23 total posts
Why run terminal services? Why keep Gator?
I don't even know what they are or how to get rid of them
The only problem with the items I marked down was the report did not even appear till after the processor unlocked for a few minuets so I am not certain if all the correct processes are listed.
If there are listings such as the ones you mentioned, how do I disable and get rid of them? I looked at the site via your link and I am not sure if I understand what to do from here unless I buy their WinTasks 5 pro program .
Should I run the scan the site suggests?
I am all ears for suggestions, thanks.
No need to purchase anything...
In short, you've been infected by adware/spyware, at the very least by a malware package from a company by the name Gator. At this point your first step is to run the scans, including your antivirus and antispyware. Some suggestions, all of which are free, include AVG antivirus, Avast antivirus, Ewido anti-malware, Spybot S&D, AdAware, and Windows Defender. You can find all of those easily by using Google or the search engine of your choice. Run them and remove what they find, starting with Ewido.
Now, unless you're using Terminal Services for some reason you can disable it by going Start->Run, typing in msconfig, and unchecking Terminal Services under the Services tab. Depending on your setup there are other services you can safely (and even advisably) disable, but we can go into that if you wish after we clear up the malware problem.
Spybot and Adaware were clear
I do not know how this computer got infected in 36 hours but I will do as you suggest and report back as to my progress.
Avg and Kaspersky scans were all clear as well and the Gain infection should not be able to report back with Zonealarm running but I will check into everything I can. Thanks for your help and I will be back
When I saw dmserver I thought of the process dmserver.exe, which is adware/spyware. That is actually a reference to dmserver.dll, which is the Logical Disk Manager service, a part of Windows and completely normal. I apologize for the confusion.
This may not help, but when it happens open Task Manager and sort the processes by name, then write down which svchost.exe is the offender (the number in order listed) and the amount memory it is using.
Aside from that, you are running the Wireless Zero service and have networking software installed. Try disconnecting from the wireless network and then disabling that service as well as Windows Time (Start->Run->MSConfig). One of those may prove to be the culprit.
The results of my followup are
Did a Bit defender free scan and it found no problems and the Ewido scan only found 8 med risk cookies in total.
Did another AdAware, Spybot and a Kapersky free scan and all came up as OK.
I checked in the msconfig/services and there is no service listed that says terminal . There are several services listed which will take a while to write out for your inspection so perhaps an email would be better for this.
I am not sure what is going on but the problems the "Tasklist /SVC" command brought up don't seem to be here.
I noticed that Firefox was also taking a lot of CPU use as well and stopped using it in favour of Internet Explorer and so far the percentage is quite a bit less. The svchost.exe problem has disappeared for now but will likely re-appear when I reboot which I will do right after I send this note.
Gator, terminal services are stopped now?
I'd take the pre-emptive strike at these since they are known issues and entry points for malware.
Where do I go to find out if these things are still going
Can you steer me in the direction of finding out more of these known issues and how to dispense with them?
Terminal services is now listed where I could not find
it before. If I take the check mark out of the box beside it do I reboot to make the terminal services from running?
I stop it, then I set it to disabled.
On google.com you could type XP SERVICES and see if a tutorial is out there.
I'll check in tomorrow or in about 1/2 a day.
*start/run/msconfig/services tab* gives you a different screen than *start/run/services.msc* and the confusion I was having about turning off or even seeing all the services and in particular the *terminal* service. I was using the first one which is quite small and it does not seem to include all services and seems to change and does not give you the options of auto/manual/disable and only has boxes with or without check-marks in them to the left of each service. Now that I have gone to XP services on google as suggested I have learned of the second method and it explains my confusion at least to myself.
I now have terminal services set to disable.
Terminal Services are now stopped
I rebooted after removing the check mark from terminal services
I am trying to understand the "Hijack This" info you linked me to and will try it as soon as soon as I can.
I am going to go for now though being as it is 2:20 am here and I do need some rest so I can think.
Thanks for all the help everyone
I will be back.
re ..Hijack This
I followed the instructions regarding setting up and running *Hijack This* ran my scan went to and got registered at Castlecorps and am now lost as I have no idea where to go on their site to post my scan. I find the site very confusing and finally gave up.
My Hijack scan actually looks pretty plain and nothing jumps out at me as being a threat but I have no experience in this department so who knows.
How does one post your scan once registered at castlecorps, is there an obvious way that escaped me?
Update with this 100% cpu lockup/svchost problem seems to have gone away again at least for now.
For some reason not using Firefox has freed-up cpu resources quite a lot as well, any idea why. Internet Explorer appears to use less cpu and ram to operate than firefox and I wonder is this unusual?
stuck in Hijacks site (Castlecorps)
I have been bouncing around in that web site for 30 min plus twice now and can not find a New Posting button. I end up with about 5 or more similar windows open and seem to get in a big loop trying to find and read these non existent instructions
I did see a repeated reference about completing a MRP first and I can't find what that is either.
I get so frustrated I have to quit. I will see if I can find another site to post to with my report.
It's the "NewTopic" button...
Under the title of the forum but above the beginning of the list of threads/discussions you'll find a "NewTopic" button. Alternatively, click here to log in and create a new thread.
You can also send the log to me if you wish...click here and then click the "E-mail this User" button. Just copy and paste the text of the log...hopefully it won't exceed the 6,000 character limit set on PMs.
thanks John...I did see the new topic button
But I thought it was for discussion of matters related to problems found.
I took advantage of your offer and sent the HIJACK THIS log to your email address and as you can tell is not very large.
I provided my email address for your convenience but posting back here would be good as well, which ever you prefer.
Thanks for the assist.
It looks fine to me...
You can still post to CastleCops if you like but I don't see anything sticking out in the log file. Since the scans and HJT were clean a malware infection is unlikely.
Timidly I state '' problem seems to have disappeared ''
With all of the scans, the disabling of the terminal services and many reboots the problem appears to have disappeared again.
This Gain malware that showed up is now gone as far as I can tell, so while touching wood I am saying that maybe the computer is now hopefully repaired.
I think that while the multiple scans did not show a problem they may have found and disposed of it with out notification. (Is this a possibility Robert?)
So thanks to Robert, John and Mark for all of your help and with any luck no one will ever hear from me again.
I will test this unit a little longer before returning it to my friend and with some very strong suggestions and advice to be followed if she ever wants me to ever look at it again. I have decided I will not assist someone who is bound to expose themselves to infection. I am getting mean as this is a lot of work which started as a small favour.
Just back and caught up on the saga.
I know what you mean. "I have this small problem with my PC" often burns up 1/2 a day.
(NT) Glad you got it sorted m8