Weirdest thing...
Last night I booted my home machine. It started ok, but once I logged on it was dog slow. "Whut", says I, "this is strange".
Task Manager showed that one process, InoRT.exe, was using 99% of the CPU, but there's no hard drive activity. InoRT.exe, that's supposed to be the antivirus program. Hm, this is suspicious. I reboot, and still see the same symptom. At this point I'm more annoyed than worried, because I actually backed up everything interesting just this weekend.
Now I disable the network connection and let the process run for a while. No change. I then kill InoRT.exe; start Spybot S&D to scan; enable the network connection again so I can get updates for Spybot S&D (when did I even run that last? Can't remember); disable the network connection and start scanning. The scan shows one entry I've never seen before:
n-Case is it? Never heard of. I start my second machine to do some research, and find plenty of references to it - turns out it some kind of spyware. How did that get there? I've applied all patches; I don't run as admin, and my surfing habits aren't very... interesting.
I keep reading and learn about the expected symptoms, how to remove it manually etc. Only what I read doesn't match up. I haven't seen any unexpected ads on the machine. The reg key that was reported, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\schedulingagent, points to C:\WINDOWS\System32\mstask.exe and I can see that this file hasn't been tampered with. I start looking for the other files that should be involved in n-Case, but can't find them.
As I'm looking around, I notice that I'm kinda low on disk space though - only about 2GB free on a 120GB partition. Ok, let me delete some F1 races I recorded this summer...
...hey could that be the problem, low disk space...?
...so I free up 30GB in a few minutes, reboot, and - fancy that - all seems ok.
Lessons learned - 1) having a recent backup helps preventing panic, 2) don't assume the worst, 3) don't save old F1 races when you know that you won't watch them more than once...
This posting is provided "AS IS" with no warranties, and confers no rights.
Comments
- Anonymous
November 03, 2004
Make you wonder about windows Security, its internet/network footprint, I am assuming that you are running WIndows XP SP 2 with security enhancements. I have the same problem at home from time to time. I use Spybot Search and Destroy version 1.3 with updates and Ad-Aware SE V.1.05 with latest definitions, after Service pack 2 It is better specifially with the stuff spybot finds as they enhanced the widnows firewall but more needs done. I do feel for you but in a way I think that you now see the frustration that users of Windows XP even those with Service Pack 2 all patches and updates feel. My Imagine that times about 1000 for people with no security firewall/antivirus ect. I recently took off 700 pieces of Adware (using Ad-Aware) and over 130 pieces of Spyware (Spybot Search & Destroy). I installed Sp 2 turned on his firewall and showed them how to use windows Update 5 and conviced him to pay for automatic updates for his antivirus and now they are down to about 12 or so pieces a week with most being tracking cookies. My point is We should not have to do all this work just so we can keep a clean and happy computer. We should turn off unnecessary services, lock them down when they are on. I was a beta tester for WIndows XP SP 2 and WIndows Update 5 these are steps in the right direction but are not the total solution.
My 2 cents.
Tom Stack
Windows Upate 5, XP SP 2, Norton 2005 beta tester. - Anonymous
November 03, 2004
The comment has been removed