Curly Posted May 9, 2004 Hello, I need serious help with my computer; it’s been playing up on me for a while. I even thought I might have been infected by the Sasser worm, but I’ve tested my computer on the Microsoft website and I'm in the clear. The problem is my computer which is windows XP keeps running really slow at startup and this has been happening for a while, So I downloaded a antivirus software called panda which is quite good, it found over two thousand infected files from the Skynet and downloader worms! I thought everything would be okay until last week my computer was running so slow I couldn’t even shutdown. My CPU usage was 100% and hadn’t even run any programs and once I did manage to shut down all these error messages popped up saying they ere closing programs I’ve never even heard of! So I did some research and I found out this could be due to spyware, and so I downloaded a package called Adware 6, which found and removed in total 222 spyware programs and files. Okay so you would think that the computer would be much faster after that, well it was a little bit better. Anyways, now I have another problem, every time I start Adware 6 my computer setting change to 8 bit. Obviously this is really annoying so I change it using properties and its okay until the next time I open adware 6. I thought this might be due to the compatibility setting for the program but everything seems normal there. I also get an error message as soon as I start-up windows XP saying that I’ve changed the msconfig, which I did because I couldn’t think of any other way of stopping all these useless programs run at start-up. I'm think what’s the point having the option if they won’t let you use it!!!! (Bloody bill gates!) I also found a program called khooker.exe which runs at start-up but isn’t recorded on msconfig but is present well I run the adware scan. The scan detect about 25 programs running (is this normal?) #:1 [smss.exe]* #:2 [winlogon.exe]*isn’t this the program that the Sasser worm disguises itself as? #:3 [services.exe]* I believe this is the Khooker.exe program disguised #:4 [lsass.exe]* this scared me, isn’t it the Sasser worm? The file description said LSA SHELL #:5 [svchost.exe]* #:6 [svchost.exe]*Why is it running two and what the hell is it? #:7 [spoolsv.exe]* #:8 [aolacsd.exe] #:9 [pavsrv51.exe]*Panda software #:10 [avengine.exe]*Panda software #:11 [explorer.exe] #:12 [realplay.exe] #:13 [apvxdwin.exe]* Panda software #:14 [aoldial.exe] #:15 [esb.exe] #:16 [wtoolsa.exe]* #:17 [msnmsgr.exe] #:18 [pavproxy.exe]* #:19 [wsup.exe]* #:20 [wtoolss.exe]* #:21 [waol.exe] #:22 [ad-aware.exe] #:23 [shellmon.exe]* #:24 [aoltpspd.exe] #:25 [rundll32.exe]* A few of these I recognize and seem totally normal but I’ve put a star next to the ones I'm suspicious of. Any help what so ever would be greatly appreciated, I'm not computer whiz kid but I'm sure many of you on SOL are clued up on computers, So please help me!!!!!! Thank you in advance! Quote Share this post Link to post Share on other sites
Curly Posted May 9, 2004 Come on where are all the computer geeks when you need them?!!! No seriously, jokes aside...HELP ME PLEASE!!! Quote Share this post Link to post Share on other sites
OG Moti Posted May 9, 2004 svchost.exe] Application that works as a host process for services that run from dynamic link libraries. it is from Microsoft company ..SVCHOST.exe is kinda important it is not a virus it is a required system component SVchost stands for service host smss.exe Session Manager Subsystem Description: Application that is used to start, manage, and delete user sessions or client sessions under Terminal Server. lsass.exe Local Security Authority Service it is a Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service. winlogon.exe is just another windows NT/2000/xp component.. none of these are viruses or worms .. I think what u got is too many start up programs that taking all the space of ur memory.. beside check for spy software again in ur system and check the security settings .. maybe ur system is open ... nothing to worry about just remove these software that are starting up when u boot ur system and occupy the memory of ur system.. and take a huge amount of CPU time.. real player is one major headache norton anti virus and spyware as well.. good luck ..... u are in deep shiit, i know how it feels when ur system is crolling and u have to wait hours to write one damnnn post ... peace Quote Share this post Link to post Share on other sites
OG Moti Posted May 9, 2004 good luck ........... Quote Share this post Link to post Share on other sites
Curly Posted May 9, 2004 Thanks OG-Moti, that was alot of help but does the fact that my computer is intel celeron, make it any worse? And how do I remove these from startup without getting silly error messages? Quote Share this post Link to post Share on other sites
OG Moti Posted May 9, 2004 celeron is not bad thou .. it is good for cool places... try to add another fan in ur system unit... and upgrade ur memory it will cost a bit more thou... but to remove these files go to regedit and from there i suggest one of the faaraxas around u who has been around pcs to help removing these files.. or to solve the problem .. backup ur data and reinstall windows .. i suggest windows 2000 much better than xp it is a headache thou it sounds fancy but security is a real issue and it has lots of functions that arent easy to understand... want to download a free all the expensive software including windows (all) go to http://www.click-now.net/downloads13.htm peace and enjoy .. dont tell anyone Quote Share this post Link to post Share on other sites
Curly Posted May 9, 2004 But I don't want reboot the whole computer and uninstall window XP it's too much hassle and just trying to get it back to how it was would be too much work! Please tell me this is not my only option! PLEASE! **in tears at the moment!** I'VE ONLY HAD THIS COMPUTER FOR LESS THAN FOUR MONTHS!!!!! Quote Share this post Link to post Share on other sites
Caano Geel Posted May 9, 2004 Easy Psycho!, no need to for tears, do the folling: code: 1. try installing teh prog ar Startup Control Pane ( http://www.mlin.net/StartupCPL.shtml ) 2) check whats on you registary and startup remove what looks as thought it shoulnt be there..! If you dont know post it and i''l try to help. 3. Download FirexFox ( http://www.mozilla.org/products/firefox/ ) and use it instead of iexplorer. 4. Download Zone Alarm as a personal firewall ( http://www.zonelabs.com/store/content/home.jsp ) (Be sure to read the manual so your not frustarted with progs being denied acces to the internet) 5. Migrate to gentoo linux www.gentoo.org Its not strange that removing spyware *!%*'s up your system, but there generally is a way back. Its most likely that a program your using is linked to spyware i.e. kazaa, starts up but cant fully run without the spyware you removed, in which case it crashes some part of your system. One very very very tedius way to find out is to unquanrentine the spyware you removed in Adaware and then remove them one-by-one to se what happens. But i think that some rndom reg keys have been added and you should be able to sort it out without having to take the chainsaw to it. Quote Share this post Link to post Share on other sites
Jaabir Posted May 9, 2004 Pssst.... sue, have you tried system restore function in your XP :cool: Quote Share this post Link to post Share on other sites
Curly Posted May 9, 2004 Thank for the help Caano Geel, I'm going to try that...but it does seem like I've got a lot to do. But thanks anyways!!!!! Oh and Darman walaal, I tried that...but it didn't work. It told me to pick another restore date but it wouldn't give me any other restore dates to choose from! Quote Share this post Link to post Share on other sites
