I am having an incredibly hard time getting rid of my spyware problem. My processor is running at 30 percent when idle, and I have purchased the professional version of adaware. Adaware has always worked great, but on this particular computer It doesnt seem to be removing the problem. I have ran antivirus programs to search for trojans, and have actually tried spybot. Nothing seems to be getting rid of the questionable .exe processes running. Have any of you had the same problem, or have any possible solutions. Thank you!!

What is the name of the process? Adaware and Spybot S&D worked very well for me. You must however keep them up2date. AV's are the same way. Only useful if they are up to date. Also, what kind of processor is it? How much RAM do you have?

-Cheers-

Get Hijack This, and run it... scan your PC and post the results here, it helps us to diagnose this kind of problem a LOT easier.
download at: http://www.spywareinfo.com/~merijn/downloads.html

Good idea Avenger. Also install RegProt by Diamond something.. Notifies you when a program wants to modify your registry.

-Cheers-

:) You can find RegProt at www.diamondcs.com.au (www.diamondcs.com.au/index.php?page=regprot)
Might be worth also looking at TDS-3 by the same people. They have a trial version.

Hope this helps.. cheers. TidaLphasE23.....

these are the running processes

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\PGPsdkServ.exe
C:\WINNT\system32\regsvc.exe
C:\PPMG42B\STGLG42B.EXE
C:\PPMG42B\STLG42B.EXE
C:\PPMG42B\STGRG42B.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Pwrchute\ups.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
C:\WINNT\system32\LRSG42B.EXE
C:\WINNT\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\BRQIKMON.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\Tql2.exe
C:\WINNT\system32\Tql2.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Documents and Settings\mike\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mshta.exe
C:\Documents and Settings\mike\Desktop\StartupList.exe

the pc has a 1.4ghz P4 with a gig of ram

There should be more following this tho...
what operating system are you runniung?

It is running windows 2000. I also noticed the kernel was taking up the 30 percent cpu usage when idle. So I dont know if the cpu usage problem is actually due to spyware. The computer has a lot of access databases running at set times, and these databases really lag when they run now because of this problem.

how comfortable are you with regedit?
I just want to see whats in your RUN keys

If this computer is acting as a server, and people are accessing these databases, then shouldnt that proccessor use be normal, if there is a lot of activity?
Maybe you want to make sure that some unauthorized person isnt messing around with it.

to see all the stuffs that gets loaded on startup, download this:

http://www.mlin.net/StartupCPL.shtml

you might see some other tools on that site. if you are very comfortable with regedit, system.ini, win.ini, autoexec.bat, etc etc then you wont need this tool.

I'm comfortable with most anything. I'm fairly knowledgable, however, I've run linux for about 5-6 years so I dont often run across a lot of windows problems, expecially when dealing with valid/invallid processes, and the windows kernel. The computer isnt a database server, but it runs access database programs that move data between servers etc. These programs are scheduled with task scheduler to run at set times. I've put ethereal on it to sniff what is going in and out of it, and the sniffer didnt find anything other than legit traffic. I've even unplugged the computer from the network, and shut down every process that I could, and it still made no difference. I really appreciate your guys help, and interest in my problem. If you have anymore questions feel free to ask.

Ive seen bad memory slow a PC down but shoudnt add 30 % processor... its hitting that awful hard.
how big is your swap file? if its moving a lot of data perhaps its running out of memory? Im out of ideas otherwise

Go back to Apple it safer for you!
You need spy stay away, the spray can works well!
Good luck DR

you cant see what specific process consumes the 30% ?

Goto start > Run > type "msconfig" then on the screen that pops up goto the startup tab
post everything you see in the white window.......

this will allow us to ditermin what is eating up yoru speed (if it is anything) then we can deactivate it.....

ho and what are the specs on your computer???? prosseser speed, RAM, Memory... how old is it. where did you get it.... ect...
if it is a hardware problem this will help me understand the history of it.

well if its win2k, it dont have msconfig. BUT:
hit Ctrl-alt-delete (three finger salute) and bring up task manager. then click on processes tab, then DOUBLEclick on CPU... that will cause it to reorder the list by highest processor use down. you should see what processses are grabbing the processor that way, and then we can determine if its a normal function or if its malware/spyware etc

well if its win2k, it dont have msconfig

Are you sure................don't have one running at the moment, but msconfig is in 9x and certainly in XP..........need to be logged in as administrator though?

It isn't spyware as far as I can see, and this is not a typical spyware problem.

1. Are you running background AV scanning?

EDIT:

2. If you have scheduled tasks, you must be running a scheduler......that will use resource?

Microsoft Access :D

1. When did you last compress your databases?
2. When did you last defragment your drives?
3. Have you less than 30% available disk space

Task manager will show you what is using the CPU, but your Access database performance is an entirely different issue. After all if you are using 30% that still leaves 70%?

Look at your Access DB and HDD housekeeping ;)

Cheers

Have you tried to start the machine in safe mode to see if you have the same cpu usage?
As a lot of others asked which processes is at 30%?
I looked at the list of processes and i would suggest putting certain on manuel startup to test your cpu charge.
And after you try all the above suggestions you still have the same symptoms then avenger_jcc and rwarren are probably on the right track with it being a hardware problem.
ps I can confirm that MSconfig does not exist in windows 2k at least not on my box.

If the only problem is with the ACPU usage.. then I recommend choose to close most of the known proccesses by terminating the programs..... See if there is an improvement in the resource utilisation....

As mentioned memory corruption could at times be the cause of high CPU utilisation... It could also be as a result of ongoing background scan (Either virus or trojan).....

Just in case u feel u r still hounded by SPYWARE suggest you to install CWS SHREDDER .. it is a wonderful toold for detecting and deleting CWS torjans.....

In my case Adawre was not able to detect and delete trojans indentified by CWShredder.....

If possible paste the hijackthis log.. then we can come to a conclusion if u are really hit by some spywares / torjans.....

[QUOTE] Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=254911#post722433) by nihil
[B]Are you sure................don't have one running at the moment, but msconfig is in 9x and certainly in XP..........need to be logged in as administrator though?

Yep, even in as admin, no msconfig. there in ME, not in 2000, but back in XP.

Thanks, avenger_jcc,

I couldn't remember..........it wasn't in NT4 and I must say that the Win2000 boxes I have used have been so damn stable I have never even looked for it :)

It does make sense, come to think of it, as if you dig around in Win2000 you find that its original name was "NT5"

XP on the other hand, was an attempt to merge the commercial and domestic lines of MS operating systems?

Cheers

I think most things to do were covered in a searing wave of spam, not logical deduction however most are good ideas. Sort by memory usage in Task Manager. If you can not kill the process first make sure that it does not run at start up. You can also download Nortons free tool Process Viewer(you'll see it) which may allow you to kill the process. Also, processes with no name do not show up in the Task Manager making it rather difficult to halt. As Nihil said the problem is not indicitive of spyware. Although there are some new virii circulating I believe most companies (NAV, the other one.. Lol) have released pattern files for it already. There is a program (I forget name again) that you can run to search your RAM for "malfunctions" also test your HDD for bad sectors.

-Cheers-

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=254911#post722476) by silver-bullets
As Nihil said the problem is not indicitive of spyware.

MAybe not, but MALWARE is common as skiddiots now adays.
coowebsearch, royalsearch, to name a few Ive had the pleasure of dealing with. they WILL install as processes. and they WILL be VERY difficult to remove.
research: browser hijacks
Some malware defends itself by stopping certain antispyware progs from starting, etc etc etc.
I think the disgusting thing is, companies are doing this kind of thing all for the sake of getting hits on thier site, as it makes money....
malicious code is exactly that, and I dont see how they get away with it.

The 2 instances of C:\WINNT\system32\Tql2.exe in the running processess are indicative of the Peper Trojan.

Here are some sites with instructions on how to remove it : http://www.mjc1.com/files/peperpage/
http://forums.net-integration.net/index.php?showtopic=9751&st=0&#entry48716

Good luck!

try defragmenting the drive (My Computer -> right click on C:/ -> Tools -> Defragment Drive.

If you are facing too much problems then why not back up your data and format your hard drive and do a clean install of Windows, your firewall, etc.

It will take some time but I am sure it will give you a peace of mind. But next time keep a close eye on your computer and the software you download and use...

Hope it helps

SMarT

got your help here if you want it

sounds to me you got a hijacker (IE web site takes you somewhere you dont want to go) so to solve this look in your processes to see if you have something called IEXPLORER32.exe or something simular to this and kill that process. next dl CWshredder and see if this kills the hijacker. also do a search in your regedit for that hijacker to see if there are any other enteries if so delete them or modify them. If you dont kill the process it will come back over and over. Also reset the homepage back to your preferance or you might infect yourself again.

hope this solves it.