Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4222
  • Last Modified:

vmiprvse.exe is running my processor at 100% csrss will not shut down

I have an XXXXP pro sp2 fully patched machine (on a domain) that is running at 100% due to vmiprvse.exe and spoolsvc?.  I can not disable it becasue it is a network service and keeps coming back.  I do not have ran scans for viruses and malware to no avail.  Every solution I find points me to server 2003 and I am having the problem with an XP machine.

If I can add one more issue I am having an error box pop up involving csrss.exe and I can not shut it down either.

I ran chkdsk/f and it is still running at an incredible speed, always 100%.

Any solutions will be appreciated
0
solonyinc
Asked:
solonyinc
  • 4
  • 3
  • 2
  • +3
1 Solution
 
SheharyaarSaahilCommented:
the genuine windows processes are wmiprvse.exe and spoolsv.exe
the ones which you have listed above can be related to trojans/worms/viruses

Please run this online virus scanner
http://housecall.trendmicro.com/

if still the problem persisits, download hijackthis
http://www.softpedia.com/get/Antivirus/Trend-Micro-HijackThis.shtml

scan and save a log file, post the log here
0
 
dreamyguyCommented:
here's a test i want u to try.
go to start-->run--services.msc

find the "print spooler" service and stop it. Does that bring any relief?
for wmiprvse, go to the command prompt try the following steps

cd %windir%\system32\wbem
for /f %s in ('dir /b *.dll') do regsvr32 /s %s
wmiprvse /regserver
winmgmt /regserver

and then reboot the machine.

Hope this helps!
0
 
SysExpertCommented:
See the list below, and run at least the Hijackthis program.

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com 

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start
--------

I hope this helps !
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
solonyincAuthor Commented:
Thanks everyone.  So far I ran the housecall colutioin and it did detect something and my processor suddenly slowed down dramatically but the scan did not finish becasue I got some dirty power and my UPS shut down my machine. :-(

I am going to delpoy the other solutions as well asn wee where it takes me.  Thanks to all and I will get back to everyone and let you know what happened.  The microsoft technical community could no thelp me but I got an answer here in 5 minutes.  This seems to be well worth the investment.

I am always looking for solutions for my company and for my customers so I'll be back.
0
 
SheharyaarSaahilCommented:
:)
0
 
solonyincAuthor Commented:
Here is the file from HiJackThis.  I have beene running housecall ALL day and it is not done yet.  About 6 hours so far.  Suddenly I can not access the task manager to see what the performance is.  I get an error saying "the administrator disabled taskmanager" but that ain't so.

I am gonna try other solutions as well.  This computer is runnig VERY sluggish.
2GB memory and a pentium 4 processor
0
 
orangutangCommented:
Have you tried safe mode.
0
 
SheharyaarSaahilCommented:
yeps, run the scan under safemdoe with networking if you can access insternet from there
0
 
solonyincAuthor Commented:
Thanks yall.  That is exactly what I am doing right now
0
 
solonyincAuthor Commented:
My fellow colleagues:

I went to the services comsole and stopped the "Windows  Management Instrumentation" service and my processor is now running at 25% maximum.  Maybe this is it and maybe it ain't.  I will keep everyone abreast but I KNOW I need to reformat.  it has been over a 2 years.

BTW I tried the housecall.trendmisro solution and it did not run becasue the processor was so busy.  I went into safe mode with networking and ran it and it DID find monitoring cookies and  atrojan.  It did NOT auto delete/clean the file but it gave me a clue as I deleted the infected files manually.  Superspy sotware found different cookies to delete but that was about it.  I am not touching registry cleaner due to a really bad experience I had so I will not thouch them.

I will keep you posted. I hope I found my solution!
0
 
dreamyguyCommented:
good! i dont trust reg cleaners too :)
0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now