Sign in with
Sign up | Sign in
Your question

CPU usage by "avcom.exe"

Last response: in Windows XP
Share
Anonymous
December 8, 2004 2:27:03 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I am working on a Windows XP Home Ed. PC. I have removed thousands of
spyware/adware files from it and it seems relatively clean at this point,
however, it is still running very sluggishly. I found a program being loaded
in the registry, run key called avcom.exe. If deleted from the key it reloads
itself. It also appears in the runonce key with a reload designation that
also reappears if deleted. It shows as a process in the Task Mgr that is
cycling from 0 to about 70% CPU usage constantly in about 5 sec. intervals. I
cant find any reference to this file or its purpose online. Anyone have any
ideas? It doesnt show up as spyware with either AdAware, Spybot, or Bazooka
nor was it ID'd with a full system scan from McAfee. Is this a Windows file?
Thanks. ChuckM@optonline.net

More about : cpu usage avcom exe

Anonymous
December 8, 2004 6:07:31 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

The correct way to remove spyware is to let the software do it. Spyware is
virtually impossible to remove manually. If you try, you only make it
difficult, if not impossible, for the software to identify it.

Spyware is notoriously difficult to remove completely. Furthermore, if you
indeed removed "thousands" of spyware files, the computer was severely
compromised and it is very unlikely that it will ever work properly again.
After an infection of that magnitude, the safest course is a clean install.

Avcom.exe is not a Windows system file.
--
Ted Zieglar


"Chuck Mueller" <Chuck Mueller@discussions.microsoft.com> wrote in message
news:C3E51AF5-759C-4DD3-98BC-15D0BF795E9C@microsoft.com...
> I am working on a Windows XP Home Ed. PC. I have removed thousands of
> spyware/adware files from it and it seems relatively clean at this point,
> however, it is still running very sluggishly. I found a program being
loaded
> in the registry, run key called avcom.exe. If deleted from the key it
reloads
> itself. It also appears in the runonce key with a reload designation that
> also reappears if deleted. It shows as a process in the Task Mgr that is
> cycling from 0 to about 70% CPU usage constantly in about 5 sec.
intervals. I
> cant find any reference to this file or its purpose online. Anyone have
any
> ideas? It doesnt show up as spyware with either AdAware, Spybot, or
Bazooka
> nor was it ID'd with a full system scan from McAfee. Is this a Windows
file?
> Thanks. ChuckM@optonline.net
December 8, 2004 9:50:04 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

On Wed, 8 Dec 2004 11:27:03 -0800, "Chuck Mueller" <Chuck
Mueller@discussions.microsoft.com> wrote:

>I am working on a Windows XP Home Ed. PC. I have removed thousands of
>spyware/adware files from it and it seems relatively clean at this point,
>however, it is still running very sluggishly. I found a program being loaded
>in the registry, run key called avcom.exe. If deleted from the key it reloads
>itself. It also appears in the runonce key with a reload designation that
>also reappears if deleted. It shows as a process in the Task Mgr that is
>cycling from 0 to about 70% CPU usage constantly in about 5 sec. intervals. I
>cant find any reference to this file or its purpose online. Anyone have any
>ideas? It doesnt show up as spyware with either AdAware, Spybot, or Bazooka
>nor was it ID'd with a full system scan from McAfee. Is this a Windows file?
>Thanks. *email_address_deleted*

Chuck,

What tools have you been using to remove spyware? If the computer is still
running sluggishly, then maybe you have only removed the symptoms of the
spyware.

Have you posted a HijackThis log, for expert advice, anywhere? You will
probably get more useful advice from the experts at one of the security forums,
than you will here.

Start by downloading each of the following additional free tools, if you haven't
already:
AdAware <http://www.lavasoftusa.com/&gt;
CWShredder <http://www.majorgeeks.com/download4086.html&gt;
HijackThis <http://www.majorgeeks.com/download.php?det=3155&gt;
LSP-Fix <http://www.cexx.org/lspfix.htm&gt;
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html&gt;
Spybot S&D <http://www.safer-networking.org/index.php?page=download...;
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger&g...;
TrendMicro Engine <http://www.trendmicro.com/download/dcs.asp&gt;
TrendMicro Signatures <http://www.trendmicro.com/download/pattern.asp&gt;
TrendMicro Instructions <http://www.trendmicro.com/ftp/products/tsc/readme.txt&g...;

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the two TrendMicro files,
such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.

Next, disable System Restore.
<http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...;
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
computer, and re enable System Restore.

Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150...;), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227&g...;
<http://forums.spywareinfo.com/index.php?showtopic=11150...;

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php&gt;
Net-Integration: <http://forums.net-integration.net/&gt;
Spyware Info: <http://forums.spywareinfo.com/&gt;
Spyware Warrior: <http://spywarewarrior.com/index.php&gt;
Tom Coyote: <http://forums.tomcoyote.org/&gt;

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
(Also) Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
!