Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 22 Posts

·
Registered
Joined
·
23 Posts
Discussion Starter · #1 ·
I have a Dell laptop, Inspiron 8200, running Windows XP Professional, 2 gigahertz Pentium 4 processor, 512 Megs of RAM.

I do not do a lot of heavy duty computing: I use MS Word quite a bit for fairly short (usually less than ten page) documents, Excel for spreadsheets, AOL as my email provider, and that's about it. I do legal research and writing, and use the internet quite a bit for this. I also use Adobe Acrobat Professional 6.0 to create PDF documents, usually from the internet.

My problem is that, from time to time, seemingly more frequently, my computer's hard drive starts flailing, and the CPU usage, as measured by the Windows Task Manager, zooms up to 100%, and stays there, even when I have nothing open other than a short Word document or a web site, and am doing nothing with them.

This effectively shuts things down, because the document will not allow me to do any typing or editing while this is going on.

The only thing I have changed lately is downloaded an updated version of my spyware software, SpySweeper; this is the closest thing in time to the beginning of my problem that I can think of. This has happened to me in the past, but ultimately stopped happening for no reason I know of. Now it's baaaack . . .

Any wisdom out there?

Thanks.
 

·
Registered
Joined
·
3,389 Posts
Good Morning Caleb Powers, you don't mention much about your viral protection.
These kinds of things very often are caused by the processor continually processing rubbish, as when different kinds of malware are involved.
Many of these malware items are virtually undetectable, and your symptom is typical.

I appreciate you may feel you have sufficient protection but have an interesting experiment you might like to carry out.

Obtain Smartcop from here, make a folder on your hard drive like C:\Smartcop and unpack and place the files there.
http://www.s-cop.com/free-scanner.html

You might also obtain a copy of Antivir from here, this is a free trial, and this program works quite well.
http://www.free-av.com/antivirus/allinonen.html
Place it in a folder on your desktop.

The process I am placing before you is firstly to disable your current A/V system then run Smartcop as an intelligence gathering exercise, making notes of detections and locations. (especially looking for anything in the A/V system files)

The next step is to run Smartcop scan again with a second A/V program monitoring the actual running processes in the machine. You appreciate we have the best of both worlds here.
(The antivir program is very useful for this, but does need to be installed and updated, you might also try a scan with it, it does have a very good system monitoring capability)
There is something unique about Smartcop and the way it operates, this commonly produces "hits" with the monitoring A/V, these are usually hidden nasties that cause your kind of problem. Note any information and delete or rename as you wish. (most detections will be in temp files)

In some cases this process needs to be carried out several times because things do sometimes hide in memory.

If repeated problems are experienced, running these tests in Safe mode may be neccessary, that is the reason for having the Smartcop to be easily locatable on the hard drive.

When you are sure your machine is clean, obtain and install this MS program.
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Cheers, qldit.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #3 ·
Thank you.

You're right: I didn't describe my antivirus software; I run Norton Antivirus 2006. In addition, I run Webroot SpySweeper for spyware, and also have a free version of Ad Aware SE Personal.

This problem was present once before, and stopped of its own accord (or perhaps my various antivirus and spyware programs stopped it without my knowing it), but now it is back.

I will try your procedure and report back.

Thank you, and I appreciate your time and attention.
 

·
Registered
Joined
·
14 Posts
Caleb Powers said:
...... My problem is that, from time to time, seemingly more frequently, my computer's hard drive starts flailing, and the CPU usage, as measured by the Windows Task Manager, zooms up to 100%, and stays there, even when I have nothing open other than a short Word document or a web site, and am doing nothing with them ......
When Task Manager is open and you observe CPU at 100%, which running process is associated with this activity? When you provide the process name associated with 100% cpu action, this guides us to which program(s) may be invloved.
 

·
Registered
Joined
·
605 Posts
It could be something running in the background , like spyware, virus, or a broken program. I once had Panda av on a pc. Panda broke and would hog the whole processor.
do a ctrl alt del, select task mngr, then processes. You can end each one and check or just look and see which one is using the cpu.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #6 ·
Well, I took qldit's advice and downloaded SmartCop. I wasn't able to figure out how to "disable" the Norton Antivirus, but went ahead and ran SmartCop anyway, and sure enough, it rooted out 26 viruses contained in the update to Webroot Spy Sweeper that I had recently downloaded.

Since it removed these viruses, I have not had it spike up to 100% again.

I did not realize that, through Windows Task Manager, that you could check each program and see the percentage of CPU usage associated with each application, so I didn't check that before removing the viruses. If this crops up again, I will check it and post back. I will not mark this problem as solved quite yet, though, because I want to use the other antivirus software recommended and try to get everything cleaned off first.

You all have been VERY helpful, and I appreciate your time and information. I will report back tomorrow.
 

·
Registered
Joined
·
3,389 Posts
Good Morning Gentlemen, actually systems with Norton A/V commonly have these kinds of problems.
I really don't like seeing it in machines at all, and make a point of recommending against it!

NOD32 appears to be a much better long term A/V system, but it is an ongoing expense.
That Antivira is another decent kind of A/V system.

It is also common to find hidden viral things in machines with Adaware SE installed.
I was suspicious of updates for it, but have not managed to confirm this might be a problem source.

Programs like Ewido seem to be going in the right direction with a combination scanner.

At the end of the day it is ridiculous having to have all these kinds of programs installed to try to protect a ridiculously vulnerable system, and carry our all the different scans regularly.
Changing to Linux is really a breath of fresh air for any commercial kind of application.
Cheers, qldit.
 

·
Registered
Joined
·
605 Posts
I did not realize that, through Windows Task Manager, that you could check each program and see the percentage of CPU usage associated with each application, so I didn't check that before removing the viruses. If this crops up again, I will check it and post back. I will not mark this problem as solved quite yet, though, because I want to use the other antivirus software recommended and try to get everything cleaned off first.
You may not see the viruses running in task manager unless they are running as a service. Which brings me to another point. Disable system restore. If a virus / trogan / spyware
is running as a service and you remove it, system restore will reinstall it next boot

Good Morning Gentlemen, actually systems with Norton A/V commonly have these kinds of problems.
I really don't like seeing it in machines at all, and make a point of recommending against it!
...anything as long as it is not MaCafee, also the new NAV has a built in non configureable firewall. I was working on a system and was looking for a firewall that was blocking.
 

·
Registered
Joined
·
613 Posts
When my CPU usage recently went schizoid, I noticed that in the Processes Tab in Task Mgr that Dumprep.exe was a hog and it wasn't until I ended this process that the frozen app would close and the CPU would calm down.

I think that Dumprep.exe was recording the fault and I was not worried about ending it as a process running if it meant I could go on with my work.
 

·
Registered
Joined
·
14 Posts
Caleb Powers said:
.... but went ahead and ran SmartCop anyway, and sure enough, it rooted out 26 viruses contained in the update to Webroot Spy Sweeper that I had recently downloaded.

Since it removed these viruses, I have not had it spike up to 100% again.
Caleb Powers
You may possible be coming to some incorrect assumptions. Webroot Spy Sweeper is a good anti-spyware product. Their latest release / update version 5.00/5.05 (CastleCops site / Webroot Spy Sweeper forum) has some OS and compatibility issues with a number of other security type tools (Norton AV, AdAware to name a few). I do not know what SmartCop removed. But I would suggest checking to see if Webroot Spy Sweeper is active / running on your computer. If you no longer wish to use Webroot Spy Sweeper, you should run it's uninstall program and properly remove it from your system.
 

·
Registered
Joined
·
3,389 Posts
Good Evening Gentlemen, Smartcop does have a tendency to give false detections on occasions, (it does have a broader scope than many A/Vs) but the opening and scanning process is what makes previously hidden things visible to a good monitoring A/V.
On a pure fresh system smartcop shows clean.

It has on numerous occasions found affected A/V systems that had been comprimised, that was the logic of the initial scan process.
If any problem is detected in the installed A/V system I immediately uninstall that system and load the Antivira.

I regularly detect system hidden problems using this idea.

Keeping a note of hits and their locations in smartcop and looking for comparable hits with a different system monitor was the crux of the idea.

It is possible the spysweeper update hits may have been reference info for a database.
I haven't seen that problem previously.

One of my new clients has just mentioned they have a machine with a similar problem as Caleb's and I expect I will receive the machine in a few days time.
It also has Norton A/V system fitted. (fresh subscription 2nd year)
At a guess I feel it will have viral problems, the hard drive is continually threshing.

These kinds of problems can be difficult to determine.

Cheers, qldit.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #12 ·
Gdye, Mates.

Well, I'm not sure if I'm still in computer hell or not. I reported that the SmartCop found 26 viruses in the update to Webroot Spysweeper (I didn't write the name down, thinking that there would be a report somewhere, but there wasn't; it had ZIP in the name of it).

Then I fired up the AntiVir also recommended, and began another system scan, and about halfway through it, all hell broke loose, and the thing froze up at 56.7% complete, so I shut it down. The thrashing began again, though apparently not the spikes up to 100%, or at least not to the degree noted earlier.

I was just in the process of re-running the Anti-Vir when the whole system shut down (I think) because of heat build-up; it does this from time to time as well. Before the system tanked, though, it did root out a worm, identified as WORM/klez.E.

As of right now, things seem to be running fine, but I will continue until I can get a complete bill of health from each of the various antivirus programs.

Once again, I appreciate all of your help and input.
 

·
Registered
Joined
·
605 Posts
also go to spywareguide.com , upper right side of their web site do the online scan,,, or did i already post this

also DL this 30 day full trial version of this excellent trojan remover, make sure as with all malware removers, to update the defs before running.
http://www.moosoft.com/products/cleaner/download/

I just got through running it on this customers machine. it found the "dropper downloader"
w32ircbot and a few others.

also dl AVGs free anti virus, will work in conjunction with other virus progs

also trend micro has an online virus / remover scanner

not one program gets them all
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #14 ·
Well, folks, I'm still in computer hell.

After rebooting the system, I started AntiVir again, and this time it froze up at 8.3%, having found yet another WORM/KLEZ.E, and stopped working. When I tried to shut it down, it wouldn't shut down, no matter how many times I hit the "end program" button on Windows Task Manager.

So, I shut the system down again. When I booted it back up, I started AntiVir once again, and again, it cranked until it got to the 8.3% mark, found apparently the same worm, and stopped working again. Interesting, it claimed that the worm was in one of its own "antivir" files. I have now started SmartCop again, in the hope that it will clean off any viruses in the Anti-Vir folder.

I may try to re-run Anti-Vir yet again, but am beginning to think it is part of the problem rather than the solution . . . who knows?

Any wisdom out there?

Again, thanks for your help.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #16 ·
I did try to run Anti-Vir again, and it did the same thing, that is, got to 8.2% of completion (rather than the 8.3% of yore) and then stopped moving further, and it was the usual devil of a time shutting down. It did kick up enough ruckus about the Klez worm that Norton finally woke up, recognized it, and claims to have removed it.

Onsite, I looked at your earlier post, and downloaded the recommended program, "The Cleaner." It ran along just fine until it hit about 5%, and then "stopped responding," as Windows so colorfully says, and I still can't get it to shut down, despite a dozen "end program" attempts.

So now I'm going to reboot AGAIN and try this again. If anyone's keeping count, of the four programs recommended so far in this thread, so far only SmartCop seems to be working as billed, and it refused to shut down the last time; I had to do the "end program" thing.

But I will keep plugging away at this, and report back. Again, thank all of you for your help, support, and (as I feel the increased need of it) prayer.
 

·
Registered
Joined
·
3,389 Posts
Good Morning Caleb, you have just begun your foray into the wonderful world of computer viruses.
It can be the most frustrating experience when things cannot be removed, especially when they enter protected system files.

Actually at about this time would be great to mention that Linux rarely has these problems and I have operated systems on-line for more than a year with no malware protection at all. (as a test)
It certainly is a remarkable system, even includes PDF generation in the word processors, and everything is free!
The relief and operating freedom is worth the extra pain of learning new tricks.
If you do a lot of online work and need that extra element for security integrity, it may be a worthy consideration.

Getting back to problem in hand, the antivira detections are usually very reliable, I am most impressed with it.
It often finds problems which others miss.
It appears to have a downloaded file inspection verification (apparently because of clever hackers accessing download sites)
In the world of viral infestation and clever protective software "booby-traps" are very real.

You would appreciate A/V systems are a challenge to sadistic intellects with a grudge or some distorted pleasure in destroying MS systems, it is really a "turkey-shoot".

The Klez family is very real, that would most likely be your major current problem.

The "Zip" one you mentioned would probably have been "Zipspoof" which is a common false ID usually involving Adaware-SE, there is something about multiples of it causing concern.

Anything detected needs careful noting of it's name and it's location, because it may involve a critical system component which may require replacement with a fresh file later.
This is where it becomes a pain!

The next thing is that you need to research the various detections to try to determine what they may have done or what effect may have happened and it's prognosis.
Some have ability to cause destructive effect or alter the system vulnerability to invasion.

Sometimes when a system freezes without being able to remove or address a problem file, it is neccessary to note the name and location and operate in a booted DOS environment and have a fresh replacement file available for the "old original rename and insert new" copy process.

Most reputable organisations do have specific removal tools for many viral elements but be wary of removal tools in the wild, and on odd sites. Some are supposedly infected with other strains.

So Henry, there is a hole in the bucket!! (the song!)

qldit.
 

·
Registered
Joined
·
3,389 Posts
Actually have a read of this and the associated info about 6th June.
http://www.sophos.com/virusinfo/analyses/w32kleze.html

You may need to consider asking your address book recipients to run a test for it.
Note the information that it is targetted toward A/V systems.
qldit.
 

·
Registered
Joined
·
23 Posts
Discussion Starter · #19 ·
Well, I'm certainly not averse to running Linux; it seems to be the Starbucks of operating systems these days, but I don't know much about it. That for another day.

I managed (finally) to completely run AntiVir through all the way, and it kept finding (as it now seems to do every time the computer boots up) this Klez virus.

What really helped, though, is that I disabled my SpySweeper (a program that I paid for, and which caused problems only when I updated it as prompted to do), and the moment I did so I heard an amazing silence akin to the grave: My hard drive had stopped its thrashing.

So, to summarize, my progress is as follows:

1. I have disabled SpySweeper. This appears to have stopped the hard drive thrashing.

2. I have installed AntiVir, which regularly tells me that I have the Klez virus; and

3. You are correct that the "ZIP" virus was the ZIPSpoof variety; apparently this is harmless.

As of right now at least, my computer appears to be working fine, but I will explore which of these programs appears to work and which doesn't.

Again, thank all of you for your help and assistance. I am going to go ahead and mark this problem fixed, and begin a new thread if further problems emerge. Thanks again.
 

·
Registered
Joined
·
5,656 Posts
caleb........... i think it would be wise if u posted in the security forum (on this site) a hijackthis log....the security pro's in there will help u cleanup your system, they have helped me many times with virus probs........... and if u have a overheating problem u should address this too....
 
1 - 20 of 22 Posts
Status
Not open for further replies.
Top