If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
VanguardLH on Tue, 19 Dec 2017 16:44:50 -0600 typed in
alt.windows7.general the following: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
Ads |
#17
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
"pyotr filipivich" wrote
| Sorry, my problem is that far too often, by the time I can "do" | anything - msinfo has completed its task and closed down. If it were me I'd start by checking Autoruns and the enabled services. If there's nothing obvious then check Process Explorer when msinfo runs to see if you can figure out the parent process, or at least what else is running. Failing that, move or delete msinfo. I don't think it's a particularly valuable program. It just uses WMI to collect system info. You can do that yourself with a script, or with a free system info program. On my XP systems it won't run anyway because I always disable Windows File Protection and that takes the whole help system with it. Msinfo32 is another casualty. I've never missed it. |
#18
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
pyotr filipivich wrote:
VanguardLH: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. That won't affect that it is either a startup program (so use the tools mentioned to find it) or malware (so do a scan using something better than what Microsoft dumps in Windows). Is there a reason you won't check the startup programs or do an AV scan? |
#19
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
"Mayayana" on Tue, 19 Dec 2017 22:29:42
-0500 typed in alt.windows7.general the following: "pyotr filipivich" wrote | Sorry, my problem is that far too often, by the time I can "do" | anything - msinfo has completed its task and closed down. If it were me I'd start by checking Autoruns and the enabled services. If there's nothing obvious then check Process Explorer when msinfo runs to see if you can figure out the parent process, or at least what else is running. Failing that, move or delete msinfo. I don't think it's a particularly valuable program. It just uses WMI to collect system info. You can do that yourself with a script, or with a free system info program. On my XP systems it won't run anyway because I always disable Windows File Protection and that takes the whole help system with it. Msinfo32 is another casualty. I've never missed it. There is so much in Windows which is "just so cool" if you hack Windows, but not if you intend to just use the computer for other work. grumble grouch -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#20
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in
alt.windows7.general the following: pyotr filipivich wrote: VanguardLH: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. That won't affect that it is either a startup program (so use the tools mentioned to find it) or malware (so do a scan using something better than what Microsoft dumps in Windows). Is there a reason you won't check the startup programs or do an AV scan? the AV scans say I'm good (malwarebites, avast, comodo) there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, other than apparently because MS thinks it a neat idea to run it. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#21
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze thecomputer?
pyotr filipivich wrote:
VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in alt.windows7.general the following: pyotr filipivich wrote: VanguardLH: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. That won't affect that it is either a startup program (so use the tools mentioned to find it) or malware (so do a scan using something better than what Microsoft dumps in Windows). Is there a reason you won't check the startup programs or do an AV scan? the AV scans say I'm good (malwarebites, avast, comodo) there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, other than apparently because MS thinks it a neat idea to run it. Why do you assume Microsoft is doing this ? You do realize that a *lot* of Windows malfunctions are caused by third parties, not Microsoft. I've still not seen your analysis of what is actually running. Is it *really* a copy of msinfo32.exe from the System folder ? Or is it a third party program with that name, running from your Downloads folder ? If there is a rootkit present on your machine (3% of malware uses rootkits), then they can change the *appearance* of virtually any file. They can be running a copy of msinfo32 which does not have the same byte content as the copy on the disk drive. You can upload the file to virustotal, and it will scan clean, because it isn't actually the file that is currently running on the computer. So there will be some cases, where you will be confused by what owns the machine, and will never get a clear picture of the situation. If you boot a Linux LiveCD, that allows an offline analysis of the disk content. If you find a copy of msinfo32.exe then, the rootkit is not actively modifying it. But at shutdown, the rootkit can leave things in a state, so there are "few tracks" left of what it has done. Some malware, stores content outside of data clusters, up in the last fraction of 8MB of the partition. This is not officially part of the file system, and a great place to store things. One of the reasons I've zeroed entire drives, before doing an OS restore, is so that the end of the partition will be clean, and a canary indication of trouble if it ends up dirty again. Example of a tool for rootkits. https://support.kaspersky.com/viruses/solutions/5353 The TDSS rootkit modifies the atapi.sys file, and changes some stuff on the fly. So it modifies some things in such a way, that *your* attempts to scan it while the OS runs, always reveal a clean copy, while the copy the OS is using, is infected. https://en.wikipedia.org/wiki/Alureon It's highly unlikely this is running on your machine... but the howls of grief when Microsoft pushed out a change to atapi.sys, indicates that there are people out there with active copies of that running on the computer. The incidence is not zero. And even if they put some guys in jail, others will continue using the vector. Summary: It could be a totally naive instance, of eight copies of an obscure utility deciding to "run on their own". But this ignores the other extreme possibilities, of what it might be. I'm not a malware expert, but I've read enough discouraging reports to never discount any possibility when it comes to computer malfunctions. Keep an open mind while you work on this. What you're seeing is not normal. When you see processes doing a lot of work on the computer, watch your hard drive LED. If the processes are doing a lot of reads and writes, that could be ransomware. If it is Ransomware, your files will magically end up with new file extensions... "When first released, the extension used for encrypted files was .Locky. Other versions utilized the .zepto, .odin, .****, .thor, .aesir, and .zzzzz extensions for encrypted files. The current version, released in December 2016, utilizes the .osiris extension for encrypted files." I first looked up that article, when someone in the other groups, started seeing ".osiris" extensions on his files. And by then, it was too late. It took *months* to undo the damage, reinstall OSes and so on. The individual did not have complete system backups, just a few copies of his Downloads folder. Paul |
#22
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
pyotr filipivich wrote:
there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, The Start menu's Startup folder (under your profile and under the All Users profile) is just one of *MANY* places to specify a program loads on Windows load, on login, on an event, as a scheduled task, etc. Did you actually yet use msconfig.exe to look at the list of startup items? If it is listed in msconfig then you need something more robust to list all startup locations, like SysInternals' AutoRuns (where you can even search on "msinfo" to find it is defined in the dozens and dozens of startup locations). other than apparently because MS thinks it a neat idea to run it. Wrong. No version of Windows has ever had msinfo32.exe as a default startup program. |
#23
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
Paul on Wed, 20 Dec 2017 14:23:13 -0500 typed
in alt.windows7.general the following: pyotr filipivich wrote: VanguardLH on Tue, 19 Dec 2017 22:12:00 -0600 typed in alt.windows7.general the following: pyotr filipivich wrote: VanguardLH: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. That won't affect that it is either a startup program (so use the tools mentioned to find it) or malware (so do a scan using something better than what Microsoft dumps in Windows). Is there a reason you won't check the startup programs or do an AV scan? the AV scans say I'm good (malwarebites, avast, comodo) there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, other than apparently because MS thinks it a neat idea to run it. Why do you assume Microsoft is doing this ? I have to start somewhere. You do realize that a *lot* of Windows malfunctions are caused by third parties, not Microsoft. This is true too. But MS has done enough over the years to make me miss command lines and directory trees. I've still not seen your analysis of what is actually running. Is it *really* a copy of msinfo32.exe from the System folder ? Or is it a third party program with that name, running from your Downloads folder ? Downloads is empty. I keep it hat way mostly. Have other places where I pre-sort things I download. Using Process Hacker - msinfo32 is not running now. From prior experience, msinfo32.exe is/was apparently called by cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet Security" cmdagent ( was started one hour and seven minutes ago (when I rebooted the computer)) by "services.exe" (from windows\system32). Services is called by wininit.exe, also in system32. If there is a rootkit present on your machine (3% of malware uses rootkits), then they can change the *appearance* of virtually any file. They can be running a copy of msinfo32 which does not have the same byte content as the copy on the disk drive. You can upload the file to virustotal, and it will scan clean, because it isn't actually the file that is currently running on the computer. So there will be some cases, where you will be confused by what owns the machine, and will never get a clear picture of the situation. If you boot a Linux LiveCD, that allows an offline analysis of the disk content. If you find a copy of msinfo32.exe then, the rootkit is not actively modifying it. But at shutdown, the rootkit can leave things in a state, so there are "few tracks" left of what it has done. Some malware, stores content outside of data clusters, up in the last fraction of 8MB of the partition. This is not officially part of the file system, and a great place to store things. One of the reasons I've zeroed entire drives, before doing an OS restore, is so that the end of the partition will be clean, and a canary indication of trouble if it ends up dirty again. Clever. I shall make a note of that. Example of a tool for rootkits. https://support.kaspersky.com/viruses/solutions/5353 The TDSS rootkit modifies the atapi.sys file, and changes some stuff on the fly. So it modifies some things in such a way, that *your* attempts to scan it while the OS runs, always reveal a clean copy, while the copy the OS is using, is infected. https://en.wikipedia.org/wiki/Alureon It's highly unlikely this is running on your machine... but the howls of grief when Microsoft pushed out a change to atapi.sys, indicates that there are people out there with active copies of that running on the computer. The incidence is not zero. And even if they put some guys in jail, others will continue using the vector. Summary: It could be a totally naive instance, of eight copies of an obscure utility deciding to "run on their own". But this ignores the other extreme possibilities, of what it might be. I'm not a malware expert, but I've read enough discouraging reports to never discount any possibility when it comes to computer malfunctions. Keep an open mind while you work on this. What you're seeing is not normal. From what I've been able to sus out - msinfo gets run "to gather information about your computer, to diagnose issues with your computer, or to access other tools" When you see processes doing a lot of work on the computer, watch your hard drive LED. If the processes are doing a lot of reads and writes, that could be ransomware. If it is Ransomware, your files will magically end up with new file extensions... "When first released, the extension used for encrypted files was .Locky. Other versions utilized the .zepto, .odin, .****, .thor, .aesir, and .zzzzz extensions for encrypted files. The current version, released in December 2016, utilizes the .osiris extension for encrypted files." I first looked up that article, when someone in the other groups, started seeing ".osiris" extensions on his files. And by then, it was too late. It took *months* to undo the damage, reinstall OSes and so on. The individual did not have complete system backups, just a few copies of his Downloads folder. Thanks. Paul -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#24
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
In message , pyotr
filipivich writes: VanguardLH on Tue, 19 Dec 2017 16:44:50 -0600 typed in alt.windows7.general the following: pyotr filipivich wrote: I am not starting msinfgo32.exe something else is, and I have no idea what it is. So follow the instructions already provided to you on how to investigate and find startup items. We're not there. You'll have to do the work. You'll have to find the startup item that loads msinfo32.exe and delete or disable it. Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. Well, in that case, and since Mayayana has said (though not in these words explicitly) it isn't needed for the computer to run, just - next time you have control of the computer, i. e. "msinfo" ISN'T running - rename it. (Make sure you find and rename ALL copies of it, too.) That _should_ stop it ever running, since whatever's calling it will call something that doesn't exist. This doesn't explain why it's being called. (It also doesn't explain why it's taking ages to run and using lots of CPU when it does, when some here have said it ought to complete in a few seconds. But rename them anyway.) Also, when you're finding and renaming them, see if they're all the same size/date/whatever; if one isn't, that's probably suspicious. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Radio 4 is the civilising influence in this country ... I think it is the most important institution in this country. - John Humphrys, Radio Times 7-13/06/2003 |
#25
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze thecomputer?
pyotr filipivich wrote:
From prior experience, msinfo32.exe is/was apparently called by cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet Security" cmdagent ( was started one hour and seven minutes ago (when I rebooted the computer)) by "services.exe" (from windows\system32). Services is called by wininit.exe, also in system32. I see one reference in Google to this. Is this real ? Have a look through your Comodo folders for artifacts. C:\ProgramData\Comodo\Cis\telemetry\msinfo32 Paul |
#26
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
Paul on Wed, 20 Dec 2017 18:31:05 -0500 typed
in alt.windows7.general the following: pyotr filipivich wrote: From prior experience, msinfo32.exe is/was apparently called by cmdagent.exe , from "C:\Program Files\COMODO\COMODO Internet Security" cmdagent ( was started one hour and seven minutes ago (when I rebooted the computer)) by "services.exe" (from windows\system32). Services is called by wininit.exe, also in system32. I see one reference in Google to this. Is this real ? What is real? That cmdagent.exe is called by services.exe? or that services.exe is called by wininit.exe? Have a look through your Comodo folders for artifacts. C:\ProgramData\Comodo\Cis\telemetry\msinfo32 Only thing in there was msinfo_cb44cdce828a88b917eda4bdb6ef70aac6c9122.nfo size 14.2MB from this morning which had all the system info, but is no longer there to be accessed. (My bad, I deleted it, and Recycle Bin can neither restore or display the contents.) Paul -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#27
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
VanguardLH on Wed, 20 Dec 2017 14:52:18 -0600 typed in
alt.windows7.general the following: pyotr filipivich wrote: there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, The Start menu's Startup folder (under your profile and under the All Users profile) is just one of *MANY* places to specify a program loads on Windows load, on login, on an event, as a scheduled task, etc. Did you actually yet use msconfig.exe to look at the list of startup items? If it is listed in msconfig then you need something more robust to list all startup locations, like SysInternals' AutoRuns (where you can even search on "msinfo" to find it is defined in the dozens and dozens of startup locations). I have checked through cc-cleaner. for what is loaded at startup. C:\Program Files\COMODO\COMODO Internet Security\cstray.exe is the only Comodo program 'loaded'. other than apparently because MS thinks it a neat idea to run it. Wrong. No version of Windows has ever had msinfo32.exe as a default startup program. Which is not the problem. The problem is, that when msinfo32 is loaded and run, it hogs enough resources that for the next three to five minutes, my computer is "closed for lunch". If lucky, I might be able to get to the process msinfo32.exe before it is done and kill it. Just as often, by the time I can do anything, the process has closed and my computer is now "back from lunch" and ready to resume working. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#28
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
pyotr filipivich wrote:
VanguardLH on Wed, 20 Dec 2017 14:52:18 -0600 typed in alt.windows7.general the following: pyotr filipivich wrote: there is nothing in the startup menus which I can determine starts msinfo32.exe. Part of the problem is, I've yet to find out why msinfo32.exe is being run _at all_, The Start menu's Startup folder (under your profile and under the All Users profile) is just one of *MANY* places to specify a program loads on Windows load, on login, on an event, as a scheduled task, etc. Did you actually yet use msconfig.exe to look at the list of startup items? If it is listed in msconfig then you need something more robust to list all startup locations, like SysInternals' AutoRuns (where you can even search on "msinfo" to find it is defined in the dozens and dozens of startup locations). I have checked through cc-cleaner. for what is loaded at startup. C:\Program Files\COMODO\COMODO Internet Security\cstray.exe is the only Comodo program 'loaded'. Okay, don't use the suggested tool that looks in ALL startup locations. msconfig.exe only looks in a few places (the typical ones). CCleaner is the same. AutoRuns checks everywhere known that startup programs can be loaded. For example, there is a WinLogon registry entry that will run startup programs when you login. There are file, folder, and other objects in the registry than can have events assigned to them that can load startup programs. msconfig.exe (and CCleaner) are rudimentary but usually sufficient. When they are not sufficient, you need to use a better tool. other than apparently because MS thinks it a neat idea to run it. Wrong. No version of Windows has ever had msinfo32.exe as a default startup program. Which is not the problem. The problem is, that when msinfo32 is loaded and run, it hogs enough resources that for the next three to five minutes, my computer is "closed for lunch". If lucky, I might be able to get to the process msinfo32.exe before it is done and kill it. Just as often, by the time I can do anything, the process has closed and my computer is now "back from lunch" and ready to resume working. msinfo32 does not load, by default, upon Windows startup. 8 instances of msinfo32.exe don't get loaded, by default. 1 instance shouldn't take long but I've never tried to load 8 concurrent instances of it to see if scanning by multiple instances will interfere with each other. How fast msinfo32 collects the data depends on how fast it can scan. On my current PC, it's just a second or two to complete the scanning. On my older PC, it was a lot longer (don't remember how long but do remember having to wait for it to complete its scan). Why are you running 3 security programs (MalwareBytes someproductNotMentioned, Comodo something, and Avast)? Are you using MalwareBytes AntiMalware? If so, is it configured to cripple all its on-access (real-time) features or is it the free version (after the trial expires it cripples itself)? With Avast active, Malwarebytes AntiMalware should only be used as a second-opinion on-demand (manual) AV scanner. Did you include CAV (Comodo AntiVirus) in the Comodo Internet suite? It's a limp AV, couldn't stand on its own, so Comodo dumped it into their Internet suite to have it make use of the heuristics monitor of their firewall program. Go into the Add/Remove Programs entry for Comodo Internet and remove the CAV component. The more programs you have scanning the same files they more they will conflict with each other. In fact, I've seen where one AV was reading a file that resulted in triggering another AV to scan the same file. Since the 2nd AV scanned the file, the 1st AV saw the activity and rescanned the same file. Within a couple minutes, the two AVs had reread the same file over 4000 times. Disabling one AV (to use only as an on-demand scanner) eliminated the conflict and the computer become responsive again. The rule of thumb still applies: have only ONE anti-virus active at a time. Just as AVs can have false positives (goodware flagged as malware), it can also have false negatives (missed malware). Did you scan your media for where there are copies of msinfo32.exe and submit each to VirusTotal as Paul suggested? Another option is to use SysInternals' Process Explorer. It has an option to check processes with VirusTotal. A column gets added named VirusTotal. Process Explorer uses the VirusTotal API to submit checks to the VirusTotal.com server. Go under Options - VirusTotal menu to enable the option. I think Process Hacker also supports VirusTotal checking but requires the OnlineChecks plugin; however, I think VirusTotal is "integrated" in Process Hacker but only means you can right-click on a process or a DLL in the modules tab to then submit the item for checking at VirusTotal. No idea which edition of Windows 7 that you have. Is it the Home or Professional edition? With the Pro edition, you can define SRPs (Software Restriction Policies) in the policy editor (which Microsoft omits in the Home edition). With SRPs, you can, for example, block an executable from loading. You define a Path rule to the file and anytime anything tries to open that executable the SRP will block that executable from getting loaded. However, since you mentioned Comodo but that is a company name, not a product name. If you installed their firewall (alone or in their Internet suite), you can define rules on executables to prevent them from loading. I think it is part of their HIPS (Host Intrusion Prevention System) aka heuristics aka behavior monitoring. |
#29
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
pyotr filipivich wrote:
Only thing in there was msinfo_cb44cdce828a88b917eda4bdb6ef70aac6c9122.nfo size 14.2MB from this morning which had all the system info, but is no longer there to be accessed. (My bad, I deleted it, and Recycle Bin can neither restore or display the contents.) NFO files are exports from msinfo32.exe. While msinfo32 itself might run quickly (but depends on how fast is your hardware+software platform), exporting its records to an .nfo file takes a LOT longer. With 8 instances of it running concurrently and each dumping to an output file its scan results, that could take a very long time during which the CPU can be busy along with pushing a lot of bytes over the data bus. Takes time to write those 14 megabytes, especially if doing it 8 times. Don't know what hardware and software you have that would result in a 14MB NFO file. Using File - Save on my PC resulted in a 1 MB file. That yours is 14MB in size could mean you have a lot more to report, that the file is somehow getting bloated, or maybe it is an aggregate report from multiple exports from msinfo32. Somehow msinfo32 (if it is the one provided by Microsoft in Windows) is getting abused. Other than you manually running msinfo32.exe, the only other reason that I can figure for some software to use it is for reporting information to the author/owner of that other software. Maybe Comodo or something else you use employs msinfo32.exe to report system information as part of their troubleshooting report. If cmdagent.exe is part of a Comodo program (the product name was not identified) and it is loading msinfo32.exe then perhaps you enabled some error reporting or tracking feature that keeps creating system reports (to supposed be sent to Comodo now or sometime later). |
#30
|
|||
|
|||
Why does msinfo32.exe take 49.9% of resources and freeze the computer?
"J. P. Gilliver (John)" on Wed, 20 Dec 2017
22:46:14 +0000 typed in alt.windows7.general the following: Sorry, my problem is that far too often, by the time I can "do" anything - msinfo has completed its task and closed down. Well, in that case, and since Mayayana has said (though not in these words explicitly) it isn't needed for the computer to run, just - next time you have control of the computer, i. e. "msinfo" ISN'T running - rename it. (Make sure you find and rename ALL copies of it, too.) That _should_ stop it ever running, since whatever's calling it will call something that doesn't exist. This doesn't explain why it's being called. (It also doesn't explain why it's taking ages to run and using lots of CPU when it does, when some here have said it ought to complete in a few seconds. But rename them anyway.) Also, when you're finding and renaming them, see if they're all the same size/date/whatever; if one isn't, that's probably suspicious. Thanks. I had to reboot twice to get Windows to cooperate (it often fails to update directories, so it thought it had six drives plugged in which were not - three of which have names which it also didn't know; device manage did not complete a scan for changes in hardware. Weasels and Ferrets chasing each other through the underbrush, mass hysteria!) Anyway, doing a "dir /s msinfo32.exe g:\textfile.txt" I have the following results: creation dates ---size - file name C:\Windows\System32 06/12/2017 14:14 PM 379,392 msinfo32.exe 1 File(s) 379,392 bytes C:\Windows\SysWOW64 06/12/2017 14:06 PM 303,616 msinfo32.exe 1 File(s) 303,616 bytes C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b04 8a01806891 11/20/2010 19:23 PM 378,880 msinfo32.exe 1 File(s) 378,880 bytes C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.23841_none_e4d106 ef1ab93db9 06/12/2017 14:14 PM 379,392 msinfo32.exe 1 File(s) 379,392 bytes C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c461 04dd379 11/20/2010 19:23 PM 378,880 msinfo32.exe 1 File(s) 378,880 bytes C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.23841_none_0a686eab2 986a8a1 06/12/2017 14:14 PM 379,392 msinfo32.exe 1 File(s) 379,392 bytes C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_145716984 4ae9574 11/20/2010 19:24 PM 303,104 msinfo32.exe 1 File(s) 303,104 bytes C:\Windows\winsxs\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.23841_none_14bd18fd5 de76a9c 06/12/2017 14:06 PM 303,616 msinfo32.exe 1 File(s) 303,616 bytes C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_884c69 064922f75b 11/20/2010 19:24 PM 303,104 msinfo32.exe 1 File(s) 303,104 bytes Directory of C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.23841_none_88b26b 6b625bcc83 06/12/2017 14:06 PM 303,616 msinfo32.exe 1 File(s) 303,616 bytes that's ten files for those keeping score at home. Looking at the times and dates - I think "has it been that long since I got this? Wait, didn't I get this after I got back in 2011? Nope - 2014, refurbished, through Walmart. Anwya -there they are listed,Tomorrow I may attempt to do battle with gaining control of my computer so that I can change their names. Everything takes longer than expected. I have forgotten what I originally intended to have included in the reply. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|