Strange problem at least marginally related to the HDD..

By Druegan
Jul 5, 2006
  1. Salutations folks,

    Late last night/this morning one of my roommates requested my help with his computer, and I'm kind of at a loss as to what may be going on with it, so I'm hoping one of you will be able to suggest something I haven't tried yet.

    We *think*, at present, that he got hit with some kind of virus or malware attack, but we don't know for certain. All that is definitely known is this.

    1) there have been 3 incidents of weird system failure on his computer. These 3 incidents occurred right after his girlfriend angered a certain person over Yahoo Messenger.

    2) The first two times, I cleaned a massive amount of malware off of his system, but those were traced, eventually, to some files that he downloaded. This fixed the problem.

    3) This time.. matters are different. No new files have been downloaded in the past 2 weeks, and he isn't even routed through the firewall for any P2P bits.

    Here's the breakdown on what's happening I boot up the system, everything comes up fine. I attempt to use an online virus scan, or access anything that spins up the hard disk significantly, and I get some massive disk thrashing. Nothing on the system responds except the mouse pointer. Even task manager ceases to respond.

    Happens in safe mode or normal boot. Happens when attempting to copy files from one system to another over the LAN. Attempting to run any online scans such as Trendmicro, Symantec, Pandasoft, F-secure, etc produces the same lockup and thrashing. Attempting to run a local antivirus engine (trendmicro's Sysclean) seemed to work for about 10 minutes, and then the system spontaneously rebooted. Lavasoft's Ad-aware SE produced thrashing and lockup. Smaller utilities, such as Crapcleaner, ran fine.

    The system is 6 months old, running on an AMD Athlon 3800+ with 512 mb DDR 400. I can get more complete system stats if that'd be helpful. The hard disk is a 250 gig Sata drive, I believe from Western Digital.

    The only other wierd thing that happens with his system happens with every computer on the house lan... upon reboot, an instance of svchost.exe starts taking up massive amounts of system resources, and disallows any internet or network connectivity untill the process is killed in Task Manager. The User Name in Task Manager is "NETWORK SERVICE". As I've said, every system in the house has this same oddity, but nothing odd shows up on virus, malware, or adware scans on the rest of them, and terminating the process shows no sign of ill effect, so I doubt they're related.

    I'm convinced that the disk thrashing is some kind of a weird loop, or it's just getting stuck.. it doesn't happen until we attempt to actually *run* programs, or copy files, but it also doesn't stop.. we've observed it for an hour just to see if the system was trying something it could potentially finish.. no such luck.

    I'm off to try a small battery of diagnostic software now in hopes I might get lucky, but I'm really hoping one of you out there has seen this sort of thing before, and might be able to clue me in as to possible causes.

  fastco

    fastco

    DO a full format and reinstall the operating system on all the computers. If you can access the hard drives when you stop that service, I would back up everything you need off of the hard drives and do a complete reinstallation. Make sure you have a Software and Hardware firewall set up and an updated Anti-virus running and I run SpywareBlaster in the background and I haven't had any attacks in a long time.
  Liquidlen

    Liquidlen

    scvhost.exe runs for a number of different services. The fact that you can turn it off without repercussion means you have some service running that is not needed (obviously). The point I am making is that you can start by shutting down services(or some program trying to start) that start Automatically, one at a time. You can track these by using the dependency tab under the poperty sheet for any sevice.
    It will take some troublshooting but you can do it.
    I found DCOM caused similar thrashing and memory leaks in my system.
    Pay close attention to the differences in the sevices used for Workgroups as opposed to Domains
  korrupt

    korrupt

