Hi all! I suspect my Win ME system has been infected by a virus. It all happens after I open a mail in outlook. Since that, every time i starts my PC, it is always at 100% usage. SWAP file can grow to 300 mb. When i press ctrl-alt-del, the CPU usage would drop when it pause, but it goes back to 100% again after the system runs again. I tried running Norton Anti-virus but no virus were detected. However, after the virus scan, the system is normal agin. CPU usage back to 70% and swap file is about 100 mb. But as soon as i start IE or my explorer the problem is back!!! when i shut down the system, there is a message "WMS notif windows" is running ... do you want to 'end task','wait' or 'cancel'. Can any expert advise me what to do? Thanks all!

Hi, Certainly sounds like you have something suspicious there, which might be missed by your antivirus program. Try doing an online virus scan at: http://housecall.antivirus.com/housecall/start_corp.asp That should tell you if you have a virus in there somewhere. Also worth installing a Spybot Seek & Destroy program as this could be using up your resources trying to contact external sources - get it at: http://www.net-integration.net/spybot/spybotsd.html See if this lot helps solve your problem, let us know how you get on... Mark

Download Microsoft's freeware WINTOP so you can see details for all running processes and the CPU usage by each.This will help you understand the situation. http://www.dewassoc.com/support/useful/wintop.htm

Try the computing.net security and virus forum.

Thanks all for your response. My system seems normal now ... i'm not sure if i have solved the problem or it's only that the virus(?) is sleeping? THis is what i have done: 1) WinTop shows that Explorer is utilizing 95-98% CPU. I expand the tree and it seems that a particular thread spawn by Explorer is the hogger. 2)When I press Ctr-Alt-Del during system start-up, there is this program "Dummy text" that is running, as indicated by the close program dialog box. 3)I couldn't have the file downloaded from http://housecall.antivirus.com/housecall/start_corp.asp due to poor connection. So I tried another antivirus. I tried another KAV 3.5.133 from www.kav.ch/. Again no virus was found. But the scanner does report a file that is suspicious due to the tag. This is the "Hi,How are you".msg file that i saved from Outlook. It file is the e-mail that causes all the problem. i tried to delete the file ... but to my surprise windows says "Access denied. Make sure that the file is not currently in used" ... or something like that. i restarted in dos, renamed the .msg file and the problem of Explorer hogging the system is gone!!!??? Wintop now shows Idle using 92% CPU and System Monitor shows Kernel usage is less 50%. Swap file (WIN386.SWP) size is smaller, about 250mb. Next, I would like to explain a little how the problem actually occurs. 1. I recieved a mail entitled "Hi, how are you" in Netscape Messager. I opened the mail, it was empty but the supposed size is 121 kb. I have all the javascript, java turned off in netscape. Since not many people know my special e-mail account and i am waiting for some reply, i thought i might want to check its content in Outlook. 2. I have all my IE patches and virus definition up-to-date so I thought it might be safe. I forwarded the message to my Outlook account. I opened the mail in Outlook, again it was empty ... i saved the file as "Hi,How are you".msg and drag the file into Internet Explorer. IE starts Outlook and my system hangs. After the system is restarted, Explorer becomes the hogger. 3. For those who are interested, the message (.msg) looks something like this in notepad: -------------- ����������������������������������������������������������������������������������������������������R o o t E n t ry_ _ p r o p e r t i e s _ v e r s i o n 1 . 0 0    ���� *  _ _ n a m e i d _ v e r s i o n 1 . 0 ( ��������$ �g�@� �D��@� _ _ s u b s t g 1 . 0 _ 0 E 0 4 0 0 1 E .... ------------- (I actually removed the lines "height=0 width=0" hoping that something would show up in IE) 4. I've checked the web. It seems to be a Klez worm, but the tool from "Symantec Security Response - w32_klez_removal_tool" shows no virus detected. So, I still don't know what is going on ... is it a bug in Explorer or is it some kind of new virus? Should I take it as case closed or ...??? If I report my case to Microsoft or Symantec, do you think they care? Thanks All!

Sorry ... it seems that the newsgroup don't disply the triangular brackets for HTML tags ... Here are the amendments with regards to my previous message: ...I tried another KAV 3.5.133 from www.kav.ch/. Again no virus was found. But the scanner does report a file that is suspicious due to the tag [IFRAME]. ...b s t g 1 . 0 _ 0 E 0 4 0 0 1 E .... [HTML] [HEAD] [/HEAD] [BODY] [iframe src=cid:HK6R5Up52c5t2zY83W] [/iframe height=0 width=0] [FONT][/FONT][/BODY][/HTML] ------------- (I actually removed the lines "height=0 width=0" hoping that something would show up in IE)

Glad to hear you solved the problem, but it was definitely KLEZ virus - I got it in the same way.