cpu at 100% system bogging down???

[twospoons]

well i've done quite a bit of searching across the NET for info on this one and can't seem to find much. so here's my situation...

winxp pro gets a virus... generic backdoor.trojan no specific information... evertime i open IE, norton pops up with a message virus found, can't quarantine, can't delete access denied... the file was logmgi.dll in the system32 dir. i used the move on boot util to delete the file. no more norton messages... all viruses gone...

now cpu usage often spikes to 100% and slows the system down to a crawl... usually when trying to use the internet... and i'm constantly getting this VSS error:

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 8/12/2004
Time: 8:45:52 AM
User: N/A
Computer: TOM-HELTON
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 31 33 00 00 00 00 2113....
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 30 37 38 00 00 00 00 2078....

i've tried stopping the service... doesn't help... rebooting helps for a little while then cpu right back to 100%... i've read a coupla things that say to try repairing the windows installation

but i want to know EXACTLY what did or is causing this so as to avoid it in the future.

 

[s0121]

I have not seen this error.. but still sounds like you have a TROJAN, Viruii, or some other ??Ware. Suuggest you
get more than one. Trojan Cleaner, Ad-ware remover, and Anti Virii cleaner. I use 3 in reference. A2 Trojan cleaner, FREE, Ad-Ware by LavaSoft (FREE) and Symantec Corp Edition AV. (NOT FREE).. turnoff your Internet Service, Turnoff the Firewall, TURNOFF "RESTORE". Turnoff SHADOW COPY Service. Reboot, then RUN all the above or your choice of SIMULAR types.. when you system is CLEAN..
restore all the above..that you turned-off. restore Internet Service. Then check your SLUGGY SYSTEM...Hope this helps..

Frank Smith irc.dhcnetwork.com

SomeWhere in Kansas Near Dodge City

 

[twospoons]

yes, i have cleaned the system... adware/norton corp ed... i have only found a handful of references to this error and NO references to the logmgi.dll file... so my only solution at this point is to repair/reinstall windows...

btw, windows does run and runs fairly well except that the system jumps to 100% processor usage every so often... i have check the list of processes running and found nothing out of the ordinary... killing explorer.exe and new tasking explorer.exe will save me from rebooting... but its really annoying!

 

[s0121]

314867 - You receive an "Explorer.exe has generated errors and ...
You receive an "Explorer.exe has generated errors and will be closed by
Windows" error message. View products that this article applies to. ...
support.microsoft.com/ default.aspx?scid=kb;EN-US;Q314867

If not the above try the below:

Advertising Spyware: DLDER.EXE, Explorer.exe trojan (ClickTillUWin ...
Advertising Spyware: DLDER.EXE, Explorer.exe Trojan, ClickTillUWin. ... Be sure you are
not deleting Windows Explorer, which is located at C:\Windows\Explorer.exe.

Frank Smith irc.dhcnetwork.com

SomeWhere in Kansas Near Dodge City

 

[TekTippy4U]

thread779-900279

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[twospoons]

hmmmm... like i said there aren't any "known" viruses or adware still on the system... i'm gonna try out the a2 free scanner today and see what happens.

 

[s0121]

This is reference to LOGMGR.DLL

This article was previously published under Q229613
SYMPTOMS
When Microsoft SQL Server is used with an XA-compliant resource manager (for example, Oracle, IMB DB2, or Informix), the Dtcxatm.log file can grow quite large. For example, it is possible for files to reach several hundred MB in size. Therfore, when recovery is performed, Microsoft Distributed Transaction Coordinator (DTC) reads through the entire log file. This can lead to extremely long recovery times.
CAUSE
This problem occurs because of an error in the way that space is reclaimed in the log file.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack

The following files were modified in Windows NT 4.0 Service Pack 5 to fix this problem:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

The following files were modified in Windows NT 4.0 Service Pack 5 to fix this problem:

Name Date Time Size
Dtccm.dll 4/22/99 12:04p 110,864
Dtcxatm.dll 4/22/99 12:04p 162,064
Logmgr.dll 4/22/99 12:04p 59,664
Msdtcprx.dll 4/22/99 12:04p 189,712
Msdtctm.dll 4/22/99 12:04p 456,976
Mtxoci.dll 4/22/99 12:04p 69,904

STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 5.

Frank Smith irc.dhcnetwork.com

SomeWhere in Kansas Near Dodge City

 

[twospoons]

the file i was having issues with was logmgi.dll NOT logmgr.dll. i'm not using any kind of Microsoft SQL Server and i'm not using any Windows NT 4.0.

here is the info from the symantec system center virus history list:

logmgi.dll
C:\WINDOWS\SYSTEM32\

Virus name: Backdoor.Trojan
Computer: computername
User: username
Action taken: Left alone
Status: Infected
Current location: C:\WINDOWS\SYSTEM32\
Date found: 7/20/2004
Scan type: Realtime scan
Set action: Quarantine infected file
Set backup action: Delete infected file

 

[TekTippy4U]

twospoons;
GAIN, GATOR, COMET, KAZAA
aren't considered virii
you have to manually UNINSTALL THE PROGRAM!

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[twospoons]

GAIN, GATOR, COMET, KAZAA aren't installed on the system.

 

[gpalmer711]

It is possible this virus damaged your com+ configuration. Take a look at

http://www.microsoft.com/technet/su...m&lcid=1033&evtid=8193&evtsrc=vss&prodver=5.2

there is a link at the bottom that discusses a fix.

Greg Palmer
Free Software for Adminstrators

http://www.palmersoft.co.uk

 

[TekTippy4U]

Turn off Windows Indeaing Service

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[twospoons]

TekTippy4U: if you are just going to post random suggestions please do so elsewhere... if there is a reason behind your suggestion please say so... i'm not of the mind of just blindly following down paths that don't have a clear motive... and so far that is all you have contributed to this thread.

gpalmer711: thanks for the link... i'm trying that now.

s0121: thanks for the info on the a2 free scanner... i just finished running that and it found two files that norton and adware did not detect:

C:\WINDOWS\SYSTEM32\taskmgn.exe not-virus:Hoax.Win32.Likesurf and
C:\WINDOWS\SYSTEM32\telnetxp.exe Trojan.Win32.Dialer.ce

 

[TekTippy4U]

twospoons;
better to be rational than delve into nonsense;

hmmmm... like i said there aren't any "known" viruses or adware still on the system...

Yeah ; I'm randomly guessing.....

Goodbye sweetheart

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[s0121]

After doing much research on "logmgi.dll" and finding next to nothing... I suggest "rename it to logmgi.dl_ then reboot. REASON: I find nothing relevant that uses that dll.
in my searches...an since it seems to be the PROBLEM that also will/should tell you what if any program needs it.



Frank Smith irc.dhcnetwork.com

SomeWhere in Kansas Near Dodge City

 

[twospoons]

like i said in the first post... i already deleted the logmgi.dll... after that i started getting this issue of the 100% cpu useage... i never said that one caused the other or that they were in any way related... just stating the course of events that led up to the current problem... i will check with the user again tomorrow to see if the a2free scanner fixed the problems, thanks.

 

[Wxguesser]

This sounds more like ??ware than a virus. Poorly written mal ware will eventually slow the computer down to a crawl. If the machine runs normally when not connected to the net, I suspect it is definatly mal ware.

If Adaware and a2free don't find it, I recommend using Spybot Search and Destroy. It's still free for now and it does catch things that Adaware misses.

Just my .02

Jim W.

 

[bcastner]

There is an orderly process to cleaning malware. Try the first or last FAQ below as a start:

FAQ608-4650 Before Posting a Hijack log file - Best Practices
FAQ608-3482 How to beat your advertising popups & other browser nasties
FAQ760-4866 Beginners General Cleanup
FAQ779-5240 What are Good Virus/Spyware?Update/Firewall Practices?

 

[gpalmer711]

After reading your original post again I see that the error message used to appear after opening IE. In that case it is likely that the Trojan was attached to IE as A Browser Help Object (BHO)
If this is the case it would explain why browsing is causing the 100% CPU problem. IE is probably doing a recursive search for the file it is expecting for the BHO, in this case logmgi.dll.

Try the ToolBar Cop software from

http://www.mvps.org/sramesh2k/toolbarcop.htm

This will check to see if any BHO's are installed, if there are any that were not installed by you or the user then remove them.

This may solve the problem for you.

Greg Palmer
Free Software for Adminstrators

http://www.palmersoft.co.uk