explorer.exe now hogging resources

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Any ideas on what happened and how to fix this one?  Thanks.......



Re: explorer.exe now hogging resources

On this special day, -Nisko- wrote:

Quoted text here. Click to load it

Maybe it is related to the AlCan worm removal procedure, that you
reported in your previous posting? Somehow, your system is seriously
broken.

Time for some reading
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Re: explorer.exe now hogging resources

I hope it isn't seriously broken.  I rebooted and it's working fine (for
now).  I made the Services changes that thecreator recommended before
rebooting.  Keeping my fingers crossed.  I have the feeling that the MS
Malicious Software Recovery Tool is giving me a false positive.  Hope I'm
right..........


Quoted text here. Click to load it



Re: explorer.exe now hogging resources


| I hope it isn't seriously broken.  I rebooted and it's working fine (for
| now).  I made the Services changes that thecreator recommended before
| rebooting.  Keeping my fingers crossed.  I have the feeling that the MS
| Malicious Software Recovery Tool is giving me a false positive.  Hope I'm
| right..........
|

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: explorer.exe now hogging resources


Quoted text here. Click to load it
David, I was able to run Sophos overnight - here are the results:

Could not check C:\Documents and Settings\Bob Onysko\Local
Settings\Application Data\IM\Notifier\envelopee.imn\EnvelopEMoreMail.swf
(virus scan failed)
Scan aborted due to an unrecoverable error.

11181 files swept in 2 hours, 20 minutes and 29 seconds.
3845 errors were encountered.
No viruses were discovered.
3800 encrypted files were not checked.
Ending Sophos Anti-Virus.

The results are 'cryptic' to me.  Doesn't look like Sophos found malware -
but, what are the 3,845 errors?  Should I be concerned?  Going to run Trend
now.



Re: explorer.exe now hogging resources


Quoted text here. Click to load it
It's 11:18am EST and I'm running the second AV app.  Guess I should have
asked you exactly what I'm doing and why.  Running this app is unusual for
me (DOS mode and five programs in one).  Also, I have to run them
consecutively.  Also, I was thinking, if it's possible to identify what
processes called up svchost.exe, it should also be possible to trace them to
determine which one(s) are chewing up my processor - Yes?  I should mention
that the svchost that is using 90% of my processor has about 30 processes
attached to it.  Thought that was unusual.  However, when svchost is
behaving normally, I still have one instance of svchost that is attached to
about 30 processes.  Does that make sense?  Thanks......



Re: explorer.exe now hogging resources



| It's 11:18am EST and I'm running the second AV app.  Guess I should have
| asked you exactly what I'm doing and why.  Running this app is unusual for
| me (DOS mode and five programs in one).  Also, I have to run them
| consecutively.  Also, I was thinking, if it's possible to identify what
| processes called up svchost.exe, it should also be possible to trace them to
| determine which one(s) are chewing up my processor - Yes?  I should mention
| that the svchost that is using 90% of my processor has about 30 processes
| attached to it.  Thought that was unusual.  However, when svchost is
| behaving normally, I still have one instance of svchost that is attached to
| about 30 processes.  Does that make sense?  Thanks......
|

It is NOT DOS or DOS Mode.

It is a full Win32 Command Console.

Yes, what you post makes sense.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: explorer.exe now hogging resources


Quoted text here. Click to load it


I think I now understand what I have to do with PE to find the root cause of
svchost using so much of my CPU.  When I have the problem, I should open PE
and hover the cursor over the instance of svchost.exe that has the high
usage.  Doing this opens a popup (light yellow) window that shows all the
Services tied to it.  All I need to know now is how to see the CPU usage
associated with each Service - and I've found my culprit.  Assuming that
Service is on Automatic, I can then set it to Manual or Disable depending on
whether I need it or not.

1.  Can you instruct me on how to see the CPU usage for each Service?
Couldn't figure this out on my own.

2.  Next to each Service is a short definition and it tells what happens if
you disable it.  Is there another place I can go to get a better 'layman's'
description of each Service?

3.  If I set a Service to Manual, and a needed Service tries to start, does
a window pop up asking the user if he wants to start it?

Thanks again..........



Re: explorer.exe now hogging resources


|
Quoted text here. Click to load it
|
Quoted text here. Click to load it
|
| I think I now understand what I have to do with PE to find the root cause of
| svchost using so much of my CPU.  When I have the problem, I should open PE
| and hover the cursor over the instance of svchost.exe that has the high
| usage.  Doing this opens a popup (light yellow) window that shows all the
| Services tied to it.  All I need to know now is how to see the CPU usage
| associated with each Service - and I've found my culprit.  Assuming that
| Service is on Automatic, I can then set it to Manual or Disable depending on
| whether I need it or not.
|
| 1.  Can you instruct me on how to see the CPU usage for each Service?
| Couldn't figure this out on my own.


Nope.  You really can't "directly" tie a NT Service [ such as "Automatic
Updates" (aka;
wuauserv)] to CPU utilization.


|
| 2.  Next to each Service is a short definition and it tells what happens if
| you disable it.  Is there another place I can go to get a better 'layman's'
| description of each Service?


Not really.  You would have to study the OS and read of on the subject matter.


|
| 3.  If I set a Service to Manual, and a needed Service tries to start, does
| a window pop up asking the user if he wants to start it?

Nope.
- If a NT Service is set to "automatic" it will start when the OS boots
- If a NT Service is set to "manual" it will only start when a program or other
service that
depends upon it will start it and when it is done will stop it.  [ example;
BITS ]  Or if
the user "manually" starts the service and the user would have to manually stop
it.
- If a NT Service is set to "disabled" it will NOT start unless its state is
altered to one
of the above. [ "automatic" or "manual" ]



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: explorer.exe now hogging resources

Quoted text here. Click to load it


OK, then what's the downside to setting everything to Manual?  My thought
is:  If I can identify all Processes associated with the svchost that's
hogging my resources, why can't I just set all those on Manual (if they're
not already Disabled).  Then, if one of them is using a lot of CPU time, it
will only happen when the Process is called for - and will stop when the
process is no longer needed.



Re: explorer.exe now hogging resources

Had to stop the scans - the second one was taking all day and I needed the
PC for something else.  Besides, for now, there's no CPU hogging.


Quoted text here. Click to load it



Site Timeline