Halting virus running extra processes

Hi,
I only got my new vista laptop a few months ago however recently it has been whirring constantly and running slower than it's elderly predecessor. I have done numerous virus scans (Spybot, Ad-aware, Windows Defender and Norton) but they only ever pick up the odd tracking cookie, but I'm sure there is something more wrong somewhere.

I did a google search today of all the processes running in my task manager (as it is using ~80% memory permanently nowadays) to see if anything was a virus and found that I had two csrss.exe processes (one using just over 1k memory and one just under) and no less than 12 svchost.exe! Even I could see that was not right! The svchost.exe processes were each using between about 120 and 42k memory, adding up to over 70k usage and their users varied (system, local service, network service) so I could not easily identify the fake ones and do not know how to remove the virus.
I looked online and it said that the real one would be in C:\windows\system32 but all 12 claimed to be in that folder as well as all claiming to have been created at the same time.

I also found a process called wininit.exe which I think may also be a virus but my antivirus softwares are not picking it up.

Does anyone have any advice about removing the virus and the fake csrss.exe and svchost.exe files? My computer is driving me insane going this slow!

 

Hi Doodlez
Welcome to Major Geeks!

It is not uncommon to have a number of svchost files running at the same time. Are you using Norton Ghost? Have you been using Nortons since you first got your computer or did you install it later? Much as I love certain things about it, it is a notorious resource hog. In task manager ...right click Wininit and see if you can delete it ...if so it is not a virus, if a legit file, you will get a warning message.

If you would like for us to check your computer for malware, please follow our instructions and links in the READ & RUN ME FIRST. I think you will find this helpful, and if you have malware, you should find some relief from the symptoms as you work through the instructions. Throughout, there are special notes for Windows Vista users. Please keep your eyes open for those!

abri

 

Thanks Abri.

I don't have Norton Ghost, I have NIS 2007 which I installed as a trial which came on my computer pretty much straight away and then subscribed recently.

I have gone through the READ & RUN ME FIRST thread and done all the scan etc and am attaching the logs.

Any advice would be much appreciated.

 

Hijackthis and CounterSpy logs attached...

 

Ad-aware SE log attached...

 

Hi Doodlez!
sorry, it took some time to get back to you. Please do the following and then I will get back to you again.


We are finished with CounterSpy now. Please go to add/remove programs and uninstall:

- Sunbelt CounterSpy

Then delete the below folders which may be left behind by the uninstall:

C:\Documents and Settings\Jane C\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Please tell me if you had any difficulties running this version of HijackThis and please post a fresh hijackthis log.


abri