If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#46
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
Ads |
#47
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#48
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#49
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#50
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#51
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#52
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"
Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#53
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#54
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"
Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#55
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way? Rocky "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: snip |
#56
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354
Thanks - I'll look into these possibilities! -- #################### ## PH, London #################### "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#57
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354
Thanks - I'll look into these possibilities! -- #################### ## PH, London #################### "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#58
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354
Thanks - I'll look into these possibilities! -- #################### ## PH, London #################### "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#59
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354
Thanks - I'll look into these possibilities! -- #################### ## PH, London #################### "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
#60
|
|||
|
|||
SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)
Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354
Thanks - I'll look into these possibilities! -- #################### ## PH, London #################### "cquirke (MVP Win9x)" wrote in message ... On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy" Thanks, Carey. I'm very grateful for the suggestion, but it didn't work. The machine has XP Home with SP1 (I should have specified this) and the patch is apparently pre-SP1 (an error-message said it could only be applied if no SPs were already there. Two things come to mind: 1) There are new (April 2004) patches involving LSASS and DCOM Seek and apply these - in case what is happening is an exploit of the newly-announced holes involving these things. 2) Malware use of SVCHost Malware can either use the "real" SVCHost to shell themselves (so that firewalls set to allow the "real" SVCHost allows the malware too) or can drop thier own "SVCHost" files that are running. CoolWebSearch is a common, frequently-updated commercial malware that exploits a wide range of holes and attack methods, often including SVCHost. There's a web site and utility dedicated to killing CWS; Google for it (merjin) and check it out - they document the variations and evolve the killer tool to manage the matest ones. As usual, I'd start with a formal virus check to exclude traditional malware, then drill down to commercial malware through Windows using AdAware, Spybot, and the dedicated CWS killer. -------------------- ----- ---- --- -- - - - - Running Windows-based av to kill active malware is like striking a match to see if what you are standing in is water or petrol. -------------------- ----- ---- --- -- - - - - |
Thread Tools | |
Display Modes | |
|
|