Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Processes


  • Please log in to reply
3 replies to this topic

#1 krikkit261

krikkit261

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 15 September 2005 - 03:53 PM

So lately my computer has been acting insanely sluggish, freezing up alot, and even completely shutting down at random! I didn't know what to do but I thought it might be something with the processes that show up on Task Manager. So I look up all the files and find a bunch of bad ones:

wuauclt.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
realsched.exe
smss.exe

So then I go to the tutorials on this site to find out how to get rid of them. I go to safe mode and run Autoruns but none of these show up! How can I get rid of these? Are they really the reason why my comp is sooo slow? Help!

PS- Here are my stats
HP Pavilion (2002) laptop
Windows XP Home
Celeron @ 1200 MHz
240 MB RAM

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,424 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:20 PM

Posted 15 September 2005 - 04:13 PM

Well...where did you get the info that these files are "bad"?

These files COULD be bad, but they could also be legitimate XP system files...with the exception of realsched.exe (which is a Real file).

http://www.liutilities.com/products/wintas...rary/realsched/

Right now, I reflect lsass.exe, smss.exe, services.exe, winlogon.exe, and csrss.exe as running among my processes...and I don't have any trojans or other forms of malware on my system (smile).

I don't allow Real files on my systems (smile).

In short, you cannot just look at processes and decide that they are malware.

Do you have an antivirus program installed? Is it up-to-date?

Do you use a firewall?

Do you use any programs to check for malware (e.g., Spybot, MS Antispyware, etc.)?

Have you looked in Event Viewer for clues as to what problems your system might be experiencing?

Using Event Viewer to Safeguard Your Systems - http://www.windowsitpro.com/Article/Articl...41669.html?Ad=1. Click the bar near the top to see the article and not the ads (smile).

Louis

#3 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:09:20 PM

Posted 15 September 2005 - 05:04 PM

Have a look at this site

http://www.onecomputerguy.com/windowsxp_ti...ervices_disable

for some suggestions on startup services that you can do without.

I would also agree with Loius excellent advice - run regular spyware and virus checks and make sure you use more than one anti spyware programme - it's the combination of various such programmes that has kept my PC clean.

Regards
Iain
Win XP Pro / Win 7 Pro
Posted Image

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:20 PM

Posted 15 September 2005 - 06:55 PM

Whether a process is good or not also depends on the location (path) it is running from.

You can use a tool like Process Explorer to investigate and gather more information about each running process on your computer.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

http://www.sysinternals.com/Utilities/ProcessExplorer.html
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users