Ewido freezing and eating memory out the wazoo

[madboyv1]

So I figured, as much as I generally don't like groups or forums that basically force a user seeking help to do thier instructions first, I've lurked around here and you guys aren't as bad as others, so I figured I'd hit up on TS's "instructions." That being said, when attempting to run a full system scan (as well as the quick)using Ewido, about 13 minutes through (in the process of scanning the filesystem) the program shoots up from about 20 mb, to about 90 mb in about 20 seconds, and not seeing this until the program stopped responding (ie stopped displaying updated information as well as not responding to cancel or quit commands), it had taken a whopping 400+ MB of RAM.

Any ideas as to what is causing this?

 

[howard_hopkinso]

Hello and welcome to Techspot.

It could be a virus/spyware infection that`s screwing Ewido up.

Go and read this thread HERE.

Post a HJT log as an attachment into this thread and I`ll advise.

Regards Howard :wave: :wave:

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

All right, I'll post up an HJT log when I get the chance (though that won't be for a while yet, I won't be home for another 6 hours or so). I'll append to this message, unless a new message with the log is desired.

 

[howard_hopkinso]

Yes, post a new message. That way I`ll get an email notification and won`t miss it.

Regards Howard

 

[madboyv1]

as requested, a HJT log.

if there is something that you don't recognize, but don't think its a threat, let me know and I'll tell you what it is to the best of my ability. Ad-Aware Pro, Spybot, NIS 2006, and XoftSpy all report clean, fyi.

 

[howard_hopkinso]

Go to add remove programme in your control panel and uninstall anything to do with(if there).

Viewpoint\Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe

Close task manager.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint

Other than the above, your HJT log is clean.

The problem with Ewido may be caused by either a corrupt download or a conflict with one of your other programmes. Try redownloading and reinstalling and see if you still have the same problem.

Regards Howard

 

[madboyv1]

the redownload and reinstall at first didn't work, but after a restart, a redownload, and reinstall again, it was okay, though it spiked a lot, it didn't constant take up excessive amounts of memory.

Here's my current (kinda) HJT log (I did it a bit ago, but considering my computer has been idling I haven't done anything other than open my browser window since the last scan.)

If this is clean then I'll be on my way, away from this thread anyways. I am having issues with NIS picking up viruses almost randomly in my system32 folder (which isn't good at all consiering the importance of that folder) so try running some AV-scanners before I officially report having viral issues. Should I do that in a new thread, or continue with this one? PRobably a new one since the issue at hand has been for the most part resolved.

 

[howard_hopkinso]

Your HJT log is clean.

Make sure you have the latest virus definition updates.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with your antivirus programme and delete whatever it finds.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

If you continue to have virus/spyware problems, please post in this thread.


Regards Howard

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

all scans turn up clean, but I am still having problems.

Explorer wants to take up 100% of my processing power, or close to it, though it keeps its regular memory footprint. I've been running my computer with explorer off for the past few days (except when I am in safe mode), and all 6 scans come up clean (the 4 free online scans, AVG and Norton) the HJT log is clean, Ewido, Ad-Aware, a2, and Spybot all come up clean, so I am perplexed to this issue... I'm thinking about starting to disabling services and items in the startup tabs in msconfig, unless you guys have a better idea.

I mean reformating is an option, but I'd rather not considering the tremendous amount of time required to reinstall and reconfigure my programs and what not.

 

[howard_hopkinso]

I think your problem is probably caused by some faulty software.

Take a look at this thread HERE.

Your idea of stopping programmes in startup, seems like a good idea.

Regards Howard

 

[Samstoned]

ewido is being stopped by malware
there is about 20 diff was from what I have seen to remove most don't work
just did a test with ewido to run a dummy installed with ismini issearch
trojun virus
as I attempted to remove use spybot SD did not remove the reg entry
use adaware did not remove even in safe mode
back to outpost same thing
final ewido would crash did online scan just as it finished finding 28 virus's it crashed and IExplorer
went nuts loaded pages with bogus spyware removal sites
to me there is ony one answer reload keep os as small as possiable
don't load exe's you don't know about
the test OS had no special settngs most users will not like reloading there stuff
from here the only sure way
sorry if I stepped on your thread
did not see the warn

 

[howard_hopkinso]

Hi Samstoned.

I don`t know how you arrived at that opinion, but madboyv1`s HJT log shows no sign of infection, niether does any virus scans etc. issearch/ishost/ismon etc show up in a HJT log, in madboyv1`s HJT log no such entries were present.

It`s quite possible that the Ewido problem is caused by a software/driver conflict, or just plain old corruption.

It is entirely possible, maybe even probable that the explorer.exe using vast amounts of system resources is due to some faulty software.

No doubt madboyv1 will let us know the cause when the culprit becomes clear.

Regards Howard

 

[madboyv1]

I have answers. When during a system restore, as well as removal of a few files suspected of viral infection, a couple of symantec's services had been damaged apparently. I'm not sure exactly how symantec's services access explorer.exe. Also, Adobe Manager apparently has been broken for a long time. Reinstalling NIS 2006 and Acrobat 7 Pro has solved the issue with Explorer taking 90-97% CPU. The Ewido error was due to an error in the installation. Reinstalling that also corrected the issue.

Finally, I downloaded Registry Booster by UniBlue and ran its registry cleaner and defragged the registry, and everything thing seems a-okay.

I am usually very careful with my protection, spending a good amount of time doing at least monthly scans with all my software, so coming to a site for help was a rough step for myself. Funny enough, when I looked at the instructions listed on TS, they are similar to my own when I quarantine a computer.

Anywho, everything seems to be running smoothly now.

- MadBoyV1

 

[howard_hopkinso]

That`s good news mate.

Thanks for letting us know.

If you ever have any further virus/spyware problems, Please post in this thread.

Regards Howard

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

I spoke too soon. Explorer is back to taking 100% CPU, so I am not unsure what it is now. I'll continue to investigate though being that its keeping me behind from my work, I may just kill the install and reformat.

Any idea's? it appears that none of my startup items are causing it, and the rest of my services seem working fine...

 

[madboyv1]

Oh, it gets better. Now Windows is asking me to reactivate Windows within the next 3 days, and as I type this the Activation window cannot connect to the activation server with microsoft.

 

[howard_hopkinso]

As you said, maybe reformatting and starting from scratch is the way to go.

If you do, I suggest you ditch Symantec/Norton and use the free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE and HERE.

It may well be you have a software conflict of some kind. The fact that you have Symantec/Norton crapware is enough to cause problems. It`s very buggy and does all kinds of strange things. Before you reformat, you might want to try getting rid of Symantec/Norton and seeing if your system improves.

Regards Howard

 

[madboyv1]

That's what I thought you'd say from reading other threads before posting my own. The thing though, I have NIS 2006 on other computers, and with the experience I have had with Symantecs products in the past would lead me to think otherwise. Also and I do not have any problems at all with other said computers. In fact I have another computer with almost the same hardware configuration (minus one HDD) and has the same basic software setup (ie XP Pro SP2, Office Pro 2003, VS.NET 2003, NIS 2006, and numerous small protection type programs). This however is more of my gaming and browsing computer. Those two facts makes this computer far more vulnrable than the other, and as I have said, I have yet to see any issues at all with NIS with that computer, nor on my laptop, which is used similarly as the computer that is being starved of processing power. I'll see if making a new user account and idling with that makes a difference.

What gets me weird is that I can get on the internet just fine, yet Activation can't find its server. I doubt the server is offline, so I'll have to assume its me.

Oh, and NIS is currently uninstalled and I see no such improvement that you suggest may occur from remove such "crapware".

edit: I'll look into gettin Kerio (ie purchase, I don't do freeware versions of full software) though, as I have found that I can't get an update for Sygate Pro 5 for a good reason: it doesn't exist anymore. T__T

2nd edit: I have successfuly reactivated windows, so I'm not on a time crunch anymore.

 

[madboyv1]

I blotched the XP install, so I installed Windows 2000. I have bought a new copy of XP Pro, so I'll install that. at anyrate, everything seems to be normal. Everything can be fixed (short of hardware failure of course) with a reformat and reinstall. And now I have an excuse to use it as a personal NAS/server. =)

Anywho, as far as I know, I'm done with this problem. Thanks a lot for the help.

 

[howard_hopkinso]

Thanks for letting us know mate, glad you got it sorted.

If you ever have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

I was told before to continue using this thread for issues.

So here's one. I decided to see what this IE7 RC1 was all about, and after realizing the horror of how they set up the toolbars, I uninstalled IE7 and it reverted back to IE6 SP2. But now I can't seem to change my homepage. Well its not that, I can change it all I want in the options window and in the registry, but it reverts back to the New Install common sites (ie msn for homepage and search page). I've checked with Ad-Aware, Spy-Bot, etc etc, and I've checked all of my security programs to make sure they weren't changing the home and search pages back, and they are all clear. Also, from looking at my own HJT log, I look clean as well. Also, opening explorer extensions (like opening a save prompt or any form of saving/search file prompts) sometimes take an abysmal amount of time to open up, but the system itself does not show any slowup in the Task Manager.

Any Ideas? And switching to another browser does not count, though if I couldn't have uninstalled IE7RC1, it would have made me a firefox user lol.

PS: went and bought Kerio, its a little more anal than Sygate, but I like it. =)

edit: and I know you don't see an antivirus program in the log file. I used Trendmicro as I usually leave antivirus to be one of the last things I install, being behind at least 1 firewall is usually the first.

 

[howard_hopkinso]

As you suspected, your HJT log is clean. However, there is malware around that can hide from HIjackThis.exe, rename it to HijackThis1991.exe and scan again. See if anything different shows up.

Other than that, maybe try a system restore to before you installed IE7.

Regards Howard

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

hmm... A system restore. That would revert the installs of my HP printer, Adobe Creative Suite 2, Macromedia Suite, and couple smaller programs.

Oh well, I may have to reinstall those. I'll see if that works. Renaming hijack this yielded same results as before.

As you suspected, your HJT log is clean. However, there is malware around that can hide from HIjackThis.exe, rename it to HijackThis1991.exe and scan again. See if anything different shows up.

Other than that, maybe try a system restore to before you installed IE7.

Regards Howard

This thread is for the use of madboyv1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[madboyv1]

well it didn't work, and it killed a bunch of stuff. won't be hard to reinstall though.

I am going to try and reinstall IE7. If it lets me change and keep my homepage, then I'll make sure its set to what I want it and uninstall it, see if that helps. if it doesn't let me keep my changes, then its something with the system, and if it lets me keep my changes, and reverts it back after uninstalling, well its too early in the morning for me to figure that one out at the moment.