Possible worm infection or something else?

From: Giancarlo Ballestracci - IT & Technical Support (giancarlo.ballestracci_at_progenit.it)
Date: 11/28/03

  • Next message: Lou: "Re: McAfee Anti Virus V4.5.1 SP1" 
    To: <security-basics@securityfocus.com>, <focus-virus@securityfocus.com>
Date: Fri, 28 Nov 2003 09:41:21 +0100

    Hi The Group,
    I hope someone get me a good advice about this problem. I have a notebook
    with multiboot startup (2 Win2k, 1 WinXP). On the first partition Win2k,
    svchost.exe take the 100% of CPU's resources. The system is regularly
    patched (SP4 and all the latest Hot Fixes), personal firewall and Antivirus
    clients updated. Scans with Symantec and Trend Micro have nothing found.
    I've tried to shut down all the services possible, without good result. I've
    also removed the last six applications installed on: nothing happen. Only in
    safe mode (clear...), the CPU work fine.
    It's possible that a (new) worm sleep inside the client? Initially, I have
    thought about a Blaster Worm... I've checked also the system registry, but
    nothing strange in on RUN key of LOCAL MACHINE.

    Anybody can light me?

    Thanks in advance

    Giancarlo
    IT Manager

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Lou: "Re: McAfee Anti Virus V4.5.1 SP1"

    Relevant Pages

    • Re: Your Guess for Project Cost?
      ... Going through all the approvals for that. ... > because each of them likely has their own agenda about what the video ... > but this one will take a lot more time and resources on my part. ... In almost all cases I find clients to be reasonable people able ...
      (rec.video.production)
    • RE: 2003 Enterprise Storage Edition Cluster
      ... for all clients and not for all resources. ... >fail right away? ... No, through the cluster ...
      (microsoft.public.windows.server.clustering)
    • Re: Possible worm infection or something else?
      ... Giancarlo Ballestracci - IT & Technical Support wrote: ... >clients updated. ... >It's possible that a worm sleep inside the client? ... I've checked also the system registry, ...
      (Security-Basics)
    • Re: Companies that sell lists
      ... I was asked just yesterday to put client information inthe hands of a third party, a vendor, who would contact my clients "once" to offer them a chance to be included on regular mailings. ... Buying and selling mailing lists is just contrary to that ideal. ... Buying one is rather like buying a puppy from a puppy mill, it only encourages the bad guys and that tarnishes the reputation of the industry as a whole. ... the OP can use Google or a similar search engine to locate the resources he seeks. ...
      (rec.travel.cruises)
    • Re: Securing Data on a Notebook
      ... He is also concerned about someone else installing keylogger software. ... the notebook is for Word and Excel. ... and again the data will be placed at risk. ...
      (microsoft.public.windowsxp.general)