August 9th, 2004, 05:20 AM
Solve This Then!!!
A few months ago i had a bit of an argument after a game of Unreal Tournament in one of the IRC channels. Unreal Tournament then crashed taking my PC with it. When i turned my PC back on i found that i had several virus's. I tried to delete them using various spyware removal tools norton, but when i turned the PC back on they suddenly reappearewd and i went through the scan and delete process again. Still it didnt work so i resorted to reformatting my hard-drive. Now sometimes the virus's are there sometimes they are not, now everytime i play a game my connection gets interrupted and gameplay is reduced in quality. I have been monitoring what tasks the computer has been doing and have noticed a process called svchost.exe randomly will occupy 80-100% of the cpu and my computer grinds down to a halt. Im not realy sure what to do or what is going on, if anyone has any suggestions or troubleshooting advice it would be appreciated v.much
oh yeah, i have a 1.1mb dsl connection, and am running windows 2000 NT
The more you know, the less you understand!
August 9th, 2004, 05:25 AM
Want to give us a little bit more information?
What viruses keep coming back and leaving and coming back? Are you running win 2k or NT? Have you run all the patches and updates? have you tried setting up a firewall to see if any other screwy network activity is going on? When you run these Norton tools are you doing it in safe mode?
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
August 9th, 2004, 05:30 AM
August 9th, 2004, 06:20 AM
It could be a hacker trojan or virus for them to get into your PC... Which will cause your CPU you to run at greatly high amount of ussage...
And yah i agree with spyrus that you do need updates and also maby a trojan scanner. I am not sure if norton gets all trojans?
But have you CTRL....ALT.....DEL
And then ended this proccess that is making your CPU go haywire?
And here is a good free firewall...
And do you have a spyware and adware... Scanners, that will also remove the as and spyware from your PC.. A recommendation there is maby Spybot and Ad-Aware.
August 9th, 2004, 06:37 AM
By reading some of the links Soda posted I'd have to ask if you are hosting any games?
When death sleeps it dreams of you...
August 9th, 2004, 06:40 AM
Please note: Any and all advice presented in this post is presented as is. I am in no way responsible if you should render your system disabled. I merely present this information as an effort to share knowledge I have accumulated from my own mishaps.
To know what services are launching svchost.exe, take a look at your services list in the administrative tools (start -> settings -> control Panel -> Administrative Tools -> Services). There will be a few things there that load that executable, most of them are rather innocuous. Not every one of the services listed will be using that file either. You will need to go through them one at a time and figure that out on your own. If you find one that you don't know about, research it and then disable it if you need to. If in doubt, you can always ask here.
Another thing you will want to look at is the run/ run once entries in registry. If the virii reappear even though you thought you had cleaned them, see what is loading on boot through your registry, check the "Last Modified" time of the listed executable. To begin this do the following :
1. Open Regedit (start -> run -> type in regedit -> Press Okay)
2. Back up the registry (file -> Export Registry File -> Set the range to all -> Choose your save in directory -> give the file a name -> click okay)
3. Take a look at the following Reg Key : HKEY_LOCALMACHINE/Software/Microsoft/Windows/CurrentVersion/Run
4. Examine the values associated with Run. These are the items loading on boot. If you don't know what it is, then Google it. Once you know what it is, then either leave it or delete it. Either way, take note of the location of the exe cause you will be looking at the properties later on.
5. Take a look at the following Reg Key : HKEY_LOCALMACHINE/Software/Microsoft/Windows/CurrentVersion/RunOnce
6. repeat step 4.
7. Take a look at the following Reg Key :
8. Repeat step 4.
9. Take a look at the following Reg Key :
10. Repeat step 4.
11. Take a look at the following Reg Key :
12. Repeat Step 4.
13. Close your registry editor and start finding those executables you just took note of.
14. Once you locate the executables and examine the last modified times of them. If they are windows executables and the times don't correspond with you default install times, then you will probably want to re-extract them from your windows CD Learn how to extract files, or the i386 files if you have them. If the files are not Windows files, but distributed by some other company, perhaps an uninstall and verification of the removal of their exe is in order. Take a look at their install files and see if they provide you with a files/ time list.
You're kinda on your own from this point on as there is no simple answer that can be easily provided.
Hope this helps,
\"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"
August 9th, 2004, 05:11 PM
I did try and CTRL ALT DEL the process's but the access was denied. I also try and go through the registry like also suggested, but the window would just freeze or crash.
Cheers for the links soda will bare in mind for future playig!....
The virus's were;
bloodhound.W32 - unknown virus
There may have been others!!!!
i have managed to sort the problem out! i am no longer finding virus's, i have a new firewall which is much better than b4 (sygate) and my connection whilsr playing games is fine, but now im now unsure as to wether i have prevented anything important from working as i have downloaded a program that was suggested in another forum. Please look at the link and tell me what u think....
August 9th, 2004, 05:25 PM
Have you tried doing this all in Safe Mode? That usually gets around the "access denied" or "file already in use" problems that come with stopping processes.
August 9th, 2004, 05:32 PM
If the person you had the argument with about UT ( i hope the OG version 99 and instagib :P) was also the server admin or in control of the server then he or she may have given you all your 'presents'. There is an ammount of trust by playing on a UT server since the te game will install maps packages or whatever it needs to play, A shady admin could easily rename mydoom to a file and have it downloaded to your system.
While a solid firewall is a good step in protection you should really consider an anti-virus program. I use norton but there are a number of free ones available (google it or ask here). This way if it has autoprotection enabled you can tell when the virus is getting on your system and who may be respnsible.
That which does not kill me makes me stronger -- Friedrich Nietzche
August 9th, 2004, 08:22 PM
Well, svchost.exe was taking a lot of your procesor time.
This one is easy. And you have already fixed it. it was those first thre viruses you listed. They have ability to spread themselves over dcom (port 445 if I remeber good). When you have installed firewall, you stoped the spread. Also, I didn't check, but I supose that utility you got from grc.com was pach for flaw in MS dcom.
I know people here want to help, but guys you sometimes simply take it to wide...
It is much better to go step by step instead puting all posibilities in one post. Some beginer could be confused with so much posibilities...
anyway, we always learn something new, or at least are reminded on some tricks we forgot
Keep up the good work
Make your knowledge your deadliest weapon.