A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Why does msinfo32.exe take 49.9 of resources and freeze the computer?



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old December 20th 17, 03:36 AM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

VanguardLH on Tue, 19 Dec 2017 16:44:50 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:
I am not starting msinfgo32.exe something else is, and I have no idea
what it is.


So follow the instructions already provided to you on how to investigate
and find startup items. We're not there. You'll have to do the work.
You'll have to find the startup item that loads msinfo32.exe and delete
or disable it.


Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
Ads
  #17  
Old December 20th 17, 04:29 AM posted to alt.windows7.general
Mayayana
external usenet poster
 
Posts: 6,438
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

"pyotr filipivich" wrote

| Sorry, my problem is that far too often, by the time I can "do"
| anything - msinfo has completed its task and closed down.

If it were me I'd start by checking Autoruns and
the enabled services. If there's nothing obvious then
check Process Explorer when msinfo runs to see if
you can figure out the parent process, or at least
what else is running. Failing that, move or delete
msinfo. I don't think it's a particularly valuable
program. It just uses WMI to collect system info.
You can do that yourself with a script, or with a
free system info program.
On my XP systems it won't run anyway because
I always disable Windows File Protection and
that takes the whole help system with it. Msinfo32
is another casualty. I've never missed it.


  #18  
Old December 20th 17, 05:12 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

pyotr filipivich wrote:

VanguardLH:

pyotr filipivich wrote:

I am not starting msinfgo32.exe something else is, and I have no
idea what it is.


So follow the instructions already provided to you on how to
investigate and find startup items. We're not there. You'll have
to do the work. You'll have to find the startup item that loads
msinfo32.exe and delete or disable it.


Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.


That won't affect that it is either a startup program (so use the tools
mentioned to find it) or malware (so do a scan using something better
than what Microsoft dumps in Windows). Is there a reason you won't
check the startup programs or do an AV scan?
  #19  
Old December 20th 17, 04:54 PM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

"Mayayana" on Tue, 19 Dec 2017 22:29:42
-0500 typed in alt.windows7.general the following:
"pyotr filipivich" wrote

| Sorry, my problem is that far too often, by the time I can "do"
| anything - msinfo has completed its task and closed down.

If it were me I'd start by checking Autoruns and
the enabled services. If there's nothing obvious then
check Process Explorer when msinfo runs to see if
you can figure out the parent process, or at least
what else is running. Failing that, move or delete
msinfo. I don't think it's a particularly valuable
program. It just uses WMI to collect system info.
You can do that yourself with a script, or with a
free system info program.
On my XP systems it won't run anyway because
I always disable Windows File Protection and
that takes the whole help system with it. Msinfo32
is another casualty. I've never missed it.


There is so much in Windows which is "just so cool" if you hack
Windows, but not if you intend to just use the computer for other
work.

grumble grouch
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #20  
Old December 20th 17, 04:54 PM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:
VanguardLH:
pyotr filipivich wrote:
I am not starting msinfgo32.exe something else is, and I have no
idea what it is.

So follow the instructions already provided to you on how to
investigate and find startup items. We're not there. You'll have
to do the work. You'll have to find the startup item that loads
msinfo32.exe and delete or disable it.


Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.


That won't affect that it is either a startup program (so use the tools
mentioned to find it) or malware (so do a scan using something better
than what Microsoft dumps in Windows). Is there a reason you won't
check the startup programs or do an AV scan?


the AV scans say I'm good (malwarebites, avast, comodo)

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_, other than apparently because MS
thinks it a neat idea to run it.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #21  
Old December 20th 17, 08:23 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Why does msinfo32.exe take 49.9% of resources and freeze thecomputer?

pyotr filipivich wrote:
VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:
VanguardLH:
pyotr filipivich wrote:
I am not starting msinfgo32.exe something else is, and I have no
idea what it is.
So follow the instructions already provided to you on how to
investigate and find startup items. We're not there. You'll have
to do the work. You'll have to find the startup item that loads
msinfo32.exe and delete or disable it.
Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.

That won't affect that it is either a startup program (so use the tools
mentioned to find it) or malware (so do a scan using something better
than what Microsoft dumps in Windows). Is there a reason you won't
check the startup programs or do an AV scan?


the AV scans say I'm good (malwarebites, avast, comodo)

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_, other than apparently because MS
thinks it a neat idea to run it.


Why do you assume Microsoft is doing this ?

You do realize that a *lot* of Windows malfunctions are
caused by third parties, not Microsoft.

I've still not seen your analysis of what is
actually running. Is it *really* a copy of msinfo32.exe
from the System folder ? Or is it a third party
program with that name, running from your
Downloads folder ?

If there is a rootkit present on your machine (3% of
malware uses rootkits), then they can change the *appearance*
of virtually any file. They can be running a copy of
msinfo32 which does not have the same byte content
as the copy on the disk drive. You can upload the
file to virustotal, and it will scan clean, because
it isn't actually the file that is currently running
on the computer. So there will be some cases,
where you will be confused by what owns the machine,
and will never get a clear picture of the situation.

If you boot a Linux LiveCD, that allows an offline analysis
of the disk content. If you find a copy of msinfo32.exe then,
the rootkit is not actively modifying it. But at shutdown,
the rootkit can leave things in a state, so there are
"few tracks" left of what it has done.

Some malware, stores content outside of data clusters,
up in the last fraction of 8MB of the partition. This
is not officially part of the file system, and a
great place to store things.

One of the reasons I've zeroed entire drives, before
doing an OS restore, is so that the end of the partition
will be clean, and a canary indication of trouble if
it ends up dirty again.

Example of a tool for rootkits.

https://support.kaspersky.com/viruses/solutions/5353

The TDSS rootkit modifies the atapi.sys file, and
changes some stuff on the fly. So it modifies some
things in such a way, that *your* attempts to scan
it while the OS runs, always reveal a clean copy,
while the copy the OS is using, is infected.

https://en.wikipedia.org/wiki/Alureon

It's highly unlikely this is running on your machine...
but the howls of grief when Microsoft pushed out
a change to atapi.sys, indicates that there are
people out there with active copies of that running
on the computer. The incidence is not zero. And
even if they put some guys in jail, others will
continue using the vector.

Summary: It could be a totally naive instance, of
eight copies of an obscure utility deciding
to "run on their own". But this ignores the
other extreme possibilities, of what it might
be. I'm not a malware expert, but I've read enough
discouraging reports to never discount any
possibility when it comes to computer
malfunctions. Keep an open mind while you
work on this. What you're seeing is not normal.

When you see processes doing a lot of work on the computer,
watch your hard drive LED. If the processes are doing
a lot of reads and writes, that could be ransomware.
If it is Ransomware, your files will magically
end up with new file extensions...

"When first released, the extension used for encrypted
files was .Locky. Other versions utilized the .zepto,
.odin, .****, .thor, .aesir, and .zzzzz extensions
for encrypted files. The current version, released
in December 2016, utilizes the .osiris extension
for encrypted files."

I first looked up that article, when someone in the other
groups, started seeing ".osiris" extensions on his files.
And by then, it was too late. It took *months* to undo
the damage, reinstall OSes and so on. The individual
did not have complete system backups, just a few copies
of his Downloads folder.

Paul
  #22  
Old December 20th 17, 09:52 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

pyotr filipivich wrote:

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_,


The Start menu's Startup folder (under your profile and under the All
Users profile) is just one of *MANY* places to specify a program loads
on Windows load, on login, on an event, as a scheduled task, etc. Did
you actually yet use msconfig.exe to look at the list of startup items?
If it is listed in msconfig then you need something more robust to list
all startup locations, like SysInternals' AutoRuns (where you can even
search on "msinfo" to find it is defined in the dozens and dozens of
startup locations).

other than apparently because MS thinks it a neat idea to run it.


Wrong. No version of Windows has ever had msinfo32.exe as a default
startup program.
  #23  
Old December 20th 17, 10:18 PM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

Paul on Wed, 20 Dec 2017 14:23:13 -0500 typed
in alt.windows7.general the following:
pyotr filipivich wrote:
VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:
VanguardLH:
pyotr filipivich wrote:
I am not starting msinfgo32.exe something else is, and I have no
idea what it is.
So follow the instructions already provided to you on how to
investigate and find startup items. We're not there. You'll have
to do the work. You'll have to find the startup item that loads
msinfo32.exe and delete or disable it.
Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.
That won't affect that it is either a startup program (so use the tools
mentioned to find it) or malware (so do a scan using something better
than what Microsoft dumps in Windows). Is there a reason you won't
check the startup programs or do an AV scan?


the AV scans say I'm good (malwarebites, avast, comodo)

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_, other than apparently because MS
thinks it a neat idea to run it.


Why do you assume Microsoft is doing this ?


I have to start somewhere.

You do realize that a *lot* of Windows malfunctions are
caused by third parties, not Microsoft.


This is true too. But MS has done enough over the years to make
me miss command lines and directory trees.

I've still not seen your analysis of what is
actually running. Is it *really* a copy of msinfo32.exe
from the System folder ? Or is it a third party
program with that name, running from your
Downloads folder ?


Downloads is empty. I keep it hat way mostly. Have other places
where I pre-sort things I download.

Using Process Hacker - msinfo32 is not running now.

From prior experience, msinfo32.exe is/was apparently called by
cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet
Security"
cmdagent ( was started one hour and seven minutes ago (when I
rebooted the computer)) by "services.exe" (from windows\system32).
Services is called by wininit.exe, also in system32.

If there is a rootkit present on your machine (3% of
malware uses rootkits), then they can change the *appearance*
of virtually any file. They can be running a copy of
msinfo32 which does not have the same byte content
as the copy on the disk drive. You can upload the
file to virustotal, and it will scan clean, because
it isn't actually the file that is currently running
on the computer. So there will be some cases,
where you will be confused by what owns the machine,
and will never get a clear picture of the situation.

If you boot a Linux LiveCD, that allows an offline analysis
of the disk content. If you find a copy of msinfo32.exe then,
the rootkit is not actively modifying it. But at shutdown,
the rootkit can leave things in a state, so there are
"few tracks" left of what it has done.

Some malware, stores content outside of data clusters,
up in the last fraction of 8MB of the partition. This
is not officially part of the file system, and a
great place to store things.

One of the reasons I've zeroed entire drives, before
doing an OS restore, is so that the end of the partition
will be clean, and a canary indication of trouble if
it ends up dirty again.


Clever. I shall make a note of that.

Example of a tool for rootkits.

https://support.kaspersky.com/viruses/solutions/5353

The TDSS rootkit modifies the atapi.sys file, and
changes some stuff on the fly. So it modifies some
things in such a way, that *your* attempts to scan
it while the OS runs, always reveal a clean copy,
while the copy the OS is using, is infected.

https://en.wikipedia.org/wiki/Alureon

It's highly unlikely this is running on your machine...
but the howls of grief when Microsoft pushed out
a change to atapi.sys, indicates that there are
people out there with active copies of that running
on the computer. The incidence is not zero. And
even if they put some guys in jail, others will
continue using the vector.

Summary: It could be a totally naive instance, of
eight copies of an obscure utility deciding
to "run on their own". But this ignores the
other extreme possibilities, of what it might
be. I'm not a malware expert, but I've read enough
discouraging reports to never discount any
possibility when it comes to computer
malfunctions. Keep an open mind while you
work on this. What you're seeing is not normal.


From what I've been able to sus out - msinfo gets run "to gather
information about your computer, to diagnose issues with your
computer, or to access other tools"

When you see processes doing a lot of work on the computer,
watch your hard drive LED. If the processes are doing
a lot of reads and writes, that could be ransomware.
If it is Ransomware, your files will magically
end up with new file extensions...

"When first released, the extension used for encrypted
files was .Locky. Other versions utilized the .zepto,
.odin, .****, .thor, .aesir, and .zzzzz extensions
for encrypted files. The current version, released
in December 2016, utilizes the .osiris extension
for encrypted files."

I first looked up that article, when someone in the other
groups, started seeing ".osiris" extensions on his files.
And by then, it was too late. It took *months* to undo
the damage, reinstall OSes and so on. The individual
did not have complete system backups, just a few copies
of his Downloads folder.


Thanks.

Paul

--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #24  
Old December 20th 17, 11:46 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

In message , pyotr
filipivich writes:
VanguardLH on Tue, 19 Dec 2017 16:44:50 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:
I am not starting msinfgo32.exe something else is, and I have no idea
what it is.


So follow the instructions already provided to you on how to investigate
and find startup items. We're not there. You'll have to do the work.
You'll have to find the startup item that loads msinfo32.exe and delete
or disable it.


Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.


Well, in that case, and since Mayayana has said (though not in these
words explicitly) it isn't needed for the computer to run, just - next
time you have control of the computer, i. e. "msinfo" ISN'T running -
rename it. (Make sure you find and rename ALL copies of it, too.) That
_should_ stop it ever running, since whatever's calling it will call
something that doesn't exist.

This doesn't explain why it's being called.

(It also doesn't explain why it's taking ages to run and using lots of
CPU when it does, when some here have said it ought to complete in a few
seconds. But rename them anyway.)

Also, when you're finding and renaming them, see if they're all the same
size/date/whatever; if one isn't, that's probably suspicious.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Radio 4 is the civilising influence in this country ... I think it is the most
important institution in this country. - John Humphrys, Radio Times
7-13/06/2003
  #25  
Old December 21st 17, 12:31 AM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Why does msinfo32.exe take 49.9% of resources and freeze thecomputer?

pyotr filipivich wrote:

From prior experience, msinfo32.exe is/was apparently called by
cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet
Security"
cmdagent ( was started one hour and seven minutes ago (when I
rebooted the computer)) by "services.exe" (from windows\system32).
Services is called by wininit.exe, also in system32.


I see one reference in Google to this. Is this real ?

Have a look through your Comodo folders for artifacts.

C:\ProgramData\Comodo\Cis\telemetry\msinfo32

Paul
  #26  
Old December 21st 17, 05:03 AM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

Paul on Wed, 20 Dec 2017 18:31:05 -0500 typed
in alt.windows7.general the following:
pyotr filipivich wrote:

From prior experience, msinfo32.exe is/was apparently called by
cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet
Security"
cmdagent ( was started one hour and seven minutes ago (when I
rebooted the computer)) by "services.exe" (from windows\system32).
Services is called by wininit.exe, also in system32.


I see one reference in Google to this. Is this real ?


What is real? That cmdagent.exe is called by services.exe? or
that services.exe is called by wininit.exe?

Have a look through your Comodo folders for artifacts.

C:\ProgramData\Comodo\Cis\telemetry\msinfo32


Only thing in there was
msinfo_cb44cdce828a88b917eda4bdb6ef70aac6c9122.nfo size 14.2MB from
this morning
which had all the system info, but is no longer there to be
accessed. (My bad, I deleted it, and Recycle Bin can neither restore
or display the contents.)


Paul

--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #27  
Old December 21st 17, 05:03 AM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

VanguardLH on Wed, 20 Dec 2017 14:52:18 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_,


The Start menu's Startup folder (under your profile and under the All
Users profile) is just one of *MANY* places to specify a program loads
on Windows load, on login, on an event, as a scheduled task, etc. Did
you actually yet use msconfig.exe to look at the list of startup items?
If it is listed in msconfig then you need something more robust to list
all startup locations, like SysInternals' AutoRuns (where you can even
search on "msinfo" to find it is defined in the dozens and dozens of
startup locations).


I have checked through cc-cleaner. for what is loaded at startup.
C:\Program Files\COMODO\COMODO Internet Security\cstray.exe
is the only Comodo program 'loaded'.

other than apparently because MS thinks it a neat idea to run it.


Wrong. No version of Windows has ever had msinfo32.exe as a default
startup program.


Which is not the problem. The problem is, that when msinfo32 is
loaded and run, it hogs enough resources that for the next three to
five minutes, my computer is "closed for lunch". If lucky, I might
be able to get to the process msinfo32.exe before it is done and kill
it. Just as often, by the time I can do anything, the process has
closed and my computer is now "back from lunch" and ready to resume
working.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
  #28  
Old December 21st 17, 05:37 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

pyotr filipivich wrote:

VanguardLH on Wed, 20 Dec 2017 14:52:18 -0600 typed in
alt.windows7.general the following:
pyotr filipivich wrote:

there is nothing in the startup menus which I can determine starts
msinfo32.exe. Part of the problem is, I've yet to find out why
msinfo32.exe is being run _at all_,


The Start menu's Startup folder (under your profile and under the All
Users profile) is just one of *MANY* places to specify a program loads
on Windows load, on login, on an event, as a scheduled task, etc. Did
you actually yet use msconfig.exe to look at the list of startup items?
If it is listed in msconfig then you need something more robust to list
all startup locations, like SysInternals' AutoRuns (where you can even
search on "msinfo" to find it is defined in the dozens and dozens of
startup locations).


I have checked through cc-cleaner. for what is loaded at startup.
C:\Program Files\COMODO\COMODO Internet Security\cstray.exe
is the only Comodo program 'loaded'.


Okay, don't use the suggested tool that looks in ALL startup locations.
msconfig.exe only looks in a few places (the typical ones). CCleaner is
the same. AutoRuns checks everywhere known that startup programs can be
loaded. For example, there is a WinLogon registry entry that will run
startup programs when you login. There are file, folder, and other
objects in the registry than can have events assigned to them that can
load startup programs. msconfig.exe (and CCleaner) are rudimentary but
usually sufficient. When they are not sufficient, you need to use a
better tool.

other than apparently because MS thinks it a neat idea to run it.


Wrong. No version of Windows has ever had msinfo32.exe as a default
startup program.


Which is not the problem. The problem is, that when msinfo32 is
loaded and run, it hogs enough resources that for the next three to
five minutes, my computer is "closed for lunch". If lucky, I might
be able to get to the process msinfo32.exe before it is done and kill
it. Just as often, by the time I can do anything, the process has
closed and my computer is now "back from lunch" and ready to resume
working.


msinfo32 does not load, by default, upon Windows startup. 8 instances
of msinfo32.exe don't get loaded, by default. 1 instance shouldn't take
long but I've never tried to load 8 concurrent instances of it to see if
scanning by multiple instances will interfere with each other.

How fast msinfo32 collects the data depends on how fast it can scan. On
my current PC, it's just a second or two to complete the scanning. On
my older PC, it was a lot longer (don't remember how long but do
remember having to wait for it to complete its scan).

Why are you running 3 security programs (MalwareBytes
someproductNotMentioned, Comodo something, and Avast)? Are you
using MalwareBytes AntiMalware? If so, is it configured to cripple all
its on-access (real-time) features or is it the free version (after the
trial expires it cripples itself)? With Avast active, Malwarebytes
AntiMalware should only be used as a second-opinion on-demand (manual)
AV scanner. Did you include CAV (Comodo AntiVirus) in the Comodo
Internet suite? It's a limp AV, couldn't stand on its own, so Comodo
dumped it into their Internet suite to have it make use of the
heuristics monitor of their firewall program. Go into the Add/Remove
Programs entry for Comodo Internet and remove the CAV component. The
more programs you have scanning the same files they more they will
conflict with each other. In fact, I've seen where one AV was reading a
file that resulted in triggering another AV to scan the same file.
Since the 2nd AV scanned the file, the 1st AV saw the activity and
rescanned the same file. Within a couple minutes, the two AVs had
reread the same file over 4000 times. Disabling one AV (to use only as
an on-demand scanner) eliminated the conflict and the computer become
responsive again. The rule of thumb still applies: have only ONE
anti-virus active at a time.

Just as AVs can have false positives (goodware flagged as malware), it
can also have false negatives (missed malware). Did you scan your media
for where there are copies of msinfo32.exe and submit each to VirusTotal
as Paul suggested?

Another option is to use SysInternals' Process Explorer. It has an
option to check processes with VirusTotal. A column gets added named
VirusTotal. Process Explorer uses the VirusTotal API to submit checks
to the VirusTotal.com server. Go under Options - VirusTotal menu to
enable the option. I think Process Hacker also supports VirusTotal
checking but requires the OnlineChecks plugin; however, I think
VirusTotal is "integrated" in Process Hacker but only means you can
right-click on a process or a DLL in the modules tab to then submit the
item for checking at VirusTotal.

No idea which edition of Windows 7 that you have. Is it the Home or
Professional edition? With the Pro edition, you can define SRPs
(Software Restriction Policies) in the policy editor (which Microsoft
omits in the Home edition). With SRPs, you can, for example, block an
executable from loading. You define a Path rule to the file and anytime
anything tries to open that executable the SRP will block that
executable from getting loaded. However, since you mentioned Comodo but
that is a company name, not a product name. If you installed their
firewall (alone or in their Internet suite), you can define rules on
executables to prevent them from loading. I think it is part of their
HIPS (Host Intrusion Prevention System) aka heuristics aka behavior
monitoring.
  #29  
Old December 21st 17, 05:49 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

pyotr filipivich wrote:

Only thing in there was msinfo_cb44cdce828a88b917eda4bdb6ef70aac6c9122.nfo
size 14.2MB from this morning which had all the system info, but is
no longer there to be accessed. (My bad, I deleted it, and Recycle
Bin can neither restore or display the contents.)


NFO files are exports from msinfo32.exe. While msinfo32 itself might
run quickly (but depends on how fast is your hardware+software
platform), exporting its records to an .nfo file takes a LOT longer.
With 8 instances of it running concurrently and each dumping to an
output file its scan results, that could take a very long time during
which the CPU can be busy along with pushing a lot of bytes over the
data bus. Takes time to write those 14 megabytes, especially if doing
it 8 times.

Don't know what hardware and software you have that would result in a
14MB NFO file. Using File - Save on my PC resulted in a 1 MB file.
That yours is 14MB in size could mean you have a lot more to report,
that the file is somehow getting bloated, or maybe it is an aggregate
report from multiple exports from msinfo32. Somehow msinfo32 (if it is
the one provided by Microsoft in Windows) is getting abused.

Other than you manually running msinfo32.exe, the only other reason that
I can figure for some software to use it is for reporting information to
the author/owner of that other software. Maybe Comodo or something else
you use employs msinfo32.exe to report system information as part of
their troubleshooting report. If cmdagent.exe is part of a Comodo
program (the product name was not identified) and it is loading
msinfo32.exe then perhaps you enabled some error reporting or tracking
feature that keeps creating system reports (to supposed be sent to
Comodo now or sometime later).
  #30  
Old December 21st 17, 06:08 AM posted to alt.windows7.general
pyotr filipivich
external usenet poster
 
Posts: 752
Default Why does msinfo32.exe take 49.9% of resources and freeze the computer?

"J. P. Gilliver (John)" on Wed, 20 Dec 2017
22:46:14 +0000 typed in alt.windows7.general the following:


Sorry, my problem is that far too often, by the time I can "do"
anything - msinfo has completed its task and closed down.


Well, in that case, and since Mayayana has said (though not in these
words explicitly) it isn't needed for the computer to run, just - next
time you have control of the computer, i. e. "msinfo" ISN'T running -
rename it. (Make sure you find and rename ALL copies of it, too.) That
_should_ stop it ever running, since whatever's calling it will call
something that doesn't exist.

This doesn't explain why it's being called.

(It also doesn't explain why it's taking ages to run and using lots of
CPU when it does, when some here have said it ought to complete in a few
seconds. But rename them anyway.)

Also, when you're finding and renaming them, see if they're all the same
size/date/whatever; if one isn't, that's probably suspicious.


Thanks.

I had to reboot twice to get Windows to cooperate (it often fails
to update directories, so it thought it had six drives plugged in
which were not - three of which have names which it also didn't know;
device manage did not complete a scan for changes in hardware. Weasels
and Ferrets chasing each other through the underbrush, mass hysteria!)

Anyway, doing a "dir /s msinfo32.exe g:\textfile.txt" I have
the following results:

creation dates ---size - file name

C:\Windows\System32
06/12/2017 14:14 PM 379,392 msinfo32.exe
1 File(s) 379,392 bytes
C:\Windows\SysWOW64
06/12/2017 14:06 PM 303,616 msinfo32.exe
1 File(s) 303,616 bytes
C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b04 8a01806891
11/20/2010 19:23 PM 378,880 msinfo32.exe
1 File(s) 378,880 bytes
C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.23841_none_e4d106 ef1ab93db9
06/12/2017 14:14 PM 379,392 msinfo32.exe
1 File(s) 379,392 bytes
C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c461 04dd379
11/20/2010 19:23 PM 378,880 msinfo32.exe
1 File(s) 378,880 bytes
C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.23841_none_0a686eab2 986a8a1
06/12/2017 14:14 PM 379,392 msinfo32.exe
1 File(s) 379,392 bytes
C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_145716984 4ae9574
11/20/2010 19:24 PM 303,104 msinfo32.exe
1 File(s) 303,104 bytes
C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.23841_none_14bd18fd5 de76a9c
06/12/2017 14:06 PM 303,616 msinfo32.exe
1 File(s) 303,616 bytes
C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_884c69 064922f75b
11/20/2010 19:24 PM 303,104 msinfo32.exe
1 File(s) 303,104 bytes
Directory of
C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.23841_none_88b26b 6b625bcc83
06/12/2017 14:06 PM 303,616 msinfo32.exe
1 File(s) 303,616 bytes

that's ten files for those keeping score at home.

Looking at the times and dates - I think "has it been that long
since I got this? Wait, didn't I get this after I got back in 2011?
Nope - 2014, refurbished, through Walmart.

Anwya -there they are listed,Tomorrow I may attempt to do battle
with gaining control of my computer so that I can change their names.
Everything takes longer than expected.


I have forgotten what I originally intended to have included in
the reply.


--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 12:06 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.