Friday, October 10, 2008

Vista thinking too much

Recently I had a problem with Vista. It would be accessing the hard drive and using CPU time, bogging down my computer, at times when I was using it myself. I assumed this was some of Vista's "helper" proccesses, such as search indexing, and was quite annoyed that it would be running those sort of things while I was using the computer.

Hypothesis: I strongly suspected Vista itself, running some proccess to "assist" me or something.

Test: I started closely monitering the resource moniter window (new in Vista, and I really like it) for things running when they shouldn't be, hoping through the disk access or proccesser time use that I would be able to catch who was using the resources.

Result: This method worked, but at the same time proved invalid my original hypothesis. I found the proccess that was using resources, actually I caught it in the Network section, but it wasn't a silly Vista helper proccess - it was rundll32.exe. Knowing what I do about rundll32.exe, I knew that the real culprit was adware or spyware. I was having problems with my virus scanner, so I had disabled it previously. I now went back to there website, and found out that for some reason they had changed the 64bit version from 3.0 back to 2.7, perhaps the 3.0 wasn't working on 64bit and that's why the spyware or adware had gotten through in the first place, and why it was giving me problems before.

I uninstalled the antivirus version 3.0, installed the newly downloaded version 2.7, and ran a scan. It quickly found several infections of an adware program, in memory and on disk. It made the necessary fixes and I restarted. Now I have a running antivirus / spyware and adware remover and I haven't had any problems since.

Conclusion: If your Vista seems to be accessing the hard drive or using the internet more than it should be, you most likely have spyware or adware. You can access the resource moniter by pressing Ctrl-Shift-Esc, going to the Performance tab, and clicking the Resource Moniter button partway down the page. If a rundll32.exe proccess accesses the hard disk or more particularly the internet, it's almost certain. rundll32.exe is very often used by viruses, adware, and spyware to hide under a seemingly legitimate proccess. Keep in mind however that rundll32.exe is in fact a Windows proccess and is used by legitimate programs at times, including windows itself.

Also, if you are using the same antivirus that I am (ESET NOD32, see a previous blog) under a 64-bit environment, make sure you are using 2.7 and not 3.0, at least as of this writing.

Here's a page explaining in greater detail the Resource Moniter and it's uses. It's a pretty good article.

http://articles.techrepublic.com.com/5100-10878_11-6121730.html

4 comments:

Rachel said...

I didn't actually read this whole post, but Abe said you wanted comments on your blog. I'm happy you read mine-- and I would love to see you put on a diaper and try to pick up on the ladies.

QT said...

lawl i don't blame you for not reading the whole thing. unless you had the particular problem, i'm pretty sure it would b boring to anyone

Abe said...

GIB MEH VISTAS BOY!!!
P.S.The "word verification" thingy required to post is annoying. Why don't they do the math thinger instead and make you do:
3+4-2=?

QT said...

Because computers can do math? hence the whole purpose of the word verification would be null and void. and if you had a blogger account and were logged into it, you wouldn't have to do a word verification.

Lesson learned: have a blog.