Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have a problem in W2K w/SP4.
I have 2 services.exe running in task mng and one is running at 99% of CPU.
I have runned AdAware, SpyBot, CWShredder, and have real time protection with Symantech's Antivirus.
The only file that I can't remove is AoLEDIT.dll and AoLEDIT.cpy.dll which seems to be causing some popous to come up.
I stopped all the ones I can, but one of the services.exe remains at 99%.
The following did not give option to stop or pause:
Application Management
Event Log
Plug and Play
Remote Procedure Call(RPC)
Security Accounts Manager
The following gave error message saying that it could not be stopped:
Remote Access Connection Manager
Telephony
Windows Management Instumentation Driver Extensions
WorkstationWhat next?
Thanks,
KECK
One of those two SERVICES.exe is an interloper. I believe you're wasting your time stopping Windows services. The valid services.exe is the Service Manager, which lists the services you've been stopping.
Look in Computer Management/System Information/Software Environment/Running Tasks you'll see the two services.exe - the correct one will be in WINNT\SYSTEM32.
The problem now is to kill and delete the other one. I don't think Windows will allow you to kill the dud one, because it'll recognise the name.
Command Line Process Viewer/Killer/Suspender might be of use here. A search through the registry for services.exe and a look at the Programs/Startup folder might bear fruit too.
0 
All the programs I mentioned are up to date.
One additional info I came to find out.While the CPU usage remais at 99% as long as I have the internet connection off I have noproblems running other programs.
From the moment I connect to internet it takes about 3-5minutes to slow down the computer that I have to shut the power to turn it off.
Any suggestions?
P.S. If I want to kill a services.exe how do I get to the command prompt in W2000?
0
I think you have a NETSKY worm variant. Just 15 minutes ago I viewed an email and my Etrust antivirus popped up a message that it had detected NETSKYP worm. While checking it out via Google, I found that several variants of this worm run as SERVICES.exe. I hope you have an up-to-date antivirus running.
Enter cmd in the RUN box to get a command prompt. Look for services.exe in WINNT folder. The valid one's in WINNT\SYSTEM32 as I said. If it IS a worm, the reason your CPU goes to 100% when you're online is that it's busy emailing itself to half the world. A good firewall would have picked up the outgoing traffic and alerted you.
There's a removal tool at Symantec
0
Thank you.
I did try running FxNetSky but it did not detect any thing.When ever I visit windows update I get a popup window for adv. I don't know if there are any connections.
Do you have any idea about AoLEDIT.dll? it seems to have some pop up redirecting effect.
0
I have W2K and have the same problem (no AOLedit.dll). Last thing I did was install the latest Windows Critical updates.
Safe mode doesn't help either.
0
I had this problem on 2 PCs, one at work the other at home. I read the above comments and ran the Netsky remove tool and it too found nothing. I couldn't stop the file.
I then ran a search of the drives for services.exe. I found 3. One in the WINNT/System32 folder, one in an WINNT/ServicePackFiles/i386 folder and another in WINNT/$NtservicePackUninstall$
I renamed all except the one in the WINNT/System32 folder and voila - CPU usage seems to be back to normal.
I have not seen any problems so far.
If anyone know of a potential problem I may bave because of these name changes - Please let me know.
Otherwise try it out for yourselves.
0
I could have mentioned that NETSKY variants (and a few others) first search for other (valid, backup) copies of SERVICES.exe to replace to confuse the unwary.
Try scanning the two folders with your antivirus, Joseph. If it finds and deletes the dud version, I'd delete that entire backup folder, as it'll be little use without a good copy of SERVICES.exe.
0
I think I have discovered something very interesting, as I have this same problem with the 100% cpu issue. I have noticed that everyone seems to develop the 99%/100% cpu problem - once they have downloaded and installed the MS Service Pack 4. I have had my computer thoroughly analyzed by three experts and after a brief episode with spyware - Coolsearch and its eradication, the consensus is that the problem emanates at the point of the installation of the Service Pack 4. It appears that through this MS page: http://support.microsoft.com/default.aspx?kbid=328885, they are very keenly aware of the problem. Personally, I am completely convinced that Microsoft has intentionally jacked up our computers as a ploy to get us to sign up for their Passport program and to glean additional information from us. It appears that this is Microsoft's shameless, brazen modus operandi. If we want the get the patch we have to go through the Passport process in order to download the correct patch. Even though their website gives the illusion of assistance it clearly does not. Microsoft is apparently aware of this problem, yet they do not want do anything about it - unless you go through their portal. If this is in fact true, and I very strongly feel it is, this sucks to all high heaven and it is beyond belief. To me, this is clearly another brazen snub of their agreement to stop their monopolistic ways, and I for one, am here to expose it. If this is in fact true, I am mad as hell about this, this has made my computer virtually unusable as it is so slow. Your feedback is definitely appreciated.
0
I think I have found an solution to this irritating problem. It definitely is caused by the Services.exe of SP4. No patch available from Microsoft though they should release one instantaneously, because my computer turns into a dead thing by this program! Here is my "solution":
Like Joseph here above I did a search on my drive C: for Services.exe and found several copies of several versions. I did a rename on the one in WinNT\System32 (added .org) and also a rename with the same instances of this version (date 2003). But unlike Joseph, I copied the one with date of year 2000 to the WinNT\System32 folder. I put the original back to his original place thus. No need for a safe mode!
I restarted my computer and monitored my task manager. No more 99%!
0
I was wrong! All was well for 2 or 3 days, and then the same misery started again. I now think this: about a year ago, my computer was hijacked, and I think it was used for sending spam. I solved that, and not much later I installed SP4. Or SP4 first, and then solved the hijack, I don't remember. Now I suspect that my IP-address is on a blacklist of Microsoft. The Services.exe is checking this blacklist on Microsoft servers and finds that my pc is suspicious. That is the reason that Microsoft does not give a patch, but instead let you call them. This strange behaviour of Microsoft could be explained by this.
Does this make any sense to you?
Has anyone found a solution yet, or has anyone called Microsoft?
Help!
0  |
 IE Supervisor password pr...
|
personal web server IIS5....
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
