# Background Processes



## eddiemac (Dec 6, 2004)

I am running XP Home. My Task Manager tells me there are 51 processes running. I would like to shut down some of the proceses to get to a reasonable number, but I don't know which are necessary.

I have antivirus and firewall software running, so I am figuring I don't want to mess with any of these background files (or do I?), but things related to my printer, for example, I would think were OK to shut off.

What is the best way to tell what files can be terminated without having problems with your printer, antivirus, firewall, online programs or other programs?

Question 2:
While I am asking, what do you do when McAfee tells you at startup that it has detected a virus, yet scans come up empty? I have deleted restore points, but still get the message?

I was looking for a good place to pose these questions when I remembered that this forum had a computer section. It appears that several here are pretty knowledgable in this area as well.


----------



## MinConst (Oct 16, 2004)

eddiemac said:


> My Task Manager tells me there are 51 processes running. I would like to shut down some of the proceses to get to a reasonable number.
> 
> Windows is not exacty a resonable OS. The processes running on your system are probably all required. If you want to shut down some things you would close the program. This will free up some resources. Shutting down processes is not a good idea. The object of Task Manager is to close unresponsive programs. I just looked and I have 56. Let me ask why you want to do this. Computer running slow? Mot enough memory? some other reason?
> Check your startup folder and get rid of things in there that you might not want running. It is much safer.
> For the Macfee virus warning. I would go to Macfee.com and look it up. It might be a bogus warning that they know about.


----------



## Neil_K (Dec 11, 2004)

I've got a bunch, too. Are you having performance issues? 

Regarding your virus, try turning off system restore and then clean the virus. System restore keeps putting it back! Right-click on "My Computer" and select Properties. Then click the system restore tab and put a check in "turn off system restore". Clean the virus, then reboot and check again.


----------



## eddiemac (Dec 6, 2004)

*Virus Issue*



Neil_K said:


> I've got a bunch, too. Are you having performance issues?
> 
> Regarding your virus, try turning off system restore and then clean the virus. System restore keeps putting it back! Right-click on "My Computer" and select Properties. Then click the system restore tab and put a check in "turn off system restore". Clean the virus, then reboot and check again.


I turned off System Restore, deleting all restore points. I thought this would do it, but when I rebooted, I still got the message. The confusing part is that there seems to be no virus to clean. I run McAfee's scan and get a message indicating that no infected files were found.

The same thing was occurring when I used Norton, but Norton told me the name of the virus(es) that were found, but that it could not fix them. (I changed to McAfee because my Norton subscription ended about the same time AOL was giving free McAfee.)

As suggested by someone in the thread, I will go to the McAfee site to see if there is a FAQ related to this. In the meantime, any other suggestions would be appreciated.

Sorry for the long post (especially for a new guy), but I wanted to be as complete as I could in giving the info.


----------



## Neil_K (Dec 11, 2004)

what virus is it telling you it found on startup? 

Also, when you run the scan after the computer has started, please make sure that you are scanning "All files" and not just "default files".


----------



## eddiemac (Dec 6, 2004)

*Virus Problem*



Neil_K said:


> what virus is it telling you it found on startup?
> 
> Also, when you run the scan after the computer has started, please make sure that you are scanning "All files" and not just "default files".


McAfee doesn't tell me, but when I had Norton, it told me a couple names. I recall netbus.trojan as being one of them. Norton's message said the file could not be accessed.

When I run the scan, I run it on the entire system. I leave everything checked.


----------



## Neil_K (Dec 11, 2004)

I found some info on netbus on Symantec's Security Response site. the following are characteristics of at least one version of netbus:

* Creates and runs the registry file Extrac16.reg from the \Windows folder. This file contains settings for Netbus so that it will run stealth. 
* Inserts the Netbus Pro executable file in the Temp folder, normally \Windows\Temp. The name of the file can change, but it will always start with Pkg and end with .exe. For example, the name could be PKGd7g8.exe or Pkg22c4.exe. 
* Creates a "Netbus Server Pro" value in the Windows registry at:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

This ensures execution on reboot. 
* Executes the Netbus Pro executable. Due to the fact that the information from the registry file has been applied prior to Netbus being executed, no activity appears on the screen. 

Please search for PKG????.EXE  or PKG?????.EXE  on your C drive. Also, navigate to the registry key mentioned above using REGEDIT and see if netbus is there.

Let me know what you find...


----------



## PipeGuy (Oct 8, 2004)

Neil_K said:


> Also, navigate to the registry key mentioned above using REGEDIT and see if netbus is there..


 Eddie- I regularly use a freeware app called HijackThis to scan my registry. It can compile some very useful, printable, reports about the entries and even identify entries that may be unwanted. You can find a download source for HijackThis by searching on the name. I got a really nasty bug last year and HiJackThis took me a long way towards fixing it.


----------



## Neil_K (Dec 11, 2004)

Good call, PipeGuy. Spyware removal tools will most likely remove the registry entry and posssibly the program too. I've also seen Spybot Search & Destroy work. 

The newer versions of McAfee also detect spyware, but I don't know that it cleans the registry like some other tools.


----------



## PipeGuy (Oct 8, 2004)

Since my last bug I've been able to stay clean with regular bathing using SpyBot S&D, AdAware and HiJackThis. I think I also have my Norton AV / IS subscription configured better than I did before catchinhg the bug. Knock on wood


----------



## Grumpy (Oct 8, 2003)

go to www.tweakxp.com 

They tell you what services you can safely shut down and exactly how to do it without causing and damage. It's fairly easy really. I have all my computers tweaked.


----------



## eddiemac (Dec 6, 2004)

Thanks to all who have responded so far. I am still working on the virus situation, and have decided to let the background processes go as is for a while. I was able to eliminate a good number of startup items, which seems to have helped performance issues.

I went to McAfee's site (navigating that can be a pain), and I couldn't find what I was looking for. I also searched for PKG????.EXE and PKG?????.EXE, along with any variants and pieces I could think of, and came up empty. 

I also went to -komando.com-, the website for Kim Komando, which directed me to the HijackThis program mentioned by Pipeguy. I was already running Spybot S&D, and intend to run AdAware as well. She has downloads for all of these. I also found a program there called CWShredder, which eliminates a specific spybot called the CoolWeb Search. There is another program which has to be downloaded first if the shredder doesn't run properly, which was the case with me. It found a CoolWeb variant, and I ran Shredder. It found and eliminated CW.mole, but now Shredder won't run again, so I seem to be back at square one. (Ain't these virus writers fun guys?)

Anyway, I am getting help from -spywareinfo.com-. They are going to analyze my registry log from HijackThis to determine what needs to be done next. I am still open to suggestions.


----------



## Neil_K (Dec 11, 2004)

doing the searches were probably for a specific variance of the netbus trojan. If its any consolation, you probably don't have it. :cheesygri 

The reason for the error at startup and not when the system is runing is because there is something in your startup. After thinking about it and reading the other replies, it most likely is spyware. McAfee picks it up when the program is run, but doesn't find it afterwards because it is hidden as something else in your startup. Pretty clever, it copies the spyware from a file, then runs it.

Spybot or CWShredder or Hijaak this should take care of most, but I've seen one or two that just wouldn't go away.

Of course, you want to get rid of the problem, not hear about it. Are you comfortable with the registry? I'd like to see whats in your system startup. Please do this:

1. Open the system registry and navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2. Right-click on the Run folder and then left-click on Export. Give it a file name and change the file type to Text file. Make sure you know where it's saving it!
3. Close regedit.
4. Open the text file and copy/paste it here. 


If you don't want it public, you can send me a private message. 

You can also do google searches for the file names under the "Data" column. If the search takes you to a spyware removal site, you can click on the "Name" and delete it.

Keep us posted.


----------



## Sarah9910 (Sep 27, 2004)

*McAffee Virus Scanning*

Hi Edie:

We often find that many anti-virus software programs that you pay for miss infected files that some of the free anti-virus programs catch. Try avg or avast or spybot for dowloads of free-anti virus software. These programs caught virus' that Norton didn't catch for me. Also, that virus could be in your boot files..maybe run the scan in safe mode, or better yet, take it in to someone somewhere who is a professional at clean up. It's worth it.

Sarah


----------



## eddiemac (Dec 6, 2004)

Virus problem fixed. I have spent the last few days at SpywareInfo.com.

I posted my question there, and once someone was able to get to it, it was fixed in a matter of hours. The holidays are maybe not the best time to have these problems, especially when they get zillions of requests.

I did a HijackThis log, posted it, and someone went through and told me what to do.

A phenomenal site if you are having virus/spyware problems.


----------



## Neil_K (Dec 11, 2004)

Glad you got rid of your infection!


----------

