posted
I have always had about 19 processes running at once, but in the last couple of days it has gone up to 26 or 27. I haven't downloaded anything and I haven't been exposed to the Mydoom thing or any other viruses so what could be going on?
I have run Norton and Ad-aware and what not...the worst part is that I can't remember which processes were there before and which are new. BUT there are several which are svchost.exe...should I have more than one? Or any at all? Plus ad-aware has always been in sync with my computer, meaning that it always detects the same amount of processes, but now it still says 19, whereas Task Manager says 27.
What is going on, anyone know?
Posts: 6367 | Registered: Aug 2003
| IP: Logged |
posted
svchost is the networking subprocess for IE to connect to the network, I believe. Probably approximating a 1:1 relationship of IE windows open:svchost processes.
It's system because the OS (rightfully, I believe) takes care of basic networking transport tasks. Rather than, say, each program implementing it's own version of TCP/IP.
I wouldn't worry about it.
LATER: I looked up svchost on google, and it actually appears to be the process wrapper for dynamically linked libraries in Windows (DLLs). These are bits of code that can't be run by themselves, but provide collections (libraries if you will) of useful functionality that can be shared across different apps. Like basic network transport tasks While it appears to be more generic than networking tasks, odds are most of what you are seeing are doing network stuff.
I was asking OS to give further advice on how to find out what the OTHER things in current processes are. Run line commands are different for different OS, as I'm sure you know.
posted
My OS is XP. I wish there was some way to copy and paste this list of processes. I'll type them out if anyone thinks it would be of help.
Posts: 6367 | Registered: Aug 2003
| IP: Logged |
No it's my home computer. And there's nothing new in the Startup folder. I just get nervous when the processes get...more...wow that is terrible grammer. When I get more processes. Once we got a virus and you could see them in the processes, so I always check to see if anything is weird. Nothing seems weird but things are really slow lately. Heck, I really don't know.
Posts: 6367 | Registered: Aug 2003
| IP: Logged |
posted
Paula, it's very possible that you've acquired the Nachi or Welchia worms. Both run within SVCHOST processes, both are VERY prominent on the Internet, and both can install on any Internet-connected Windows machine -- even without any user prompt or login -- thanks to a RPC bug. Symptoms include mysterious restarts and generally slow system performance.
It's worth noting that most virus software CANNOT PREVENT infection by a RPC worm. Even if you've got the latest definitions, you're still completely vulnerable unless you're running the latest Windows Updates.
In neither case will you see anything in your Startup folder; both worms install to the Registry. (If you're comfortable mucking around in your registry, I'll tell you where to look.)
I'd download the Stinger.exe file from NAI.com and have it do a quick check for either virus.
posted
Okay, I downloaded stinger, and it didn't find anything so maybe I'm just paranoid. Thanks everyone.
Posts: 6367 | Registered: Aug 2003
| IP: Logged |
posted
Yeah, you probably should type up a list of processes. Sorry to make you work.
Also, you may want to download spybot search & destroy and see if there is anything unusual in the startup section(I'm not sure if ad-aware has this feature or not).
Posts: 331 | Registered: Oct 2003
| IP: Logged |
3) Visit http://www.windowsupdate.com/ and install all the lates Critical Updates and any interesting REcomended Update.
optional 4) On systems with MSCONFIG Click "start" "run" type "msconfig" and uncheck anything in the right hand (startup) tab that you don't like!
Posts: 2102 | Registered: Dec 2000
| IP: Logged |
posted
I wouldn't mess with MSCONFIG unless I knew exactly what those programs and options do. I once lost a machine (had to completely reformat and reinstall) because I merely messed around with that list.
Posts: 1813 | Registered: Apr 2001
| IP: Logged |
posted
Odd . . . you can't lose a machine by messing around with that list. I mean, really can't. You can make it slightly less usable and slightly confusing if you turn off system tray and scan registry, but there's no way to lose your system unless some program has corrupted your system but is holding it together by running itself -- in which case you've got big problems already that are going to collapse eventually pretty much no matter what.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Yeah, I think that's a fairly accurate description of the problem, fugu. Whatever it was, it generated random startup errors for missing files and other nonsense.
It wasn't my computer...so I felt bad...but he needed to re-install anyway, or so he claimed.
Posts: 1813 | Registered: Apr 2001
| IP: Logged |
posted
Oh, the startup errors thing was just due to the incomplete unchecking of certain ones on the list. That is, some depended on others, probably. It happens decently often with spyware, as its a neat way of tricking people into not unchecking them if you try systematically unchecking them.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Yeah, my mistake systematically destroyed Windows, though. We tried booting into Safe Mode to recover, IIRC. I've forgotten the specifics of that incident. That was three years ago, and I hope that if I've learned one thing, it's this: have the computer victim back up everything before touching their computer.
Posts: 1813 | Registered: Apr 2001
| IP: Logged |
posted
That just isn't possible. All those programs load after the initial windows load, and just plain can't interfere with the process.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
As long as you don't change anything in the "General", "SYSTEM.INI", "BOOT.INI", "WIN.INI", "Services", tabs you CANNOT break windows. Everything in the "Startup" tab can be turned off. It may hamper a few programs, anything that is being loaded on startup as a matter of fact! But it will NOT break your computer.
Posts: 2102 | Registered: Dec 2000
| IP: Logged |
Sorry dude, but I know exactly what I saw. You're not the first person to tell me that it's NOT possible, in fact. As I recall, I was trying to prevent several programs from loading on startup. Whatever program or option it was in the startup tab, the entire machine was dependent on it or something. Maybe the machine was just fated to die at that moment. I don't know. But it was unrecoverable. Yeah, it sounds crazy, and I understand what fugu is saying. Just be careful, that's pretty much the advice I'm trying to give.
Posts: 1813 | Registered: Apr 2001
| IP: Logged |
posted
realsched is some crappy thing with real player, you should just go ahead and delete it, I read somewhere that had a list of files to delete or something...I'll try and dig it up.
quote: Ok, does Real Player 10 have spyware? Duh. How do you kill it? Simple. In Windows XP (or 95 or 98 as well), go to START and then SEARCH. If you disabled the SEARCH from your start-up menu, just press F3 on your desktop, it should bring it up. Once in SEARCH, search for "ALL FILES AND FOLDERS", click that option. Now, in the search box itself, type in: REALSCHED.EXE and press enter (make sure the search is searching your hard drive, be it drive C: or D: or whatever letter your hard drive is set to). You'll find REALSCHED.EXE and perhaps even a REALSCHED.PF (PF is 'prefetch' file). Go ahead, and highlight the entries that get found (no more than 2 will ever pop up, and no less than 1). Highlight the entry or entries and press your DELETE key on your keyboard. Close the search menu off. Now, go empty your recycle bin (right click recycle bin, select EMPTY RECYCLE BIN for those not computer savvy). You're done! Now, when you run Real Player 10? No more sneaky little REALSCHED.EXE will come up and sit idle without your knowledge. REALSCHED can never be run again, and deleting it will NOT affect Real Player 10.
[ January 29, 2004, 06:54 PM: Message edited by: Liquor and Fireworks ]
Posts: 331 | Registered: Oct 2003
| IP: Logged |
posted
Looks like everything is okay, no viruses or spyware, other than perhaps realsched.exe.
Unless you don't want to use Apple's QuickTime system tray deally, which I believe is what qttask.exe is, I haven't used quicktime in quite a while, but I personally hated having it start up every time I turned on my computer.
[ January 29, 2004, 07:11 PM: Message edited by: Liquor and Fireworks ]
Posts: 331 | Registered: Oct 2003
| IP: Logged |
Printer-friendly view of this topic
![[Wave]](graemlins/wave.gif)
![[Smile]](smile.gif)
![[Wink]](wink.gif)
![[ROFL]](graemlins/rofl.gif)
![[Hat]](graemlins/hat.gif)
Thanks, all.
