[Waverley ARS] I suspect a computer virus

Adam Carmichael carneeki at carneeki.net
Wed Sep 9 08:09:21 UTC 2009 

Hi Simon, Henrik and the rest of the list,

Have you tried Process Explorer from SysInternals (now owned by Microsoft).

This tool is like Task Manager on steroids. It will show you processes
and threads and sort them. It will also show you which files processes
have open (particularly handy if you're trying to delete a file such as
a DLL that a virus might have open), and a whole swag of other things.

Full info here:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Additionally, SysInternals have a bunch of utilities for managing
processors from the command line. Say you need to kill two processes
simultaneously; a lot of viruses these days run two processes, one is a
watchdog so that if the main virus dies, the watchdog restarts it (and
the main virus also ensures the watchdog stays running). PSKill lets you
enter multiple PIDs (Process IDs) to kill them simultaneously. Kill the
watchdog and the virus in one command :)

Best Regards,

Adam

Simon Buxton wrote:
> Hi Henrik
>
> The use of Task Manager should show what processes and applications are 
> making heavy use of the computer (Cntrl + Alt + Delete to bring up), 
> though it is not good at identifying if disk access is excessive or 
> slow. Also Net-meter (small download) is good  at identifying  the level 
> of traffic in/out of the computer. I believe many "viruses" these days 
> are "bots" used to generate spam rather than trying to muck up your 
> machine - these can slow your machine and internet connection and do not 
> show up in stats with a good ISP that doesn't count uploads in usage.
>
> As a general comment I think older machines do run slower as most 
> applications and web sites these days are more complex than when the 
> machine was new. Another legitimate hidden task might be having an 
> automatic update of the OS from Microsoft. I have also found that if you 
> update an early version of XP after running the machine for some years 
> it can have unexpected problems - better to reload the original OS and 
> bring it up to date before loading applications. 
>
> 73 Simon
>
> Henrik Stenstrom wrote:
>   
>> Gents,
>>
>> I'm beginning to suspect that a computer virus is doing its dastardly
>> thing on our home PC. The unit in question is a Dell about 5 years old
>> running Windows XP and is used almost exclusively for internet/email and
>> other light duties.  Other details such as processor, RAM etc I can only
>> give after checking this evening.
>>
>> Symptoms
>>
>> The PC is seems to be running very slowly as if there are other programs
>> running in the background with higher priority.
>>
>> Internet Explorer fails from time to time due to "runtime" errors
>>
>> System requests from time to time to increase virtual memory levels
>>
>>
>> Attempts to Resolve
>>
>> We have up to date Symantec Antivirus software installed.  Full system
>> scans do not show up any problem.
>>
>> A recent Windows online update showed some initial improvement.
>>
>> Increasing virtual memory levels is inconclusive.
>>
>> Our ADSL connection might not be the fastest in Sydney but I don't
>> believe this is the underlying problem.
>>
>>
>> So, where to start?  Can anyone recommend if further anti
>> spyware/malware detection is required?  If so, any recommendations as to
>> what?  What else to check?  IS the windows task manager any use in
>> checking for other programs that are running?
>>
>> Many thanks in advance for all or any help in resolving this aggravating
>> situation,
>>
>> Henrik - VK2HHS
>>
>>   
>>     
> _______________________________________________
> Members mailing list
> Members at us.cactii.net
> http://us.cactii.net/cgi-bin/mailman/listinfo/members
>   


-- 
Adam "carneeki" Carmichael - VK2JSI, ex VK2FNRD
p: +61 415 37 1990
w: http://bigneek.com (personal); http://carneeki.net (business)
e: carneeki at carneeki.net
i: 2207644

More information about the Members mailing list