win xp programs freezing up

Discussion in 'Software' started by gracie312, Mar 1, 2006.

  1. gracie312

    gracie312 Private First Class

    I've had a problem with programs freezing up online and offline. I'm running several spyware and virus programs so I don't think that's the problem. Can someone help me diagnose the problem?
     
  2. Mada_Milty

    Mada_Milty MajorGeek

    Sorry, how many antivirus applications do you have installed? You should have only one, or there could be conflicts.
     
  3. gracie312

    gracie312 Private First Class

    I'm running Norton anti virus, Microsoft anti spyware and Zone alarm. But I've been running these together for quite a while now and the problem just started a few days ago.
     
  4. Mada_Milty

    Mada_Milty MajorGeek

    At the time of one of the crashes, hit ctrl+shift+esc. This will bring up the task manager. Make sure that the processes tab is selected. What is listed there?
     
  5. gracie312

    gracie312 Private First Class

    It's a long list but here goes....
    imapi.exe
    nero.exe
    Nero Smart Start.exe
    iexplore.exe
    fxssvc.exe
    vsmon.exe
    gcastDtServ.exe
    wdfmgr.exe
    svchost.exe
    Navapsvc.exe
    hpwuSched2.exe
    FastTVSync.exe
    zlclient.exe
    gcasServ.exe
    juched.exe
    Navapw.exe
    hpcmpmgr.exe
    mmtask.exe
    spoolsv.exe
    explorer.exe
    svchost.exe Local
    svchost.exe Owner
    svchost.exe System
    svchost.exe System
    Isass.exe
    services.exe
    winlogin.exe
    csrss.exe
    smss.exe
    System
    System Idle Process
     
  6. Mada_Milty

    Mada_Milty MajorGeek

    When Backdoor.Lala runs, it does the following:

    1. Copies itself as %System%\Pntask.exe.

    NOTE: %System% is a variable. The Trojan locates the system folder and copies itself to that location. The default location is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

    2. Creates the file, %System%\Hnsys32.dll (11,776 bytes in size). Symantec antivirus products detect this file as Keylogger.Trojan.

    3. Creates the file, %Windir%\Bnlgt32.exe (46,298 bytes in size). Symantec antivirus products detect this file as Backdoor.Trojan.

    NOTE: %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

    4. Adds the value:

    "PNtask Services" = "%System%\pntask.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Trojan starts each time you start Windows.

    5. Deletes the value:

    "WindowsMGM"

    from the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    6. Looks for the file, Winmgm32.exe, in the %Windows% and %System% directories, and deletes it if found.

    NOTE: This is the filename and registry key that the W32.Sobig.A@mm worm uses.

    7. Launches the program, %System%\Mmtask.exe, if it exists.

    Can we confirm that this is not the case? Do you use Music Match?
     
  7. gracie312

    gracie312 Private First Class

    Music Match is installed but says it was last used on 4/14/05.
     
  8. Mada_Milty

    Mada_Milty MajorGeek

    What programs cause the hangs? Are there any error messages?

    Check the event logs at the time of one of the hangs (right click my computer, and select manage) They are under 'Event Viewer'. Are there any red x's or yellow exclamation marks? If so, what is the event id number and source?
     
  9. gracie312

    gracie312 Private First Class

    Well so far today the ones that froze were HP Record Now, Nero Smart Start, the HP support page and the task manager. (I was trying to copy some CD's)At one point I couldn't even re-start the pc. I'll check the error logs when it happens again and post it them. The problem is sort of intermitant(sp?). It may help to know some of the things that I've done lately. I just re-installed a cable modem, and last week I installed Office XP, Word Perfect 11, and Quicken 2006. I also installed the microsoft update which included SP2 although I have since uninstalled this one because I've had problems with it in the past. If I think of anything else I'll post it. Thanks for your help in the meantime......Chris
     
  10. gracie312

    gracie312 Private First Class

    Okay, I checked the event log. There are quite a few red X's. They all have ID #'s 1001 or 1002, and the source says application hang. There are also some yellow exclamations with the source as Userenv and the ID's are either 1517 or 1524, and a couple have Winmgmt as the source and 63 is the ID. There are also alot of errors and warnings under the security tab in event viewer. Most of which pertain to my CDROM.
     
  11. Wait is mmtask.exe running when musicmatch was never clicked on during a boot. Because i have musicmatch jukebox too and even though it is version 9, I see no program called mmtask.exe anywhere in it. Even when running. I cannot install ten though because i have windows 2000. But regardless. I think you have the worm mada is talking about.
    -the new tech guy
     
  12. gracie312

    gracie312 Private First Class

    What worm? And how do I find out if I have it and get rid of it? I uninstalled Music Match yesterday and mmtask is not showing up in task manager processes today. Does this make a difference or is the damage already done?
     
  13. Insomniac

    Insomniac Billy Ray Cyrus #1 Fan

    mmtask.exe was probably related to MusicMatch.

    However, I suggest you pay a visit to the Malware Forum and follow their recommendations in the stickies.
     
  14. Maybe later i will verify on the newer computer with windows xp pro on it and that pc has the latest version of musicmatch installed. But i have a feeling its a worm.
    -the new tech guy
     
  15. gracie312

    gracie312 Private First Class

    I went to the Malware forum and followed the instructions on the sticky and everything seems ok so far. Thanks to everyone for all the help.
     
  16. Insomniac

    Insomniac Billy Ray Cyrus #1 Fan

    You're welcome and good work.

    If you have any other issues, or need to know anything, post back.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds