|
-
Dec 20th, 2002, 07:28 AM
#1
Thread Starter
Need-a-life Member
Process' Parent - 100% CPU Usage
I've realized that some process is shelling the CMD, and each time the CMD appears in the TaskList the CPU usage goes to a hundred percent. Is there anyway to detect who is shelling it?
Last edited by Mc Brain; Dec 20th, 2002 at 08:17 AM.
Emiliano F. Martín
 If a post has helped you then please Rate it! (and give the user points he/she deserves by clicking on the  image).
Encourage the person who helped you to keep doing it, and give him the points he deserves.
MP3 Organizer: Freeware to logically organize all your MP3s.
-
Dec 20th, 2002, 10:11 AM
#2
Frenzied Member
If you pass the hWnd of the console window either Get_Ancestor or iterate thru GetParent calls:
Code:
Private Declare Function GetAncestor Lib "user32.dll" (ByVal hwnd As Long, ByVal gaFlags As Long) As Long
Private Declare Function GetParent Lib "user32" (ByVal hwnd As Long) As Long
Private Const GA_ROOT = 2
Private Sub Form_Load()
Dim ParenthWnd_1 As Long
Dim ParenthWnd_2 As Long
ParenthWnd_1 = GetAncestor(Text1.hwnd, GA_ROOT)
ParenthWnd_2 = GetParent(Text1.hwnd)
Me.AutoRedraw = True
Me.Print "Parent of the textbox: " + CStr(ParenthWnd_2)
Me.Print "Root ancestor of the textbox: " + CStr(ParenthWnd_1)
Me.Print "This form's handle: " + CStr(Me.hwnd)
End Sub
-
Dec 20th, 2002, 10:48 AM
#3
Thread Starter
Need-a-life Member
That will be hard!! The cmd stays opened like a second or two. Anyway... I've studied the TaskList and realized that two processes were created when the 100% CPU Usage started. So, I started looking which one was the second one.... and I found that the file is net.exe
Holy c**p!! Wouldn't be a virus?? I'm scanning my system now, and the stupid antivirus (who should have been resident avoiding the infection) says that the WORM/NIMDA.E was found in dozens of files.
I'll let you know the results... and if this was the problem.
Emiliano F. Martín
If a post has helped you then please Rate it! (and give the user points he/she deserves by clicking on the image).
Encourage the person who helped you to keep doing it, and give him the points he deserves.
MP3 Organizer: Freeware to logically organize all your MP3s.
-
Dec 20th, 2002, 11:05 AM
#4
Thread Starter
Need-a-life Member
Bad Antivirus
BTW.... neverr, in your whole life, spend a dime on this antivirus. I had a discussion some months ago, with a file which I knew it was a virus (even because Symantec on its site stated exactly what the file should do, and the subject of the email, name of the file, etc.). I've sent this file to them because my antivirus said that was clean. I got an answer from them stating that the file was harmless.
I agreed with them at that part. It was harmless, but the file created some keys on the registry (to be run the next tiem you boot), copies itself to the Windows folder and when you reboot, it starts and sends himself to all your address book. Apparently, that was not a virus for this antivirus tech support.
So, I tested the EXE (since I knew thanks to Symantec that the virus was rather stupid and harmless).... and got the keys created, the file copied, etc. I had a big fight with them by email in which I included the Run's registry key branch exported (previous the virus and post it), the file created in the Windows folder, etc... but they almost ignored me. Obviously, I deleted the file from the Windows folder and the registry before rebooting, so the virus wasn't spread.
And now... this. To sum up, Never, ever buy MultiVac, or TabGuard or any other antivirus (with similar features) this people do
Emiliano F. Martín
If a post has helped you then please Rate it! (and give the user points he/she deserves by clicking on the image).
Encourage the person who helped you to keep doing it, and give him the points he deserves.
MP3 Organizer: Freeware to logically organize all your MP3s.
-
Dec 20th, 2002, 11:27 AM
#5
-
Dec 20th, 2002, 11:57 AM
#6
Thread Starter
Need-a-life Member
Thanks, MartinLiss... I'll have a look at that virus too. Anyway, I cannot see any key like that one in the registry. This is what I have:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"iamapp"="D:\\Archivos de programa\\Norton Personal Firewall\\IAMAPP.EXE"
"Iomega Startup Options"="D:\\Archivos de programa\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="D:\\Archivos de programa\\Iomega\\DriveIcons\\ImgIcon.exe"
"WheelMouse"="D:\\ARCHIV~1\\A4Tech\\Mouse\\Amoumain.exe"
"QuickTime Task"="C:\\WINNT\\System32\\qttask.exe"
"Disc Detector"="D:\\Archivos de programa\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="C:\\WINNT\\Updreg.exe"
"AudioHQ"="D:\\Archivos de programa\\Creative\\SBLive2k\\AudioHQ\\AHQTB.EXE"
"LoadQM"="loadqm.exe"
"AppPlus"="D:\\Archivos de Programa\\AppPlus\\AppPlus.exe"
"T@B Guard"="c:\\solinfo\\load_nt.exe"
"TaskReg"="C:\\WINNT\\system32\\w32com.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
Emiliano F. Martín
If a post has helped you then please Rate it! (and give the user points he/she deserves by clicking on the image).
Encourage the person who helped you to keep doing it, and give him the points he deserves.
MP3 Organizer: Freeware to logically organize all your MP3s.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
2009 - 2016