[Ham-Computers] RE: Memory Hogs Question

Fri Jul 16 18:07:06 EDT 2004

If you're noticing that the system is starting to run "slower" than it
previously did, then it's entirely possible that "malware" (aka Adware,
Spyware, Hijackers, etc) is to blame.  I'm running into many situations
where clients have upwards of 20 different malware apps running in the
background.  It's not anything the user did in particular...there is a major
security hole (discovered a couple weeks ago) in IE that allow apps to be
installed just by visiting a website running Microsoft IIS webserver that's
been compromised by hackers.  (and please, no MS vs Linux vs Unix treads! If
you're running Windows, one of the best things you can do to prevent this is
to stop using Internet Explorer and switch to Mozilla, FireFox, Opera, or
any other "safer" browser).

More recently released malware is not easy to remove (nor does it want to be
removed).  Previously, Spybot or Ad-aware (both free) would remove most
malware.  However, malware writers are getting more sophisticated and
malware removal tools won't get rid of the most persistant ones.  I just
held a session at work this morning training others on how to recognize and
remove malware.  A few weeks ago, I spent 5 hours working on a friend's
laptop manually removing over 150 files (11MB) belonging to various malware
apps.  Spybot and Ad-aware caught about 15% and the rest were left behind.
Since then, I've had the extreme pleasure of doing the same on 4 other
systems at an average of 3 hours each.  Not fun.

The first thing you should do is to look for unrecognized tasks/processes
running in the background.  Then check for "Startup" items (another person
posted details).  However, HKLM\Software\Microsoft\Current Version\Run is
not the only place to look.  "RUN" can also be found in the same "sub-key"
under HKey_Current_User (HKCU), and HKey_Users (HKU).  "STARTUP" folders in
evey user "profile" should also be checked.

If you can, go to http://www.pestpatrol.org and run an on-line scan to see
if it finds any malware.  You can also download Spybot v1.3 from various
sites and run a local scan.  It's a good first place to start in tracking
down what might be slowing down your system.  If you send me a list of your
currently running apps/processes, I'll run through them and see if I
recognize any malware.  Knowing what your browser's "home" page is will also
help determine if your browser's been "hijacked".

Good luck,

  - Aaron Hsu, NN6O (ex-KD6DAE)
    {nn6o}@arrl.net
    {athsu}@nbcuni.com
    No-QRO Int'l #1,000,006
    . -..- - .-. .-   ".... . .- ...- -.--"

-----Original Message-----
From: Herb Gerhardt [mailto:hgerhardt at wavecable.com]
Sent: Thursday, July 15, 2004 5:53 PM
To: Ham- Computers
Subject: [Ham-Computers] Memory Hogs Question

I am running WinXP Home Ed on my laptop with a 20 Gig HD and 256 Meg of RAM.

Lately it has gotten really slow..........    I checked Task Manager and see
that when it is running OK, it runs at a CPU usage of around 20 to 55%.
When it runs really slow, it runs at a CPU usage of 100% or close to it.

The biggest users are:		services.exe		reg.exe	system idle
process

Any ideas as to what I can do to lower the CPU usage and make it run faster
again?  This is an intermittent problem and exists with it just booted up in
Windows and no real programs running on the surface.  I do have a wireless
router (D-Link DI-624) that I installed recently and shortly after that is
when I noticed my problem.

Any info would be appreciated.  No I am not a computer wizard and do not
play with my Registry.

Thanks,

Herb, KB7UVC
NW APRS Group, West Sound Coordinator
Our WEB Site:  http://www.nwaprs.org

My NEW Email Address:  hgerhardt at wavecable.com