter should not work.

Check and see if you have this file in this location:

c:\winnt\wins\svchost.exe. If so I'm 99.9% sure thats the Welchia Worm virus. You may have to login in safe mode to delete the file. If it turns out it is the worm here are removal instructions: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

I dont think you can scan your pc without being online...unless you ahve your own virus software and its up to date. Do post that Hijackthis log in the security section. The folks in there have helped me out loads!

Pileyrei
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #7 ·
thanks for the input. I did a search for the file you mentioned, but did not find it. I downloaded AVG, burned it to disk, then installed it on the 2000 machine. It installed, but I cant get it to run. This is really frustrating. I am also having trouble copying the Hijack this log to floppy, so I can post it. Also ran CWShredder, and it found nothing. I'll keep trying, tho. I know theres a way...
thyme
 

·
Super Moderator
Joined
·
46,541 Posts
Svchost.exe is a generic name for a process / .dll file that is running. I would do either an online scan or a scan with a good AV program like AVG [free to download] After that is complete, post a hijack log.
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #9 ·
Well, i tried that-I cant get AVG to work. It installed, and it tries to open, but after a few seconds, it just shuts off, or seems like it, anyway. I cant even get it open long enough to scan anything.
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #10 ·
I tried copying the Hijack this file to floppy, but every floppy disk I put in there says its write-protected, and it wont let me copy anything to it. Getting frustrated now...
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #13 ·
Ok, now this is weird. I finally got the AVG program to scan. After scanning for maybe 30 seconds or so, the program simply shut down. Just vanished off the screen, and all icons disappeared. Never seen snything like that before. Thats the same thing that happened to me when I tried installing the service pscks. It would go so far, then just quit.
thyme
 

·
Registered
Joined
·
594 Posts
Doesnt sound good!

Did you say you have dialup only? Please remind me.

Anyway.........check your startup folder (Click Start>programs>Startup). Anything suspect in there? What about Taskmanager? Any suspect looking processes?

I'd really recommend you run Hijackthis and post the log in the security section.
This really sounds like a virus is wrecking havoc on your pc.

Pileyrei
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #16 ·
Here's what i have done so far-I did manage to download and run Stinger-it found no viruses. I have tried several ways to copy my Hijack This log, but cant get it to copy to a Floppy, because its telling me that all my disks are write-protected. The computer I am working on only has a modem-no NIC, so I cant network it to mine, or connect it to my router. The only suspicious thing I have seen anywhere is whatever is running under svchost.exe, and using up the CPU.
thyme
 

·
Registered
Joined
·
594 Posts
thymekiller said:
Here's what i have done so far-I did manage to download and run Stinger-it found no viruses. I have tried several ways to copy my Hijack This log, but cant get it to copy to a Floppy, because its telling me that all my disks are write-protected. The computer I am working on only has a modem-no NIC, so I cant network it to mine, or connect it to my router. The only suspicious thing I have seen anywhere is whatever is running under svchost.exe, and using up the CPU.
thyme
Right!

Can you end the processes? If not, try booting up in safe mode to see if the process runs.

Did you find anything in your startup menu?

Do a search for svchost.exe. It might come up several times eg in c:\winnt\system32. If it comes up in a suspect location like in the root of C: then I'm fairly sure its a virus. c:\winnt\system32 should be fine, anywhere else would be suspect for me.

If you discover a suspect location boot up in safe mode...navigate to the file and delete it. You can always recover from teh recycle bin if necessary. Boot normally and see what happens. Just some more suggestions for you.

Pileyrei
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #18 ·
The computer in question is only set up for dial-up. I have a cable modem. the computer in question doesnt have a NIC, or I could network it to mine, and maybe get a Hijack This log out of it. I managed to download and run Stinger, but it found nothing. I cant copy the Hijack This log to floppy, because it says that the disk is write-protected. Frustration level reaching new highs...I checked the startup folder, and found nothing unusual there. The only things in Task manager that seem strange is the svchost.exe files that run the CPU to 100%.
 

·
Registered
Joined
·
594 Posts
Hmmmmm

This is a painful problem.

It would be beneficial to get a Hijackthis log posted by networking the pc, see if you can do that.

Did you search for svchost.exe? Did it come up in any other places besides c:\winnt\system32?

I'm happy to have a look at the pc via netmeeting or remote assistamce if you like? You'd have to network the two pc's ofcourse and share the cable connection.

Pileyrei
 

·
Registered
Joined
·
283 Posts
Discussion Starter · #20 ·
ok, I did a search for svchost.exe, and 1 file came up for C:\Windows\system32, and one file came up C:\Windows\System32\dllcache. The other 2 are c:\winnt\system32. Should I delete the weird ones??
thyme
 
1 - 20 of 25 Posts
Status
Not open for further replies.
Top