Pandaman
Mon Mar 20 12:02:06 CST 2006
My reply is at the bottom of your message :
"samelmore@yahoo.com" wrote:
> I had a virus infection on my Windows XP Pro SP2 installation a month
> ago. I have successfully removed the infection, but I have noticed
> some strange behaviour on my system ever since.
>
> Upon startup, maybe 25% of the time, services.exe will die, causing my
> system to shutdown after a 1 minute timeout.
>
> Also, if my wireless network connection is enabled, services.exe will
> enumerate every single file on my hard drive, in alphabetical, depth
> first order. This can take upwards of 1 hour, and is only noticable
> because I was using sysinternals filemon utility to trace another
> problem. About every 30 minutes, the services.exe will hit 100% CPU
> usage for about 15-30 seconds. Interestingly, if I am connected to a
> network with the wired network adapter, or if I am not connected to any
> network, services.exe does not enumerate the files or takeu up the CPU
> time.
>
> There are no suspect ports open on my machine. I have verified that
> the services.exe file is the same (with a file compare) as the one
> provided with SP2, and that the services.exe that is running is indeed
> running out of the c:\windows\system32 directory and not some rogue
> directory.
>
> I have only minimal services running on this machine. The only two
> running services listed to run under the services.exe are Event Log and
> Universal Plug and Play.
>
> It seems to me that this is not appropriate behaviour. My question,
> then, is: should I expect this behaviour from services.exe? How can I
> troubleshoot further to determine if this is a problem or not?
>
> Thanks,
> Sam
>
Open Start->Search and then search using advanced options for all files
that have the name services.exe
Then submit them to Virul Total
http://www.virustotal.com/flash/index_en.html
Send a suspicious file for analyze to VirusTotal
They will scan it for malware with almost all antivirus softwares with the
latest definitions
and then will send you the report.The service is FREE .
If something is suspicious they will send the file to all antivirus
companies so that
they will establish signatures for disinfecting the malware.
If a malware is found , you can post back telling use what is the malware
found and exactly which scanner finds it.
Then , perform the *fast* malware removal instructions in my web-site to
make sure you are really clean of all kind of threats.
http://pandaman.my.contact.bg
Now , make sure you are 100 % clean of all kind of threats (you really
should be now if you have strictly done my suggestions ;) ) .
Do a repair install of Windows .
Running the System File Checker (sfc.exe),
this will scan all protected Windows files to verify their versions have not
been overwritten or damaged,
and if so will replace the compromised version with a fresh copy.
To run it, click Start->Run and type
sfc.exe /scannow
Make sure you keep handy your Windows CD/Recovery CD which you received when
you bought your
Windows / computer because you'll need it to do the repair !!! Do the repair
if necessary .
Feel free to contact the Community again ! :-)
Panda_man
--
Prevention is always better than cure !
--
My web page:
http://pandaman.my.contact.bg
Learn how to protect your computer:
http://www.microsoft.com/protect
Please , rate posts