# Virus?



## ex_reven (Mar 31, 2007)

Hey guys, I noticed today that my computer was using alot more cpu than usual.
Just running MSN and a few other light programs I was using up to 30% of CPU, which I dont consider to be normal for my computer (see specs.)

I am running Trend Micro Anti Virus and Zonealarm as a firewall and they both are configured fine, ran a virus scan and got nothing. 

So I closed as many processes as possible (including antivirus and firewall, which according to Task Manager were using the most cpu. And still, nothing. No decrease in usage.

Below are two screenshots, the first is the system before i started killing processes ad the second is after i got rid of a few processes, msn, firewall etc.

What do you guys think could be causing this??


----------



## pt (Mar 31, 2007)

it's wright in there sily

ziclient and vsmon


----------



## ex_reven (Mar 31, 2007)

pt said:


> it's wright in there sily
> 
> ziclient and vsmon



 zlclient and vsmon are supposed to belong to the firewall/antivirus programs.
If they're a virus, why cant my antivirus pick them up?

I cant kill the processes either, I get an "access is denied" message


----------



## pt (Mar 31, 2007)

ex_reven said:


> zlclient and vsmon are supposed to belong to the firewall/antivirus programs.
> If they're a virus, why cant my antivirus pick them up?
> 
> I cant kill the processes either, I get an "access is denied" message



it's the antivirus/firewall that sucks ass and is eating you cpu speed


----------



## ex_reven (Mar 31, 2007)

its never done it before today. They only ever used about 11%.


----------



## anticlutch (Mar 31, 2007)

Maybe your Zonealarm is updating?


----------



## ex_reven (Mar 31, 2007)

nope i updated it yesterday


----------



## Zalmann (Mar 31, 2007)

Looks normal to me mate. When you view the task manager, I find it easier to sort by either CPU or MemUsage columns. I had the same problem for a while on my work IBM Thinkpad laptop. I uninstalled a whole bunch of software that I didn't use often, and I managed to get it working a lot quicker.

It also pays if you have registry mechanic or equivalent, it can help you identify reg errors/problems, and compact the registry. Makes a small difference in performance to me, enough to be noticable.


----------



## ex_reven (Mar 31, 2007)

Well yesterday I actually ran some registry cleaners (deleting non linked .dll's and such), deleted a heap of stuff and minimised my startup to antivirus, firewall and wireless network software. 

I dunno, 30% doesnt seem like a huge increase that you would expect from a virus, but still it could be spyware/malware related I guess. Are there any good free scanners out there? I only use Ccleaner, which is excellent but I dont think it quite gets everything.


----------



## Namslas90 (Mar 31, 2007)

Run APK's Registry Cleaner Engine found in utilities section of Downloads here at tpu.   Then check your Internet options > Manage Add-On's for dead and uneeded links.  Also run cache cleaner, and clear cookies, temp I-net files etc.  You would be suprised how many old "add-Ons" are trying to "pre-fetch" data/links/ Etc. you don't need, want, or use any more.


----------



## ex_reven (Mar 31, 2007)

I think Ccleaner would pick up everything you mentioned Namslas, but I'll try it


----------



## Namslas90 (Mar 31, 2007)

ex_reven said:


> Well yesterday I actually ran some registry cleaners (deleting non linked .dll's and such), deleted a heap of stuff and minimised my startup to antivirus, firewall and wireless network software.
> 
> I dunno, 30% doesnt seem like a huge increase that you would expect from a virus, but still it could be spyware/malware related I guess. Are there any good free scanners out there? I only use Ccleaner, which is excellent but I dont think it quite gets everything.



Could be you deleted a I-E6/7 link that you needed, and your explore is cycling more than necessary.  Download "repair" from M-soft download section and see if that fixes problem.
I don't think my IE has ever used 24K unless activly doing a search.


----------



## Namslas90 (Mar 31, 2007)

Also noticed a lot of duplicates on the first list.  Did you have a lot of windows open or are u running old tasks you don't need?


----------



## ex_reven (Mar 31, 2007)

nah dude thats not Internet Explorer man, thats explorer.exe as in desktop and all that jazz.
Internet explorer is iexplore.exe

Btw i couldnt get apk's tool working. I copied the dll's and exe's to their respective folders in windows and sys32 folders and i keep getting an initialisation error.


----------



## Zalmann (Mar 31, 2007)

Use MSconfig.exe, and try disabling some of the processes and programs at startup. You can also disable processes from this. The good thing about MSconfig is that you can always re-enable them if they are not the culprit.


----------



## ex_reven (Mar 31, 2007)

Ive used Msconfig before. I'll check if theres anything thats on startup that doesnt belong on startup


----------



## Namslas90 (Mar 31, 2007)

ex_reven said:


> nah dude thats not Internet Explorer man, thats explorer.exe as in desktop and all that jazz.
> Internet explorer is iexplore.exe
> 
> Btw i couldnt get apk's tool working. I copied the dll's and exe's to their respective folders in windows and sys32 folders and i keep getting an initialisation error.



That's weird.  I use it all the time.   You running XP or vista, cause I don't think it'll work on Vista!  Before APK left he was working on a Vista version(patch), don't know if he finnished it or not. I always download/save to desktop then open >install,extract.  Then I get the app folder, Open it and d-click The red/blue thingy and it just work great.


----------



## ex_reven (Mar 31, 2007)

Yeah Im running XP so it should work, I noticed that Vista patch too.

Ok I have CLIStart - (Ati software...dunno what it does but its always been there)
type32 and point32 - my keyboard/mouse customised setup uses 6mb ram total)
zlclient - zone alarm firewall
dwl-g520m wireless - wireless network connection
wcu - wireless config utility

And thats it, its a pretty small bootup, just the essentials.


----------



## ex_reven (Mar 31, 2007)

Namslas90 said:


> That's weird.  I use it all the time.   You running XP or vista, cause I don't think it'll work on Vista!  Before APK left he was working on a Vista version(patch), don't know if he finnished it or not. I always download/save to desktop then open >install,extract.  Then I get the app folder, Open it and d-click The red/blue thingy and it just work great.



hmmm thats weird...the installer reader told me to put dlls and registry files in specific places in windows folders


----------



## BXtreme (Mar 31, 2007)

.....Za's antivirus sucks....
firewall is ok...but try another combo 
Kaspersky Internet Security, or za+nod32.


----------



## Zalmann (Mar 31, 2007)

BXtreme said:


> .....Za's antivirus sucks....
> firewall is ok...but try another combo
> Kaspersky Internet Security, or za+nod32.



Zonealarm uses CA's VET engine. It works okay, I use it on my work machine and it doesn't use as much resources as my other antivirus scanners. McAfee and Norton has been the worst in my experience, and almost impossible to uninstall cleanly without having to do some manual cleanup yourself.


----------



## BXtreme (Mar 31, 2007)

dude, try 2007 version of norton, better than before 
and YA, mcafee sucks resources all the time. RESOURCE HOG! 
Btw, Za's antivirus SUCKS, I've tested it, the security rating say it sucks too  sry, but it's one of the weakest out there


----------



## ex_reven (Mar 31, 2007)

BXtreme said:


> .....Za's antivirus sucks....
> firewall is ok...but try another combo
> Kaspersky Internet Security, or za+nod32.



ZA has antivirus???  I was only using it for the firewall...as Ive used ZA Firewall for at least 5 years now and it has never failed to do its job or used a heap of system resources.

Im using Trend Micro antivirus, which I just uninstalled, and I was just about to attempt to install Norton 2006 (a legal copy of it ) and I cant because my damn DVD drive is screwing up again. I fixed it yesterday by changing a jumper and it has stopped working again ... great time for it to happen...

Now i have no antivirus on


----------



## BXtreme (Mar 31, 2007)

DON't get a norton below 2007, ok? cuz it's Norton  
and, I've also used it for 2 years, the easiest firewall out there  maybe the BEST!


----------



## ex_reven (Mar 31, 2007)

I'll try Nod


----------



## BXtreme (Mar 31, 2007)

Here's a guide to help you 
IF your specs are UBER, i.e 2+gb ram, Quad core cpu. Then go for Norton 360, one of the biggest resource hogs created ever.
IF your specs are gd, but you want less consumption with best detection antivirus. Then get Nod32.
If you have somewhat 'midrange' specs, then get Norton.I.S 2007, for the best security ever 
IF you have NO DATA on you compy and want to fill it with virus', then here are some names- Unknown names lol, Za's antivirus(virus will get in and you won't know about it ), Norton below 2007.


----------



## Namslas90 (Mar 31, 2007)

ex_reven said:


> hmmm thats weird...the installer reader told me to put dlls and registry files in specific places in windows folders



You read the instructions.  I never have.  I just re-downloaded it to see if it works and all was normal.  Download to desk top.  Close all windows.  Right click desktop Icon > open. Select last APK registry cleaner Icon and dbl-click(new Icon appears on desktop. R-click>open.  select blue/red/grn icon and r-click > run. click analyze, wait till done(20-30 mins for me).  Center cursor right click and select delete!  All done.


----------



## ex_reven (Mar 31, 2007)

yeah i tried that first namslas lol...and it didnt work, so i did what it told me to.

Ive actually used that program before, but i must have deleted it...

oh well, for anti virus im gonna use Avast, and run a boot time scan before any viruses get to write themselves to memory ... brb!


----------



## ex_reven (Mar 31, 2007)

problem solved gents, it was a trojan.

Avast killed it on boot 
I am now running MSN, Firefox, Photoshop, MS Word and uploading pictures off my camera with only 1-3% cpu utilisation. Only the memory is getting a work out now 

Thankyou for all your input and suggestions.


----------



## ex_reven (Apr 9, 2007)

ok guys, i didnt want to make a thread, but i hope you see this...

i was experiencing heaps of slowdowns and for some reason i decided to take a look into my firewall...i right clicked it (its in the system tray) and nothing happened. I tried to run the program from its folder and that didnt work either. I have a feeling that my firewall hasnt been functioning since i reinstalled it.

AND get this.
I killed Zonealarm (firewall) and my cpu usage went from 36% to zero...

So i have two problems
a) I need a new firewall
b) My internet browsers arnt working for some reason...firefox and explorer werent functioning...i couldnt even load google.com, but i typed this post into windows explorer and i was able to post here...
so i have no idea wtf is going on, msn also wont connect.

AND theres something called WllLoginProxy in my task manager...that i definately didnt start


----------



## Namslas90 (Apr 9, 2007)

If you have MS maliciouse Removal Tool run it.  Have you visited ASUS latley.  They had a problem on the hompage and if you went there you may have "contracted" a virus.  Run avast Boot time if yyou can get on the net.  Check Task manager for something that shouldn't be there. STop the process and try to get into IE.  Use the search command for recently loaded files and either "kill" them with ZA(if you can) or delete them. Zone alarm recently updated and there have been some problems.  My ZA works but the virus protection is shut down.  I loaded Avast on a free trial, untill I can get it fixed.  Also the most recent MS update had a dll problem witha memory address.  On one of my computers it affected the Lexmark files on another it affected the ZA, on another it affected  IE.


----------



## Namslas90 (Apr 9, 2007)

I just found the same proxy and stopped it, on this puter, lets see what happens!


----------



## ex_reven (Apr 9, 2007)

I dont have MS Malicious Removal tool, but i have visited asus...dammit.

On a reboot i can now use firefox and IE, but im still getting those random processes that dont belong. I'll try reinstalling ZA. And I'll run another boot time scan with NOD just in case...

I dont get MS Updates as this copy isnt legal


----------



## Namslas90 (Apr 9, 2007)

I searched google and it says its a Trojan, no further information available.  I ran ZA scan today and it didn't pick it up.  I'm starting to get a little pissed at ZA.  Ever since that last update it has been working like crap.


----------



## ex_reven (Apr 9, 2007)

Namslas90 said:


> I searched google and it says its a Trojan, no further information available.  I ran ZA scan today and it didn't pick it up.  I'm starting to get a little pissed at ZA.  Ever since that last update it has been working like crap.



Omg same man.
I was happy with it until this week...

That proxy doesnt sound good. And killing it doesnt work because it kept coming back for a while, now it dissapeared. Its probably in hiding lol, lil bastard.

Ive heard of a winlogin process though, that belongs to the system.
Im running Spybot and then im going to do a boot scan and see what i get.

Btw was your system using more resources than usual?
Zonealarm was using like a whole core of my C2D. When I downloaded porn it went crazy lol, the folder where the porn was kept going unresponsive. So i think i got a porn virus lol...or something like that. I didnt pick anything up last time i scanned though 

PS - Im not gonna reinstall ZA, il try this "Comodo" firewall, its supposed to be decent


----------



## Namslas90 (Apr 9, 2007)

Ok further research says the WLLoginproxy is a part of the Windows Live mesenger system.  Funny thing is I never loaded it and don't/won't even use MSMessenger.  In the last few minutes I've found it three times and ended the process each time.  Man. I hate all this automatic windows crap.  I wish they could just let us controll this stuff instead of them telling us what to run on our own systems.


----------



## ex_reven (Apr 9, 2007)

Namslas90 said:


> Ok further research says the WLLoginproxy is a part of the Windows Live mesenger system.  Funny thing is I never loaded it and don't/won't even use MSMessenger.  In the last few minutes I've found it three times and ended the process each time.  Man. I hate all this automatic windows crap.  I wish they could just let us controll this stuff instead of them telling us what to run on our own systems.



agreed.
I also wish theyd provide specifics on what the service/process is actually trying to do...
having multiple svchost.exe processes doesnt exactly tell me if theyr legit or a virus.


----------



## Zalmann (Apr 9, 2007)

Reven, I've read reviews on comodo firewall (free software), and from what I have read, it often out-perform some of the best "pay for" firewalls around, including zonealarm. I'm just about to try it out right now.


----------



## ex_reven (Apr 9, 2007)

Im using it now, it seems up to scratch 

btw zalman, watching mythbusters tonight ?


----------



## Zalmann (Apr 9, 2007)

ex_reven said:


> Im using it now, it seems up to scratch
> 
> btw zalman, watching mythbusters tonight ?



It's fantastic. My laptop boots in half the time that I had with Zonealarm.

Yep, Mythbusters, can't wait. I also watch it on Discovery, great show.


----------



## ex_reven (Apr 9, 2007)

they blow shit up good 

nothing like a bad intelligent role model by which to set my life


----------



## Zalmann (Apr 9, 2007)

Yeah, they do some real fun stuff, stuff that none of us have the resources to do. What a great job it would be working with those guys.


----------



## ex_reven (Apr 9, 2007)

That, and they have that hot chick


----------



## Zalmann (Apr 9, 2007)

ex_reven said:


> That, and they have that hot chick



She certainly is a hot little redhead!


----------



## Pinchy (Apr 9, 2007)

Wow this just went way off topic 

Try Kaspersky if its still all stuffed.


----------



## ex_reven (Apr 10, 2007)

Pinchy said:


> Wow this just went way off topic



Quiet you


----------



## DRDNA (Apr 10, 2007)

I would have started with running Adaware SE and SpyBot by S&D ...! Especially if I was thinking trojan or any thing wierd like that.


----------



## ex_reven (Apr 10, 2007)

DRDNA said:


> I would have started with running Adaware SE and SpyBot by S&D ...! Especially if I was thinking trojan or any thing wierd like that.



I did, several times


----------



## Pinchy (Apr 10, 2007)

NOD32 Rocks 

As for firewall, i used to use ZA (which i didnt have problems with), but now im just using the Vista firewall, and it seems to be good


----------



## Zalmann (Apr 10, 2007)

Pinchy said:


> NOD32 Rocks
> 
> As for firewall, i used to use ZA (which i didnt have problems with), but now im just using the Vista firewall, and it seems to be good



Pinchy mate, you should try Comodo firewall, it is very good. It has also relieved some of the heavy CPU usage and slow boot times that I've had running Zonealarm products (I've tried them all). I've also read a review from an Australian PC magazine, and Comodo outperforms almost all of the commercial firewall products in their comparison. The good thing is, it's FREE.

Edit:
BTW, not yet Vista compatible, so too bad.


----------



## Wile E (Apr 10, 2007)

I'm using Kaspersky Internet Security for both anti-vir and firewall on Vista x64. Works great so far.


----------



## Zalmann (Apr 10, 2007)

Wile E said:


> I'm using Kaspersky Internet Security for both anti-vir and firewall on Vista x64. Works great so far.



Ah, that's good advice. I need something for my Vista 64 box, I just don't trust the standard firewall.


----------



## Pinchy (Apr 10, 2007)

Im using the standard firewall, it isnt too bad.

I mean, i know what sites have crap and what dont, so that might be part of the reason as to why i dont get much crap.


----------



## BXtreme (Apr 10, 2007)

Pinchy said:


> Im using the standard firewall, it isnt too bad.
> 
> I mean, "*i know what sites have crap and what dont*", so that might be part of the reason as to why i dont get much crap.



i thought those were my lines  LOL.


----------



## tkpenalty (Apr 10, 2007)

Zone alarm was good until the latest version was updated, now its a resource hog.


----------



## BXtreme (Apr 10, 2007)

tkpenalty said:


> Zone alarm was good until the latest version was updated, now its a resource hog.



mainly due to a virus named 'windows Vista'


----------



## Zalmann (Apr 10, 2007)

Zonelabs don't have a version of their software compatible with Vista as of yet. And their firewalls have been getting more and more resource hungry. I still can't get over the fact it has added an additional 30sec - 1minute delay on my bootup speed. Their anti-spyware that comes packaged with the firewall, is absolute crap. The anti-virus isn't that good either, they license it off CA's VET anti-virus.


----------

