I came across an interesting one in the last few days. This system was a Windows XP system with current updates – SP3, IE 8…. and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually found and removed two suspect files, but that didn’t seem to sole the sluggishness. The web browser (internet explorer) would take what seemed like a minute or so to respond to any action. One thing I discovered is that Internet explorer 8 can behave VERY slowly if there are a lot of sites in the restricted zone. (Spybot S&D immunization puts lot’s of sites in restricted zones.) So, I found a way to remove them all and retry and things seemed quicker, but… after running for 15-20 minutes the system really started to become unresponsive and so I had to start looking for another cause…. services.exe was running at 99% cpu or 100% cpu from time to time and the memory footprint was growing – the high mark I saw was 350MB of memory in use for it (!)
Tag: services.exe
-
Cleaning up after WMF exploit third party boot disc
At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:\windows\inet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001