Results 1 to 7 of 7
  1. #1
    3 Star Lounger
    Join Date
    Sep 2004
    Location
    Chandler, Arizona, USA
    Posts
    258
    Thanks
    0
    Thanked 0 Times in 0 Posts

    95 - 98% sys utilization

    I was hit by a virus (spyware - win-spy) over the weekend. Have spent many hours cleaning up the mess. At one point I bought a pctools product (spyware doctor) which found the trash and after rebooting in safe mode - cleaned the trash out. Needless to say I updated a lot of software over the weekend - spyware blaster, spy-bot search and destroy - norton system works etc. Win-spy is (as I understand it) a key logger, but when all of the stuff started hitting the fan, I lost all of my "Office apps (outlook, word,excel) got system messages saying they all had to be installed to run. I went back to ground zero and reinstalled office from scratch and reapplied all of the ms service to get them up to date. I Still get flashing messages during startup of word and outlook that they are being installed(??????).

    After the dust settled, the box was - and still is really sluggish. Task Mgr shows "services.exe" running between 92 and 99% cpu. I've had diskeeper running at startup for several years, but noticed that during it's activity everything is S L OOOOOOOOO W. It eventually finishes and doesn't report any sever fragmentation.

    I am in process of killing almost everything in system tray but nothing seems to affect the "services.exe" cpu utilization.

    Wondering if anyone else has run into "services.exe" taking over system - and what they did about it? OBTW, I uninstalled spyware doctor to see if that was what was eating the system - still have not reinstalled it.

    Tom

  2. #2
    3 Star Lounger
    Join Date
    Sep 2004
    Location
    Chandler, Arizona, USA
    Posts
    258
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: 95 - 98% sys utilization

    I just finished getting rid of everything I could think of - and rechecked task mgr - there were three occurrances of service exe in the task list
    first was SERVICES.EXE with a PID of 256 0.0 % util (all in caps SERVICE.EXE)
    next was services.exe with a PID of 1532 99% util ( was in small letters service.exe)
    next was services.exe with a PID of 1628 0.0 % util

    no idea why there are multiple or why they are differentiated by caps and small letters

    Tom

  3. #3
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: 95 - 98% sys utilization


  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: 95 - 98% sys utilization

    Although Services.exe is part of Windows, there are bogus versions that are installed by Trojans/Worms. The genuine version is (should be) in the System32 subfolder of your Windows folder, bogus versions for example in the Windows folder itself. See for example services - services.exe - Process Information and services.exe - Process information.

  5. #5
    Silver Lounger
    Join Date
    Apr 2001
    Location
    New York, New York, USA
    Posts
    2,328
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: 95 - 98% sys utilization

    Unfortunately, you had no luck to clean the virus completely - it's happen more often than you think. I would recommend to back up your personal and data files, reformat your hard drive and restore your full system backup (if you have one) or reinstall Windows from scratch - it will take the same or less time than troubleshoot and fix your existing Windows installation...

  6. #6
    3 Star Lounger
    Join Date
    Sep 2004
    Location
    Chandler, Arizona, USA
    Posts
    258
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: 95 - 98% sys utilization

    I think I solved the problem. I used Wintasks Pro to id the specific culprit (gave a full path to the services.exe module that task mgr would not give). The specific module was in C:WINNT$NTupdateRollupPackinstall$services.exe. Wintasks pro let me kill the process which I could not kill using task manager. One of the responders mentioned a bogus copy of services.exe that probably had been hi jacked. Without really knowing the impact - I deleted the image in C:WINNT$NTupdate...

    This evidently forced a reload from win32dll of the real services.exe. After a reboot everything seems to be working and the WINNT$NTupdateRollupPackinstall$services.exe entry disappeared from the wintasks Pro screen replaced by c:WINNTdll32services.exe

    Now my box is running in the low teens utilization.

    Thank you to every one who replied.

    Tom

  7. #7
    WS Lounge VIP rory's Avatar
    Join Date
    Dec 2000
    Location
    Burwash, East Sussex, United Kingdom
    Posts
    5,891
    Thanks
    0
    Thanked 82 Times in 78 Posts

    Re: 95 - 98% sys utilization

    Hi Tom,
    Glad to hear you got it sorted - just to add my <img src=/S/2cents.gif border=0 alt=2cents width=15 height=15> : if you haven't already, I would strongly recommend reinstalling Spyware Doctor. From most recent reviews I have seen, it is the best performing anti-spyware app by a significant margin (all of my machines have it on) and I think it is well worth the cost.
    FWIW.
    Regards,
    Rory
    Microsoft MVP - Excel.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •