Running processes - so many!

Discussion in 'NZ Computing' started by Mrs Beeble Brock, Oct 26, 2004.

  1. Hi again guys, now that I have Net Meter running (thanks Chris) I can
    see internet traffic happening even when I have no browser open.

    Is it possible to see from my running processes whether I've got clever
    spyware that would be accounting for huge volumes of traffic?

    This is what I have - some means nothing to me and other names I can
    guess at but maybe something here will jump out at at one of you
    experts. Processes I know are legit are marked with a - in front. I have
    no idea what the others are. Obviously I had all applications closed
    when I did this capture.

    System Idle Process,0,99 , 1:30:29,16 K
    System,8,00 , 0:00:04,220 K
    smss.exe,144,00 , 0:00:00,376 K
    csrss.exe,172,00 , 0:00:04,"1,344 K"
    winlogon.exe,192,01 , 0:00:01,"1,400 K"
    services.exe,220,00 , 0:00:00,"6,296 K"
    lsass.exe,240,00 , 0:00:00,652 K
    - FileBX.exe,300,00 , 0:00:00,"5,560 K"
    - WFXCTL32.EXE,480,00 , 0:00:00,"14,404 K"
    svchost.exe,496,00 , 0:00:00,"4,072 K"
    spoolsv.exe,532,00 , 0:00:00,"5,184 K"
    ccEvtMgr.exe,560,00 , 0:00:00,"4,332 K"
    SAgent2.exe,652,00 , 0:00:00,"3,644 K"
    svchost.exe,664,00 , 0:00:00,"10,264 K"
    hidserv.exe,696,00 , 0:00:00,"1,620 K"
    - KodakCCS.exe,720,00 , 0:00:00,"2,852 K"
    - navapsvc.exe,752,00 , 0:00:01,"1,008 K"
    nvsvc32.exe,800,00 , 0:00:00,"2,348 K"
    ptssvc.exe,864,00 , 0:00:00,"3,044 K"
    regsvc.exe,888,00 , 0:00:00,976 K
    - MSTask.exe,924,00 , 0:00:00,"5,048 K"
    ScsiAccess.EXE,944,00 , 0:00:00,872 K
    orvwsrzd.exe,1024,00 , 0:00:00,"3,920 K"
    stisvc.exe,1068,00 , 0:00:00,"1,724 K"
    - Tablet.exe,1116,00 , 0:00:00,"2,464 K"
    - WFXMOD32.EXE,1132,00 , 0:00:00,"10,352 K"
    - WFXSVC.EXE,1148,00 , 0:00:00,"3,804 K"
    WinMgmt.exe,1168,00 , 0:00:02,"3,908 K"
    mspmspsv.exe,1188,00 , 0:00:00,"1,808 K"
    svchost.exe,1204,00 , 0:00:00,"6,916 K"
    point32.exe,1288,00 , 0:00:00,"4,712 K"
    - taskmgr.exe,1304,01 , 0:00:00,"3,496 K"
    - InCD.exe,1500,00 , 0:00:00,"5,608 K"
    - wfxsnt40.exe,1512,00 , 0:00:00,"1,452 K"
    - Explorer.EXE,1524,00 , 0:00:02,"2,864 K"
    - NetMeter.exe,1548,01 , 0:00:00,"4,612 K"
    - MSGTAG.exe,1552,00 , 0:00:00,"3,060 K"
    RunDll32.exe,1608,00 , 0:00:00,"2,252 K"
    - FreeWheel.exe,1656,00 , 0:00:00,"2,364 K"
    - FileEx.exe,1820,00 , 0:00:00,"2,656 K"
    ccApp.exe,1884,00 , 0:00:00,"10,628 K"
    - TextGrabber.exe,1908,00 , 0:00:00,"2,424 K"
    Mrs Beeble Brock, Oct 26, 2004
    #1
    1. Advertising

  2. On Tue, 26 Oct 2004 13:56:23 +1300, Mrs Beeble Brock wrote:

    > Hi again guys, now that I have Net Meter running (thanks Chris) I can
    > see internet traffic happening even when I have no browser open.
    >
    > Is it possible to see from my running processes whether I've got clever
    > spyware that would be accounting for huge volumes of traffic?
    >
    > This is what I have - some means nothing to me and other names I can
    > guess at but maybe something here will jump out at at one of you
    > experts. Processes I know are legit are marked with a - in front. I have
    > no idea what the others are. Obviously I had all applications closed
    > when I did this capture.
    >
    > System Idle Process,0,99 , 1:30:29,16 K
    > System,8,00 , 0:00:04,220 K
    > smss.exe,144,00 , 0:00:00,376 K
    > csrss.exe,172,00 , 0:00:04,"1,344 K"
    > winlogon.exe,192,01 , 0:00:01,"1,400 K"
    > services.exe,220,00 , 0:00:00,"6,296 K"
    > lsass.exe,240,00 , 0:00:00,652 K
    > - FileBX.exe,300,00 , 0:00:00,"5,560 K"
    > - WFXCTL32.EXE,480,00 , 0:00:00,"14,404 K"
    > svchost.exe,496,00 , 0:00:00,"4,072 K"
    > spoolsv.exe,532,00 , 0:00:00,"5,184 K"
    > ccEvtMgr.exe,560,00 , 0:00:00,"4,332 K"
    > SAgent2.exe,652,00 , 0:00:00,"3,644 K"
    > svchost.exe,664,00 , 0:00:00,"10,264 K"
    > hidserv.exe,696,00 , 0:00:00,"1,620 K"
    > - KodakCCS.exe,720,00 , 0:00:00,"2,852 K"
    > - navapsvc.exe,752,00 , 0:00:01,"1,008 K"
    > nvsvc32.exe,800,00 , 0:00:00,"2,348 K"
    > ptssvc.exe,864,00 , 0:00:00,"3,044 K"
    > regsvc.exe,888,00 , 0:00:00,976 K
    > - MSTask.exe,924,00 , 0:00:00,"5,048 K"
    > ScsiAccess.EXE,944,00 , 0:00:00,872 K
    > orvwsrzd.exe,1024,00 , 0:00:00,"3,920 K"
    > stisvc.exe,1068,00 , 0:00:00,"1,724 K"
    > - Tablet.exe,1116,00 , 0:00:00,"2,464 K"
    > - WFXMOD32.EXE,1132,00 , 0:00:00,"10,352 K"
    > - WFXSVC.EXE,1148,00 , 0:00:00,"3,804 K"
    > WinMgmt.exe,1168,00 , 0:00:02,"3,908 K"
    > mspmspsv.exe,1188,00 , 0:00:00,"1,808 K"
    > svchost.exe,1204,00 , 0:00:00,"6,916 K"
    > point32.exe,1288,00 , 0:00:00,"4,712 K"
    > - taskmgr.exe,1304,01 , 0:00:00,"3,496 K"
    > - InCD.exe,1500,00 , 0:00:00,"5,608 K"
    > - wfxsnt40.exe,1512,00 , 0:00:00,"1,452 K"
    > - Explorer.EXE,1524,00 , 0:00:02,"2,864 K"
    > - NetMeter.exe,1548,01 , 0:00:00,"4,612 K"
    > - MSGTAG.exe,1552,00 , 0:00:00,"3,060 K"
    > RunDll32.exe,1608,00 , 0:00:00,"2,252 K"
    > - FreeWheel.exe,1656,00 , 0:00:00,"2,364 K"
    > - FileEx.exe,1820,00 , 0:00:00,"2,656 K"
    > ccApp.exe,1884,00 , 0:00:00,"10,628 K"
    > - TextGrabber.exe,1908,00 , 0:00:00,"2,424 K"


    you can check some of these at:

    http://startup.iamnotageek.com/

    All of those processes look okay to me at a quick glance.

    have a look at Hijack this:

    http://www.spywareinfo.com/~merijn/

    You have to be careful that some processes are legit system processes such
    as winlogon.exe. Some virus/spyware start processes with the same names
    but they are running under the logged on user and not the System user.

    Some apps such as Norton's like to dial home as it were..


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
    wogers nemesis, Oct 26, 2004
    #2
    1. Advertising

  3. Mrs Beeble Brock

    Chris Mayhew Guest

    Mrs Beeble Brock wrote:
    > Hi again guys, now that I have Net Meter running (thanks Chris) I can
    > see internet traffic happening even when I have no browser open.
    >
    > Is it possible to see from my running processes whether I've got clever
    > spyware that would be accounting for huge volumes of traffic?
    >
    > This is what I have - some means nothing to me and other names I can
    > guess at but maybe something here will jump out at at one of you
    > experts. Processes I know are legit are marked with a - in front. I have
    > no idea what the others are. Obviously I had all applications closed
    > when I did this capture.
    >
    > System Idle Process,0,99 , 1:30:29,16 K
    > System,8,00 , 0:00:04,220 K
    > smss.exe,144,00 , 0:00:00,376 K
    > csrss.exe,172,00 , 0:00:04,"1,344 K"
    > winlogon.exe,192,01 , 0:00:01,"1,400 K"
    > services.exe,220,00 , 0:00:00,"6,296 K"
    > lsass.exe,240,00 , 0:00:00,652 K
    > - FileBX.exe,300,00 , 0:00:00,"5,560 K"
    > - WFXCTL32.EXE,480,00 , 0:00:00,"14,404 K"
    > svchost.exe,496,00 , 0:00:00,"4,072 K"
    > spoolsv.exe,532,00 , 0:00:00,"5,184 K"
    > ccEvtMgr.exe,560,00 , 0:00:00,"4,332 K"
    > SAgent2.exe,652,00 , 0:00:00,"3,644 K"
    > svchost.exe,664,00 , 0:00:00,"10,264 K"
    > hidserv.exe,696,00 , 0:00:00,"1,620 K"
    > - KodakCCS.exe,720,00 , 0:00:00,"2,852 K"
    > - navapsvc.exe,752,00 , 0:00:01,"1,008 K"
    > nvsvc32.exe,800,00 , 0:00:00,"2,348 K"
    > ptssvc.exe,864,00 , 0:00:00,"3,044 K"
    > regsvc.exe,888,00 , 0:00:00,976 K
    > - MSTask.exe,924,00 , 0:00:00,"5,048 K"
    > ScsiAccess.EXE,944,00 , 0:00:00,872 K
    > orvwsrzd.exe,1024,00 , 0:00:00,"3,920 K"
    > stisvc.exe,1068,00 , 0:00:00,"1,724 K"
    > - Tablet.exe,1116,00 , 0:00:00,"2,464 K"
    > - WFXMOD32.EXE,1132,00 , 0:00:00,"10,352 K"
    > - WFXSVC.EXE,1148,00 , 0:00:00,"3,804 K"
    > WinMgmt.exe,1168,00 , 0:00:02,"3,908 K"
    > mspmspsv.exe,1188,00 , 0:00:00,"1,808 K"
    > svchost.exe,1204,00 , 0:00:00,"6,916 K"
    > point32.exe,1288,00 , 0:00:00,"4,712 K"
    > - taskmgr.exe,1304,01 , 0:00:00,"3,496 K"
    > - InCD.exe,1500,00 , 0:00:00,"5,608 K"
    > - wfxsnt40.exe,1512,00 , 0:00:00,"1,452 K"
    > - Explorer.EXE,1524,00 , 0:00:02,"2,864 K"
    > - NetMeter.exe,1548,01 , 0:00:00,"4,612 K"
    > - MSGTAG.exe,1552,00 , 0:00:00,"3,060 K"
    > RunDll32.exe,1608,00 , 0:00:00,"2,252 K"
    > - FreeWheel.exe,1656,00 , 0:00:00,"2,364 K"
    > - FileEx.exe,1820,00 , 0:00:00,"2,656 K"
    > ccApp.exe,1884,00 , 0:00:00,"10,628 K"
    > - TextGrabber.exe,1908,00 , 0:00:00,"2,424 K"

    You could try google, and work your way through the list. "csrss.exe",
    for example, according to a google search, shows that it is part of
    windows, as well as part of some spyware, key loggers, and worms - in
    these cases they are using a file name the same as a "trusted" source
    (windows) to lead people to believe that it's OK to leave it there. You
    have to be able to figure out what it's actually doing.

    Maybe you could look at your firewall log - look for programs that are
    accessing the internet when you know your not using the internet. It
    maybe an idea to close your email etc while not at the computer so as to
    discount those programs when looking at the loggs.

    With regard to Net Meter, the previous version of the program didn't
    appear to be keeping proper totals, though the latest version appears to
    have fixed this bug. It is still only beta software though.


    --
    Chris Mayhew, Oct 26, 2004
    #3
  4. Mrs Beeble Brock

    mario Guest

    Mrs Beeble Brock wrote:
    > Is it possible to see from my running processes whether I've got clever
    > spyware that would be accounting for huge volumes of traffic?


    Have a look at http://www.blackviper.com/WinXP/service411.htm

    It seems quite a good site. I've found it helpful for cutting back on
    the number of services running in XP.

    mario
    mario, Oct 26, 2004
    #4
  5. Mrs Beeble Brock

    Hans Moleman Guest

    Hans Moleman, Oct 26, 2004
    #5
  6. Mrs Beeble Brock

    Max Burke Guest

    > Hans Moleman scribbled:

    >> Mrs Beeble Brock wrote:
    >> csrss.exe,172,00 , 0:00:04,"1,344 K"


    > you may have the new WORM_BUCHON.B virus.
    > Good news is it's easy to remove.
    > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUCHON.B


    csrss - csrss.exe - Process Information
    Process File: csrss or csrss.exe
    Process Name: Microsoft Client/Server Runtime Server Subsystem

    Description:
    csrss.exe is the main executable for the Microsoft Client/Server Runtime
    Server Subsystem. This process manages most graphical commands in Windows.
    This program is important for the stable and secure running of your computer
    and should not be terminated.
    For More Detailed Information Click Here...


    What is csrss.exe? Is csrss.exe spyware or a virus?
    http://www.neuber.com/taskmanager/process/csrss.exe.html


    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Oct 26, 2004
    #6
  7. So here's an interesting thing. I went to the link you suggested and ran
    a House Call free scan. Found six viruses and trojans (none of them the
    worm you mentioned) which I've deleted.

    But Norton AV never found them despite having done a live update and
    full system scan 10 minutes earlier. Makes me wonder what the point of
    Norton is exactly, other than costing money and making me rip my hair
    out whenever I need to talk to them.

    Hans Moleman wrote:
    > Mrs Beeble Brock wrote:
    >
    >
    >> csrss.exe,172,00 , 0:00:04,"1,344 K"

    >
    >
    > you may have the new WORM_BUCHON.B virus.
    >
    > Good news is it's easy to remove.
    >
    > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUCHON.B
    >
    Mrs Beeble Brock, Oct 26, 2004
    #7
  8. Thanks guys, am working through each of these. Was surprised to find six
    intruders that Norton missed. Grrr.

    Mrs Beeble Brock wrote:

    > Hi again guys, now that I have Net Meter running (thanks Chris) I can
    > see internet traffic happening even when I have no browser open.
    >
    > Is it possible to see from my running processes whether I've got clever
    > spyware that would be accounting for huge volumes of traffic?
    >
    > This is what I have - some means nothing to me and other names I can
    > guess at but maybe something here will jump out at at one of you
    > experts. Processes I know are legit are marked with a - in front. I have
    > no idea what the others are. Obviously I had all applications closed
    > when I did this capture.
    >
    > System Idle Process,0,99 , 1:30:29,16 K
    > System,8,00 , 0:00:04,220 K
    > smss.exe,144,00 , 0:00:00,376 K
    > csrss.exe,172,00 , 0:00:04,"1,344 K"
    > winlogon.exe,192,01 , 0:00:01,"1,400 K"
    > services.exe,220,00 , 0:00:00,"6,296 K"
    > lsass.exe,240,00 , 0:00:00,652 K
    > - FileBX.exe,300,00 , 0:00:00,"5,560 K"
    > - WFXCTL32.EXE,480,00 , 0:00:00,"14,404 K"
    > svchost.exe,496,00 , 0:00:00,"4,072 K"
    > spoolsv.exe,532,00 , 0:00:00,"5,184 K"
    > ccEvtMgr.exe,560,00 , 0:00:00,"4,332 K"
    > SAgent2.exe,652,00 , 0:00:00,"3,644 K"
    > svchost.exe,664,00 , 0:00:00,"10,264 K"
    > hidserv.exe,696,00 , 0:00:00,"1,620 K"
    > - KodakCCS.exe,720,00 , 0:00:00,"2,852 K"
    > - navapsvc.exe,752,00 , 0:00:01,"1,008 K"
    > nvsvc32.exe,800,00 , 0:00:00,"2,348 K"
    > ptssvc.exe,864,00 , 0:00:00,"3,044 K"
    > regsvc.exe,888,00 , 0:00:00,976 K
    > - MSTask.exe,924,00 , 0:00:00,"5,048 K"
    > ScsiAccess.EXE,944,00 , 0:00:00,872 K
    > orvwsrzd.exe,1024,00 , 0:00:00,"3,920 K"
    > stisvc.exe,1068,00 , 0:00:00,"1,724 K"
    > - Tablet.exe,1116,00 , 0:00:00,"2,464 K"
    > - WFXMOD32.EXE,1132,00 , 0:00:00,"10,352 K"
    > - WFXSVC.EXE,1148,00 , 0:00:00,"3,804 K"
    > WinMgmt.exe,1168,00 , 0:00:02,"3,908 K"
    > mspmspsv.exe,1188,00 , 0:00:00,"1,808 K"
    > svchost.exe,1204,00 , 0:00:00,"6,916 K"
    > point32.exe,1288,00 , 0:00:00,"4,712 K"
    > - taskmgr.exe,1304,01 , 0:00:00,"3,496 K"
    > - InCD.exe,1500,00 , 0:00:00,"5,608 K"
    > - wfxsnt40.exe,1512,00 , 0:00:00,"1,452 K"
    > - Explorer.EXE,1524,00 , 0:00:02,"2,864 K"
    > - NetMeter.exe,1548,01 , 0:00:00,"4,612 K"
    > - MSGTAG.exe,1552,00 , 0:00:00,"3,060 K"
    > RunDll32.exe,1608,00 , 0:00:00,"2,252 K"
    > - FreeWheel.exe,1656,00 , 0:00:00,"2,364 K"
    > - FileEx.exe,1820,00 , 0:00:00,"2,656 K"
    > ccApp.exe,1884,00 , 0:00:00,"10,628 K"
    > - TextGrabber.exe,1908,00 , 0:00:00,"2,424 K"
    Mrs Beeble Brock, Oct 26, 2004
    #8
  9. Mrs Beeble Brock

    geoffm Guest

    On Tue, 26 Oct 2004 17:58:28 +1300, Mrs Beeble Brock
    <> wrote:

    >So here's an interesting thing. I went to the link you suggested and ran
    >a House Call free scan. Found six viruses and trojans (none of them the
    >worm you mentioned) which I've deleted.


    i found the same when I changed from an up to date Norton to Antivire
    (free). Found 3 virii, which Norton had missed. i was not impressed.
    To get the glowing reviews that Norton does they must buy a lot of
    advertising space. I have never had a program singlehandedly slow down
    a computer so much
    Geoff
    geoffm, Oct 26, 2004
    #9
  10. It's easier to just download Ad-Aware

    www.lavasoft.de

    and Spybot Search and Destroy

    http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

    these two are the most well recognised of the spyware scanners.

    Regarding Nortons - I don't think they make any pretence to scan for
    diallers, spyware etc - just "viruses".

    Suddenly, Mrs Beeble Brock sprang forth and uttered these pithy words:
    > Hi again guys, now that I have Net Meter running (thanks Chris) I can
    > see internet traffic happening even when I have no browser open.
    >
    > Is it possible to see from my running processes whether I've got clever
    > spyware that would be accounting for huge volumes of traffic?





    --
    aaronl at consultant dot com
    For every expert, there is an equal and
    opposite expert. - Arthur C. Clarke
    Aaron Lawrence, Oct 28, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jane Slee

    Running Processes in XP

    Jane Slee, Jan 17, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    433
  2. steve h.

    Realtime priority for running processes

    steve h., Jun 20, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    679
    steve h.
    Jun 20, 2004
  3. Borg Di Milos

    Detective work...running processes

    Borg Di Milos, Jun 21, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    912
    ┬░Mike┬░
    Jun 21, 2004
  4. WF
    Replies:
    12
    Views:
    722
  5. Kookaburra

    Too many Processes running in background

    Kookaburra, Sep 21, 2003, in forum: NZ Computing
    Replies:
    11
    Views:
    459
    Graymond
    Sep 24, 2003
Loading...

Share This Page