Help Needed

Hey there, after formatting twice Im still having issues,

Still have lsass.exe running giving me 60 second shutdown message when closed,but no scan is picking up the sasser worm. Plus im still occasionally getting svchost.exe taking up all the cpu.

Any help would be appreciated. Thanks

 

I should add that ive also run Ccleaner, Microsoft Windows Malicious Software Removal Tool, Ad-Aware SE, Spybot Search & Destroy as well as Counterspy, and gone through the registry myself to remove any suspicious entries. However every time i connect to the net, after a certain amount of time svchost start going nuts. Also, through process explorer ive seen svchost has opened up command prompt, and also ftp.exe, as well as strangling my net by sending out packets. I think ive fixed most of it but as i mentioned above svchost is still going nuts and no scan seems to be able to pick up/fix the problem.

 

Cheers chaslang!

Yeah I know I should be SP4 but since I reformatted ive had phenomenal issues trying to update to because im on dial up. This is an issue because by the time its halfway through downloading the pack, svchost has gone nuts and if i get all the way through the download the only way i can free up cpu to unpack the files to install it is by resetting svchost through process explorer, but this generally leads to other problems anyway, as when I did this two days ago the install didnt work properly and I couldnt repair windows, so inevitably had to format. I'll give SP4 another go tonight as the system seems to be running a bit better, and i'll let you know.

A couple of questions though, should LSASS.exe be running from startup? The only time its giving me 60second shutdown message is if i manually end it so it's not too much of a problem but I'm curious? Also that file (setup_71367.exe) doesnt seem to exist, so I assume it's gone if it was there. Also is there a downloadable version of SP4 that is offline installable, ie. a simple self extractor rather than running through microsofts downloader? If not any idea where the temporary SP4 files are downloaded to? Because I believe in order for the installation to be successful I'm going to have to do it after freshly rebooting, but if I do this currently I lose the downloaded setup files?

As I write this Norton has just picked up C:\WINNT\system32\qvbo.exe infected with w32.linkbot, only I cant find the file through explorer so I can't manually delete it, and Norton can't fix it, any thoughts?

Thanks heaps for the help its very much appreciated, sorry my posts are sort of all over the place its been a long time since ive done this sort of shit haha ~