Are Hijackers Responsible for Excessive Hard Drive Activity?

Discussion in 'Malware Help (A Specialist Will Reply)' started by bper, Feb 21, 2005.

  1. bper

    bper Corporal

    Hi,

    I'm looking at a friend's PIIIm running at 730 Mhz, on XP SP2, 128M Ram.

    Initially my friend told me that the laptop was running slowly. I did all of the preliminary scans and fixes. I cleaned a few viruses, and a bunch of adware and spyware. I also was able to remove a few memory hogs and hijacks with hijack this. All scans are now clean.

    The laptop is running a lot smother than before, however of the 128 MB of RAM, it has 12 MB available, and there is a lot of hard disk activity while the computer is running. There are a few services running which Hijack this reports as 023s.

    Is it likely that the performance and HD activity is due to speed of the processor and amount of ram, or could it be other hijackers or could it be the services that are running? What could be done about the 023s? The Hijack this website aren't to clear about this.

    Thanks.
     
    bper, Feb 21, 2005
    #1
  2. PhilliePhan

    PhilliePhan Guest

    It could be a combination of all of these things. Chances are, all of the services listed are legitimate and needed.

    It could also be caused by a piece of malware that you missed, though that would probably stand out and be easily spotted (ex/ StopGuard-Virtumundo which used make machines grind to a halt!).

    Attach a fresh HJT log from Normal Windows boot and someone will have a look to see if it is clean.

    PP :)
     
    PhilliePhan, Feb 21, 2005
    #2
  3. bper

    bper Corporal

    Thanks for your response. I have attached the latest HJT log. This is from version 1.99.1
    ...
     

    Attached Files:

    bper, Feb 21, 2005
    #3
  4. PhilliePhan

    PhilliePhan Guest

    I do not see anything bad in there. Norton is a tremendous resource hog - perhaps switching to AVG or Avast may help. The problem is likely due to the combination of issues you touched on a few posts ago.

    Perhaps you may get some better suggestions to improve performance if you posted a query in Software Forum?

    PP :)
     
    PhilliePhan, Feb 21, 2005
    #4
  5. bper

    bper Corporal

    Thanks a lot for your help.
     
    bper, Feb 21, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    PP,

    The below does not look right.

    O4 - HKLM\..\Run: [LexStart] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

    Something is messed up. It does not make sense for navapw32.exe to be loading twice at startup to me. And even stranger is why is it named LexStart one time. That sounds like a name possible used for a Lexmark printer related program.

    I would suggest fixing the line with LexStart.
     
    chaslang, Feb 21, 2005
    #6
  7. PhilliePhan

    PhilliePhan Guest

    I saw that! I let it slide since navapw32.exe was running from the proper location - Figured the new HJT had some kinks like the last one.
    I suppose it couldn't hurt to fix that line, though.

    PP :)
     
    PhilliePhan, Feb 22, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! But we are worried about resources here!

    I believe that line is supposed to be something like this:
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe

    But I thought it was only needed on Win9x systems.
     
    chaslang, Feb 22, 2005
    #8
  9. bper

    bper Corporal

    Good eyes, Chaslang!

    That one slipped me. I, like PhilliePhan, saw it running from the correct location and ignored it. I didn't make the connection that it was linked to LexStart and that it was being started 2X.

    I'll let HJT fix it, and I'll let you know what happens.

    Thnx!
     
    bper, Feb 22, 2005
    #9
  10. AndrewVolz

    AndrewVolz Private E-2

    128 mgs is dog shit for memory, my xp machine running bare minimum startups and panda antivirus has that much cached right after startup.
     
    AndrewVolz, Feb 22, 2005
    #10
  11. bper

    bper Corporal

    HJT fixed the duplicate nav32. It runs better now, but still not very good. It would appear that more memory is needed to get better performance.

    ccApp.exe seems to have trouble ending when shutting down XP. 'Ending Program ccApp.exe' appears 2X at every shutdown.
     
    bper, Feb 22, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    More memory is always good but it is not always as signifcant of an improvement as many think. I have found that many applications use memory based upon a percent that is available. So doubling your memory will not mean you will have twice as much free after you install the memory. Applications like Symantec/Norton and McAfee antivirus programs have become too resource hungry and that does not just mean memory either. They are CPU intensive too.

    Check to make sure you AV is not trying to access a floppy disk drive upon shut down. That has been know to cause problems.
     
    chaslang, Feb 22, 2005
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds