Process going higher when right click on Taskbar

Discussion in 'malware problems & news' started by zantrimax, Feb 2, 2005.

Thread Status:
Not open for further replies.
  1. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    Hi All,

    I've recently had a problem that whenever i try to right click on the empty space of the taskbar, the Memory Usage in Windows Task Manager goes up and if i go on clickin 2 or 3 times more the windows simply crashes. I have never faced such a problem so i just can't figure out whether its the adware that gets installed, caus sometimes these adwares get installed but i have deleted them... My Windows operating system in Windows 2000 Server...

    Please help and thank you...
     
  2. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi Zantrimax, and "Welcome to Wilder's!"

    May I inquire as to the amount of RAM mounted?
    Have you tried running SFC to determine if you're missing any required operating files?

    I'll assume you possess virus scanning software.....results?
    (Try this in safe mode showing all system files.)

    EDIT - Zan, see if you can determine some 'running tasks' in the 'Software Environment' by opening MSINFO.

    I'll await you're reply before proceeding... :)


    GF
     
    Last edited: Feb 2, 2005
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, follow the advice given above by GlobalForce, if that does not help, write down all
    the running processes found in task manager, go to THIS website and research the processes.

    Look very carefully, some Malware tries to imitate legitimate processes, e.g;
    lexplore.exe (fake), iexplore.exe (real), the first uses a lower case L, looks alot like an " i " from a casual glance.

    It is possible that Malware on your system is trying to protect its self by crashing Windows.

    Although it’s more probable you have a conflict or missing files, this quite often happens when removing certain Malware the wrong way.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nice link there Sweetie.

    Cheers :D
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Thank you.
     
  6. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    hey EvryOne,

    Thanx a lot for all the replies, GF to uu too a thanks, i am tryin to chekc out if there any processes runnin but no i cud'nt find any that cud be suspicious... anywayz i also found out that when i try to click on the options in internet explorer it dumps so like there's no thing i can do right now but simply stare at the window and hope that it doesnt crash when i need it the most...
    hey sweetie thanx to uu too and hey GF cud'nt fine anythin of suspicious matter in MSINFO32 too....

    Thanx once again...
     
  7. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    hey All,

    just got another stuff which when evoked dumps the system first increasing the memory. when i try and invoke the menus in internet explorer thru keyboard, i.e. when i press alt + 'T' for tools or alt + 'V' for view it dumps after one or two keyboard clicks....

    .......
     
  8. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, have a look in the Event viewer, see if it has any error messages, if so post back with the message and code.

    To get to Event viewer;

    Control panel > Performance and Maintenance > Administrative tools > Event viewer, look through all catagories.

    Also try this;

    Put Windows CD in the CDROM drive, click start > run, type in CMD, when the black window opens type in "sfc /scannow"

    SFC (System File Checker) it will replace any changed/damaged system files.
     
  9. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    hey Sweetie,

    thanx for the reply, but i cud'nt find any problemo in Event Viewer, although after uu suggested i checked it again in Event Viewer. Please help me as i am goin thru a bad phase 'caus of this, i just dunno when my system gonna crash, although yesterday my system did'nt crash and though the memory was increasing if by mistake i right-clicked on the task bar...

    hey one more thing people, if uu cud help me out, can i know which registry entry is responsible for activating a particular program when i right click on my taskbar.....

    i have tried quite a few solutions with people suggesting and i tried to no avail...

    regards,
    zan
     
  10. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hello again Zantrimax,

    May we again inquire as to the amount of 'physical' ram available on you're system? If you open 'My Computer' and select Properties or go to the Control Panel and select System, click on the Advanced tab, then select Performance Options. Check to see if the virtual memory is set at least 1 1/2 times the size of the physical RAM (click the 'Change' button to determine).

    I'm not sure if this would apply to you're particular situation, but you could edit the registry to Clear The Paging File At Shutdown
    (good for security as well).....
    Question - Are you able to provide us with any screenshots from MSINFO32? (just for s's & g's, is there an MSBlast entry?)
    If not, would you please cross reference a few of those processes at either Sweetie's link or Answers That Work.

    Tell us also if you ran "SFC /scannow?"


    GF
     
  11. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    hi GF,

    thanx again for the reply... my System's physical RAM is 512 MB, i have set the virtual memeory as you had stated, also i changed the the Paging tag as uu mentioned in the Registry.

    yes i also ran that command which uu gave me and it gave me an error

    Windows file protection could not initiate a scan of protected system files

    The specific error code is 0x000006ba [The RPC server is unavailable].

    have attached one image, will attach another with another message

    thanx...
     

    Attached Files:

  12. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Zan,

    Looking at the stat's in you're screenie, I'm leaning towards memory not being an issue here. I notice you're at service pack 4, but unaware why there was trouble running SFC. Here's the page that describes the error message, though I doubt it'll do much good in this particular situation.

    Can you tell me if you inserted the cd prior to entering the command?

    Now based on rather limited info at this point, we can't rule out the possibility of "something" eating you're memory
    (and mine, j / k :D ).What I propose, prompted by a comment from you're initial post....
    which suggests you may have tossed some system files along the way.
    I'd just like to eliminate missing files as the cause of you're woes before 'digging'.

    Let's try this and see what the return info provides.
    Visit this page.......How to Use the SPCheck Tool to Determine the Service Pack Level of Components.
    Read it, download the tool and follow the instructions for Win2k. Don't forget, you need to run as administrator...OK.

    In the meantime, please answer my question and supply another screenshot (two if necessary), only this time from MSINFO32....expand the 'Software Environment' and click 'Running Tasks' (name and path should be sufficient, see screenie) I can do a little research if I notice something you may have missed.

    Final thought (I know this is on the win2k cd, but not sure if it's installed natively), open a command prompt and type - memsnap /? - it's a memory profiling tool that takes a snapshot of the memory resources being consumed by all running processes and writes to a log file....could prove useful, but if not there....no worries.

    I'm hoping to hear from you tonight so we can move this along.
    Be back to check in the morning....


    GF
     

    Attached Files:

  13. zantrimax

    zantrimax Registered Member

    Joined:
    Feb 2, 2005
    Posts:
    7
    hey GF,

    thanx agaain for the reply, well as uu said have done all the stuff exceptin the memsnap, i dont guess i have it in my system nor in the win2k cd which i had.. following are the contents of the log file created by the spCheck.exe


    SPCHECK Report File

    System Date: Tue Feb 15 12:37:11 2005

    The last Windows service pack to be installed on this system was:
    Version 5.0 Service Pack 4 (Build 2195)

    Check the system analysis section of this report,
    to see if all files are Service Pack 4 files

    System Analysis
    ===================

    [W2K DNS]
    C:\WINNT\SYSTEM32\DNS.EXE SP4
    C:\WINNT\SYSTEM32\DNSMGR.DLL SP4
    C:\WINNT\SYSTEM32\DNSPERF.DLL SP4

    [W2K DNS] Summary:
    Missing files: 0
    Unknown files: 0
    SP4: 3

    --------------------------------------------------------------

    [W2K WINS]
    C:\WINNT\SYSTEM32\JETPACK.EXE SP0-4
    C:\WINNT\SYSTEM32\WINSCTRS.DLL SP0-4
    C:\WINNT\SYSTEM32\WINSEVNT.DLL SP0-4
    C:\WINNT\SYSTEM32\WINSMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\WINS.EXE SP4
    C:\WINNT\SYSTEM32\WINSSNAP.DLL SP4

    [W2K WINS] Summary:
    Missing files: 0
    Unknown files: 0
    SP0-4: 4
    SP4: 2

    --------------------------------------------------------------

    [W2K SNMP]
    C:\WINNT\SYSTEM32\LMMIB2.DLL Missing
    C:\WINNT\SYSTEM32\HOSTMIB.DLL Missing
    C:\WINNT\SYSTEM32\SNMPMIB.DLL Missing
    C:\WINNT\SYSTEM32\EVNTAGNT.DLL Missing
    C:\WINNT\SYSTEM32\EVNTCMD.EXE Missing
    C:\WINNT\SYSTEM32\EVNTWIN.EXE Missing
    C:\WINNT\SYSTEM32\SNMP.EXE Missing
    C:\WINNT\SYSTEM32\SNMPTRAP.EXE Missing
    C:\WINNT\SYSTEM32\MSOBJS.DLL SP0-4
    C:\WINNT\SYSTEM32\WINSMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\IGMPAGNT.DLL SP0-4
    C:\WINNT\SYSTEM32\MCASTMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\ACSMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\PERFOS.DLL SP0-4
    C:\WINNT\SYSTEM32\RIPAGNT.DLL SP0-4
    C:\WINNT\SYSTEM32\OSPFAGNT.DLL SP0-4
    C:\WINNT\SYSTEM32\BTPAGNT.DLL SP0-4
    C:\WINNT\SYSTEM32\RTIPXMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\INETMIB1.DLL SP4
    C:\WINNT\SYSTEM32\SNMPAPI.DLL SP4

    [W2K SNMP] Summary:
    Missing files: 8
    Unknown files: 0
    SP0-4: 10
    SP4: 2

    --------------------------------------------------------------

    [W2K DHCP]
    C:\WINNT\SYSTEM32\DHCPMIB.DLL SP0-4
    C:\WINNT\SYSTEM32\JETPACK.EXE SP0-4
    C:\WINNT\SYSTEM32\DHCPSNAP.DLL SP4
    C:\WINNT\SYSTEM32\DHCPSSVC.DLL SP4
    C:\WINNT\SYSTEM32\BINLSVC.DLL SP4
    C:\WINNT\SYSTEM32\DHCPSAPI.DLL SP4
    C:\WINNT\SYSTEM32\DHCPCSVC.DLL SP4

    [W2K DHCP] Summary:
    Missing files: 0
    Unknown files: 0
    SP0-4: 2
    SP4: 5

    --------------------------------------------------------------

    [W2K NWLink IPx/SPX]
    C:\WINNT\SYSTEM32\DRIVERS\NWLNKSPX.SYS SP0-4
    C:\WINNT\SYSTEM32\DRIVERS\NWLNKIPX.SYS SP4
    C:\WINNT\SYSTEM32\DRIVERS\NWLNKNB.SYS SP4

    [W2K NWLink IPx/SPX] Summary:
    Missing files: 0
    Unknown files: 0
    SP0-4: 1
    SP4: 2

    --------------------------------------------------------------

    [W2K Internet Protocol TCP/IP]
    C:\WINNT\SYSTEM32\ICMP.DLL SP0-4
    C:\WINNT\SYSTEM32\WS2HELP.DLL SP0-4
    C:\WINNT\SYSTEM32\DNSAPI.DLL Unknown
    C:\WINNT\SYSTEM32\MPRAPI.DLL SP0-4
    C:\WINNT\SYSTEM32\IPBOOTP.DLL SP0-4
    C:\WINNT\SYSTEM32\IPCONFIG.EXE SP0-4
    C:\WINNT\SYSTEM32\PING.EXE SP0-4
    C:\WINNT\SYSTEM32\PATHPING.EXE SP0-4
    C:\WINNT\SYSTEM32\FINGER.EXE SP0-4
    C:\WINNT\SYSTEM32\REXEC.EXE SP0-4
    C:\WINNT\SYSTEM32\RCP.EXE SP0-4
    C:\WINNT\SYSTEM32\ARP.EXE SP0-4
    C:\WINNT\SYSTEM32\TRACERT.EXE SP0-4
    C:\WINNT\SYSTEM32\HOSTNAME.EXE SP0-4
    C:\WINNT\SYSTEM32\NTSHRUI.DLL SP0-4
    C:\WINNT\SYSTEM32\DRIVERS\TCPIP.SYS SP4
    C:\WINNT\SYSTEM32\DRIVERS\MSGPC.SYS SP4
    C:\WINNT\SYSTEM32\DRIVERS\NETBT.SYS SP4
    C:\WINNT\SYSTEM32\DRIVERS\WANARP.SYS SP4
    C:\WINNT\SYSTEM32\DRIVERS\IPSEC.SYS SP4
    C:\WINNT\SYSTEM32\LMHSVC.DLL SP4
    C:\WINNT\SYSTEM32\OAKLEY.DLL SP4
    C:\WINNT\SYSTEM32\IPHLPAPI.DLL SP4
    C:\WINNT\SYSTEM32\WSOCK32.DLL SP4
    C:\WINNT\SYSTEM32\WS2_32.DLL SP4
    C:\WINNT\SYSTEM32\TCPMON.DLL SP4
    C:\WINNT\SYSTEM32\FTP.EXE SP4
    C:\WINNT\SYSTEM32\TELNET.EXE SP4
    C:\WINNT\SYSTEM32\NSLOOKUP.EXE SP4
    C:\WINNT\SYSTEM32\RSH.EXE SP4
    C:\WINNT\SYSTEM32\TFTP.EXE SP4
    C:\WINNT\SYSTEM32\NBTSTAT.EXE SP4
    C:\WINNT\SYSTEM32\NETSTAT.EXE SP4

    [W2K Internet Protocol TCP/IP] Summary:
    Missing files: 0
    Unknown files: 1
    SP0-4: 14
    SP4: 18
    --------------------------------------------------------------

    System Totals:
    Total missing files: 8
    Total unknown files: 1
    SP4: 32
    SP0-4: 31


    ************************** END of Report ****************************


    Understanding and/or troubleshooting the report:
    ================================================

    A) A range of service packs may be identified as the source of a file:
    A specific file version can be included in several service packs
    i.e. the file version doesn't change from service pack to service pack
    SPCheck will indicate the applicable service pack range
    For example, SP0-4 indicates that the file version was included with all
    service packs from SP0 to SP4
    If the currently installed service pack is within that range, the file version
    found is consistent with that service pack
    B) If files are reported as missing, possible causes include:
    1) The file is actually missing
    2) The file could not be read because of restricted file permissions
    Check the file's permissions
    3) The file did not exist in the location specified in the ini file
    or in any directory listed in the path environmental variable
    or in the default directory on any other local drive
    Edit the ini file and specify the actual location of the file
    or add the directory where the file(s) are located to the path variable
    4) A system environmental variable used in the ini file has not been set
    Ensure that all system environmental variables used in the ini file are set
    5) The file's name and/or path specified in the ini file has embedded spaces
    Use a long file name alias in the ini file instead of embedded spaces
    Refer to Microsoft KB article Q142982 for details
    C) If files are reported as installed, but all files for a particular
    component are not installed:
    1) The component is not installed
    Some files are installed with Windows, before a component is installed
    2) The files are shared with other component that are
    installed


    attached is the snapshot of the stuff u've asked for...
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      91.4 KB
      Views:
      269
Loading...
Thread Status:
Not open for further replies.