Hi guys here is the saga to my war-against-worms. The system is XP with NAV2K. Here I go....

I had Norton 2k installed on my system which I kept updating in about once a month, few months back the live update subscription of my Norton got expired and for few months I was on my non-updated AV system. Then one day I experienced my PC slowing down and its performance degrading, on a closer look I found multiple unknown processes and number of unexplained network connections when I used my dial-up. Being a computer guy (but not a sys admin) I rushed of to Internet searched for all the suspected processes. I removed as many files/registry entries/services etc. that I could from the information I received on the net.

I followed this up with online scans from adwarwe, Norton and trend and some more. They did find two worms and cleaned them, I did a fresh round of complete scans and my system was certified clean of virus. Oh! I forgot to mention that I had to download a utility from Symantec to remove Norton, as the virus had made Norton incapable of doing anything (even uninstall !!). I finally got CA's EzArmor firewall+Av suit and installed it. I completed the process by updating my XP to SP2.

I though that I had done enough to get rid of the menace but I had a surprise waiting. I suddenly found my system getting realllllly slowed down, no funny processes but lots of svchost eating up huge memories and having lots of I/O reads (above 1000 in 5 minutes) same for my lsass process. I checked these figures with other systems and did find the I/O read property abnormally high , coupled with this after about 5 days of usage my dial/up broke and then my lan access broke. I mean now I can not connect to outside world, reinstalling drivers doesn’t help (firewalls were disabled and there is nothing related to new AV or Sp2 that could be causing these problems) . Phew.... I could have easily formatted my system, but I was hell bent upon removing the worms/spyware without a reformat.

I just want to ask you guys one thing, What the heck did I do wrong. Is there something I can still do and get out of this mess. After my LAN-die out I really wanted to reformat my system, this is my last attempt to resolve this issue. Its been over a month and I dint keep track of my actions, that’s why you see stuff like "few more", "etc', "few worms" and all.

OK I should add this, some of the initial processes were, ftpd.exe, update32.exe, some service that said it was USB2 driver etc.



TIA.