2 Instances of Services.exe running on Task Manager, one of which uses up 100% CPU


I've got a Windows 2000 machine on my domain that has suddenly developed 2 instaneces of services.exe running in Task Manager. One of the services.exe uses up little RAM or CPU time whereas the other max's out the CPU 99% all the time.

I've checked the location of both serivces and it's running from the WINNT\System32 folder, so nothing strange there.

I've virused scanned the PC (even though it's protected by a centrally distrubuted AV program) and go no results.

I've ran a sfc \scanow and again, this didn't turn up anything.

I really don't want to reinstall the OS from scratch, can anyone suggest anything? The only short term fix i've managed for this is using Security Task Manager (a seperate download) in order to end the 99% process.

Who is Participating?
Irwin SantosComputer Integration SpecialistCommented:
You got spyware

Download and Install.

Copy and paste your log to:

Look for NASTIES and post your results here
Download Ewido, http://www.ewido.net/en/download/, install, open program, check for updates, restart computer, press F8 before windows logo appears, select safe mode, open Ewido, run full system scan. let Ewido delete all it finds, if anything is called serious by Ewido, disable Norton's Goback, and run Ewido again.
EncamsAuthor Commented:
F3 - REG:win.ini: run=c:\winnt\system\services.exe    

Unknown   the following information has been found about this entry: .
   Unknown application.

 O4 - HKLM\..\Run: [Services] C:\WINNT\System32\drivers\media\cat32\services.exe    

Nasty   Added as a result of the ALETS VIRUS! Note - this is not the valid Windows Service Controller (services.exe) process
Hit rate: 80,77 % (result)
   Must be fixed!

O4 - HKLM\..\Run: [mapwin32] C:\WINNT\system\services.exe    
Hit rate: 0,00 % (result)
   Unknown application.

O4 - HKCU\..\Run: [Windows Compliant] winole.exe    
Nasty   O4 - HKLM..Run: [Windows Compliant] winole.exe
Hit rate: 100,00 % (result)
   Must be fixed!

These are the only ones that show up as possibly nasty or have services.exe in the description.

C:\WINNT\System\services.exe doesn't exist in filemanager, nor does C:\WINNT\System32\drivers\media\cat32\services.exe

Shall i remove all those enteries then try the Ewido program?  
Irwin SantosComputer Integration SpecialistCommented:

FIX in Hijack first.. then run Ewido
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

EncamsAuthor Commented:

Think it was the Hijack this that solved it although the Ewido picked up 1 java object.

Can you recommend a good anti-malware ot anti-spyware program that i can run from a central location like my WSUS server and my AV control center?
EncamsAuthor Commented:
Thanks for the quick reponse btw :)
Irwin SantosComputer Integration SpecialistCommented:
cool.  thank you!

SpyDoctor is highly rated.. though currently I have both Ewido & Windows Defender running.  None of these are bulletproof.. though I found that Ewido fixed most of the malware items.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.