Jump to content
TSM Forums
Sign in to follow this  
Followers 0
Eclipse

CPU Usage at 100%....computer SLOWDOWN!

By Eclipse, in Technology

Recommended Posts

Eclipse    0

Eclipse
Posted

Well, this started yesterday. I boot up the PC, and then the CPU usage is at 100% the whole time! This then causes the PC to slow down...BIG TIME. Everything lags, and takes forever to process. In the Task Manager (since I have Windows 2000), I checked what was running. And I have multiple instances of the service svchost.exe. Also, an svchosts32.exe file is running. Some of the instances take over 6K in usage!

 

I don't know if this has anything to do with it, but before yesterday, I booted up the PC, and it said an ACPI device isn't working. It also said I may have to flash my BIOS. I just restarted the PC, and went along. Two days later, this problem began. If anyone can help me....it would be appreciated!

Share this post

Link to post
Share on other sites

MrRant    0

MrRant
Posted

Check the Things you Need on Your PC thread pinned at the top and download Spybot and/or Ad-Aware and run those and see if that fixes the issue.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

Well, I scanned with SpyBot, and Ad-Aware and the same spyware pops up. Usually consists of cookies and more cookies.

 

Well, that hasn't fixed my problem. Also, I wanted to check for viruses, but I have no virus scanner. The McAfee one I had with the PC was outdated. I deleted it. Since then, I have no virus scan. Are there any online scanners out there?

 

Also, are there any sites with definitions on files running during the time I have the PC on? I have NEVER seen that svchosts32.exe file I mentioned. Also, why are so many svchost.exe instances running?

Share this post

Link to post
Share on other sites

Insane Bump Machine    0

Insane Bump Machine
Posted

Sounds like a virus or a worm. If you're not a complete newbie open your registry (run-->regedit) and go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. There will probably be some suspicious entries in there. Type their names into Google and search for descriptions and methods to delete the programs.

 

Install an up-to-date anti-virus sofware, too.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

http://www.trendmicro.com/vinfo/virusencyc...WORM_RALEKA.GEN

 

 

It seems that the svchosts32.exe file is part of this worm. But, I need like a second opinion of this. Also, I am doing that command prompt, but it shows drive D, which is just a partition of my main drive. How can switch that to drive C? I tried typing C:\ but it won't change it.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

Ok, for some weird reason, it can't recognize Remote Procedure Call as a service. I know it's there, because when I type in services.msc to view the services, it lists RPC, and RPC locator. Why won't it recognize it? That is part of getting this worm out, and it won't work. Plus, I went to the places in the registry where it tells you to delete those entrys, and NONE of them even exist, when it should be since the worm makes those entries.

Share this post

Link to post
Share on other sites

Jobber of the Week    0

Jobber of the Week
Posted
In the Task Manager (since I have Windows 2000), I checked what was running. And I have multiple instances of the service svchost.exe. Also, an svchosts32.exe file is running. Some of the instances take over 6K in usage!

This is not unusual. I have a svchost.exe taking up 17MB right now.

Share this post

Link to post
Share on other sites

NoCalMike    0

NoCalMike
Posted

what exactly is svchost? I ran a search for it on my computer and I have that application. I ran McAffey anti-virus on it and it said it is not infected with a virus. I dunno if it is clean, or it just said no virus because it is compressed......

 

Question: is it SAFE to just go ahead and delete the svchost application just to get it off of my computer?

Share this post

Link to post
Share on other sites

MrRant    0

MrRant
Posted
what exactly is svchost? I ran a search for it on my computer and I have that application. I ran McAffey anti-virus on it and it said it is not infected with a virus. I dunno if it is clean, or it just said no virus because it is compressed......

 

Question: is it SAFE to just go ahead and delete the svchost application just to get it off of my computer?

God no. SVCHOST.exe is used for your internet service.

 

Eclipse - Go to the Things You Need Thread and try downloading AVG and run that. Also you may want to download Trojan Hunter. The 30 Day trial one would be enough. You do need to manually update the definitions before running it but that is very simple.

Share this post

Link to post
Share on other sites

Guest I'm That Damn Zzzzz   

Guest I'm That Damn Zzzzz
Posted

svchost is the program that controls many Windows services (many that are useless to most people) and is also the name of the MSBlaster virus.

 

If you want to free up some memory, go to http://www.blackviper.com/WinXP/servicecfg.htm and use the settings in the "SAFE" column. (Make a System Restore check point first.)

Share this post

Link to post
Share on other sites

Jobber of the Week    0

Jobber of the Week
Posted

This sounds like that worm spreading across the internet some time ago like wildfire. Microsoft released a patch many months ago, but since PEOPLE NEVER GO TO THE DAMN UPDATE SITE and install the update, six months after the update is released everyone is taken for a doozy when an exploit is made.

 

This worm was known as Blaster. The exploit works through port 135, and can allow a hacker to run whatever on your computer. It's not uncommon to find your computer being used a kiddie porn file server or whatever else the hacker has chosen to use it for. The worm itself is just simply an automated way of opening the doors.

 

If you wanted to be GOOD about security, you'd reformat. There's no telling if your computer is hacked or not, and most people wouldn't want to play risk with their credit card numbers to find out. But in general, the rule here is:

 

Use a firewall. If you can't use a firewall, get interested in how to turn off unnecessary services that go to the outside.

 

Go to Windows Update regularly. It's not just there for decoration.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

At the point that virus was all over, I had Windows ME. And plus, this virus just recently got into the PC. because that svchost32 file appeared a few days ago.

 

 

I have like 3-4 svchosts running, and I know that one of them is part of the virus. It hides itself under the name.

 

Also, I can't afford to reformat, since I have no CD burner to backup any data. I have no money to even upgrade this PC for shit. I have been begging to get a new PC for a while. Oh, don't worry about credit card purchases. I don't do online purchases.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

Well, I have tried everything....EVERYTHING. I downloaded tools that have the virus defintions of the virus that I have. Everything gets worse. Now, I have a process called cmd32.exe, which is ANOTHER worm in the system. I can't even manage through the PC with this slowdown. I think I may have to reformat.

 

Now, if I am reformat, it will go to factory settings. Does that mean that Windows ME (which was in the system when I got it) will be restored? At this point, with all the problems I have been having with stuff in Win2K, I regret updating to Win2k. Of course, I know reformatting will get rid of the worms and viruses.

Share this post

Link to post
Share on other sites

Guest Scotsman   

Guest Scotsman
Posted

Okey hold on just a second...

 

No need to do a reformat just yet.

 

Download this.

 

Click "Scan". When done, "Save Log" and save it your desktop. Then open it, and copy and paste here.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

This is what HijackTHIS found...

 

 

Logfile of HijackThis v1.96.4

Scan saved at 12:24:22 AM, on 11/30/2003

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 (5.00.2920.0000)

 

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\system32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\LEXBCES.EXE

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\LEXPPS.EXE

D:\WINNT\System32\cmd32.exe

D:\WINNT\System32\svchost.exe

D:\WINNT\system32\hidserv.exe

D:\WINNT\system32\pctspk.exe

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\System32\mspmspsv.exe

D:\WINNT\Explorer.exe

D:\WINNT\System32\ossproxy.exe

D:\Program Files\AIM\aim.exe

C:\Download Central\HOT SHIT\Avast\hijack.exe

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PrinTray] D:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [OSSProxy] D:\WINNT\System32\ossproxy.exe -boot

O4 - HKLM\..\Run: [Configuration Loader] cmd32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] cmd32.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O16 - DPF: {2649BF07-2461-45F8-8B34-1357A16DACF7} (nsBrowserConfig Class 2) - https://www.marketscore.com/globalconfig/ng...ngc_activex.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F40CDA-94AA-4AF1-B69A-1189BEA974AE}: NameServer = 151.198.0.39 151.198.0.38

O17 - HKLM\System\CS1\Services\Tcpip\..\{C5F40CDA-94AA-4AF1-B69A-1189BEA974AE}: NameServer = 151.198.0.39 151.198.0.38

 

That cmd32.exe just popped up the other day. ...

Share this post

Link to post
Share on other sites

Guest Scotsman   

Guest Scotsman
Posted

Okay...

 

OSSProxy.exe is spyware. Click on Start/Run, then type: "D:\WinNT\SYSTEM\NSCheck.exe /uninstall" and that should remove it.

 

Back to HiJack this. Put a checkmark beside D:\WINNT\system32\LEXBCES.EXE and get rid of that. It's a Lexmark program that is not needed, and is well known for causing problems.

 

Checkmark beside D:\WINNT\system32\LEXPPS.EXE as that is yet another program that is an absolute nightmare.

 

As for cmd32.exe, it's a virus. Lucky you! Okay, boot your computer in safe mode. Now, delete cmd32.exe. Then go to regedit(start/run, type regedit).

 

Now, Regedit is quite easy to browse. Simple expand the HK Local Machine, then expand Software, then expand Microsoft, Then expand Windows NT, then expand Current Version, now choose Winlogon, and you'll see in the right window, a "Shell" field. Right-click that, choose modify, change it to explorer.exe.

 

Now that may seem complicated, so if you have a second computer, I can walk you through it over AIM or whatever, or if you'd prefer, even via phone. Let me know if you need help. You can find all my contact info at Scotsmanality.

Share this post

Link to post
Share on other sites

Your Paragon of Virtue    0

Your Paragon of Virtue
Posted

Problem whenever I use spybot; a few programs that I use regularly start not running, especially Kazaa and I have to re-download it. I assume that it's got something to do with the spyware that it's removing, but regardless, is there anyway to prevent it from removing components that are necessary for programs that you actually use? Sometimes it removes shit that I don't even know about, and than BAM I can't use Kazaa anymore. Ad-Aware is good though, never had problems with that.

 

Does anyone else here have an eMachine or know what that is? It constantly tells me to d/l patches that apparently protect my comp, but I'm unsure if a) it actually works or b) it's as useful as Norton Antivirus. If someone can clear this up for me than that would be great.

Share this post

Link to post
Share on other sites

MrRant    0

MrRant
Posted

Pay attention to what it says it is removing. Kazaa (not Kazaa Lite) has spyware installed by default. It will not run without it on there.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

After renaming it to explorer.exe, the PC is running near normal speed. It still says 100%, but when I click Refresh Now, it goes down between to 16%-96%.

 

I ran HijackTHIS, but for some reason, it won't list the the running processes just like it did the last time. Why is it doing that? I can't delete the Lexmark services.

 

I also took out cmd32.exe out of the registry as well.

 

It won't find that directory that has NSCheck.exe/uninstall. It says folder was moved or removed.

Share this post

Link to post
Share on other sites

Eclipse    0

Eclipse
Posted

Well, the slowdown has returned. Even after I deleted cmd32.exe out of the registry, it starts up with the PC, with 2 instances of it.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Technology
×