RE: Services.exe strange behaviour
- From: Panda_man <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Mar 2006 10:02:06 -0800
My reply is at the bottom of your message :
"samelmore@xxxxxxxxx" wrote:
I had a virus infection on my Windows XP Pro SP2 installation a month
ago. I have successfully removed the infection, but I have noticed
some strange behaviour on my system ever since.
Upon startup, maybe 25% of the time, services.exe will die, causing my
system to shutdown after a 1 minute timeout.
Also, if my wireless network connection is enabled, services.exe will
enumerate every single file on my hard drive, in alphabetical, depth
first order. This can take upwards of 1 hour, and is only noticable
because I was using sysinternals filemon utility to trace another
problem. About every 30 minutes, the services.exe will hit 100% CPU
usage for about 15-30 seconds. Interestingly, if I am connected to a
network with the wired network adapter, or if I am not connected to any
network, services.exe does not enumerate the files or takeu up the CPU
time.
There are no suspect ports open on my machine. I have verified that
the services.exe file is the same (with a file compare) as the one
provided with SP2, and that the services.exe that is running is indeed
running out of the c:\windows\system32 directory and not some rogue
directory.
I have only minimal services running on this machine. The only two
running services listed to run under the services.exe are Event Log and
Universal Plug and Play.
It seems to me that this is not appropriate behaviour. My question,
then, is: should I expect this behaviour from services.exe? How can I
troubleshoot further to determine if this is a problem or not?
Thanks,
Sam
Open Start->Search and then search using advanced options for all files
that have the name services.exe
Then submit them to Virul Total
http://www.virustotal.com/flash/index_en.html
Send a suspicious file for analyze to VirusTotal
They will scan it for malware with almost all antivirus softwares with the
latest definitions
and then will send you the report.The service is FREE .
If something is suspicious they will send the file to all antivirus
companies so that
they will establish signatures for disinfecting the malware.
If a malware is found , you can post back telling use what is the malware
found and exactly which scanner finds it.
Then , perform the *fast* malware removal instructions in my web-site to
make sure you are really clean of all kind of threats.
http://pandaman.my.contact.bg
Now , make sure you are 100 % clean of all kind of threats (you really
should be now if you have strictly done my suggestions ;) ) .
Do a repair install of Windows .
Running the System File Checker (sfc.exe),
this will scan all protected Windows files to verify their versions have not
been overwritten or damaged,
and if so will replace the compromised version with a fresh copy.
To run it, click Start->Run and type
sfc.exe /scannow
Make sure you keep handy your Windows CD/Recovery CD which you received when
you bought your
Windows / computer because you'll need it to do the repair !!! Do the repair
if necessary .
Feel free to contact the Community again ! :-)
Panda_man
--
Prevention is always better than cure !
--
My web page:
http://pandaman.my.contact.bg
Learn how to protect your computer:
http://www.microsoft.com/protect
Please , rate posts
.
- References:
- Services.exe strange behaviour
- From: samelmore
- Services.exe strange behaviour
- Prev by Date: Re: internet explorer password
- Next by Date: NTFS home folder default permissions.
- Previous by thread: Services.exe strange behaviour
- Next by thread: Re: Services.exe strange behaviour
- Index(es):
Relevant Pages
|
