CPU usage by "avcom.exe"

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I am working on a Windows XP Home Ed. PC. I have removed thousands of
spyware/adware files from it and it seems relatively clean at this point,
however, it is still running very sluggishly. I found a program being loaded
in the registry, run key called avcom.exe. If deleted from the key it reloads
itself. It also appears in the runonce key with a reload designation that
also reappears if deleted. It shows as a process in the Task Mgr that is
cycling from 0 to about 70% CPU usage constantly in about 5 sec. intervals. I
cant find any reference to this file or its purpose online. Anyone have any
ideas? It doesnt show up as spyware with either AdAware, Spybot, or Bazooka
nor was it ID'd with a full system scan from McAfee. Is this a Windows file?
Thanks. ChuckM@optonline.net
2 answers Last reply
More about usage avcom
  1. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    The correct way to remove spyware is to let the software do it. Spyware is
    virtually impossible to remove manually. If you try, you only make it
    difficult, if not impossible, for the software to identify it.

    Spyware is notoriously difficult to remove completely. Furthermore, if you
    indeed removed "thousands" of spyware files, the computer was severely
    compromised and it is very unlikely that it will ever work properly again.
    After an infection of that magnitude, the safest course is a clean install.

    Avcom.exe is not a Windows system file.
    --
    Ted Zieglar


    "Chuck Mueller" <Chuck Mueller@discussions.microsoft.com> wrote in message
    news:C3E51AF5-759C-4DD3-98BC-15D0BF795E9C@microsoft.com...
    > I am working on a Windows XP Home Ed. PC. I have removed thousands of
    > spyware/adware files from it and it seems relatively clean at this point,
    > however, it is still running very sluggishly. I found a program being
    loaded
    > in the registry, run key called avcom.exe. If deleted from the key it
    reloads
    > itself. It also appears in the runonce key with a reload designation that
    > also reappears if deleted. It shows as a process in the Task Mgr that is
    > cycling from 0 to about 70% CPU usage constantly in about 5 sec.
    intervals. I
    > cant find any reference to this file or its purpose online. Anyone have
    any
    > ideas? It doesnt show up as spyware with either AdAware, Spybot, or
    Bazooka
    > nor was it ID'd with a full system scan from McAfee. Is this a Windows
    file?
    > Thanks. ChuckM@optonline.net
  2. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    On Wed, 8 Dec 2004 11:27:03 -0800, "Chuck Mueller" <Chuck
    Mueller@discussions.microsoft.com> wrote:

    >I am working on a Windows XP Home Ed. PC. I have removed thousands of
    >spyware/adware files from it and it seems relatively clean at this point,
    >however, it is still running very sluggishly. I found a program being loaded
    >in the registry, run key called avcom.exe. If deleted from the key it reloads
    >itself. It also appears in the runonce key with a reload designation that
    >also reappears if deleted. It shows as a process in the Task Mgr that is
    >cycling from 0 to about 70% CPU usage constantly in about 5 sec. intervals. I
    >cant find any reference to this file or its purpose online. Anyone have any
    >ideas? It doesnt show up as spyware with either AdAware, Spybot, or Bazooka
    >nor was it ID'd with a full system scan from McAfee. Is this a Windows file?
    >Thanks. *email_address_deleted*

    Chuck,

    What tools have you been using to remove spyware? If the computer is still
    running sluggishly, then maybe you have only removed the symptoms of the
    spyware.

    Have you posted a HijackThis log, for expert advice, anywhere? You will
    probably get more useful advice from the experts at one of the security forums,
    than you will here.

    Start by downloading each of the following additional free tools, if you haven't
    already:
    AdAware <http://www.lavasoftusa.com/>
    CWShredder <http://www.majorgeeks.com/download4086.html>
    HijackThis <http://www.majorgeeks.com/download.php?det=3155>
    LSP-Fix <http://www.cexx.org/lspfix.htm>
    WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
    Spybot S&D <http://www.safer-networking.org/index.php?page=download>
    Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
    TrendMicro Engine <http://www.trendmicro.com/download/dcs.asp>
    TrendMicro Signatures <http://www.trendmicro.com/download/pattern.asp>
    TrendMicro Instructions <http://www.trendmicro.com/ftp/products/tsc/readme.txt>

    Create a separate folder for HijackThis, such as C:\HijackThis - copy the
    downloaded file there. Create a separate folder for the two TrendMicro files,
    such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
    AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
    downloaded programs can be copied into, and run from, any convenient folder.

    First, run Stinger. Have it remove any problems found.

    Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
    it fix all problems found.

    Next, disable System Restore.
    <http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
    Boot your computer into Safe Mode.
    http://support.microsoft.com/?id=315222
    Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
    computer, and re enable System Restore.

    Next, run AdAware. First update it, configure for full scan
    (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
    scanning finishes, remove all Critical Objects found.

    Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
    delete everything ("Fix Problems") that is displayed in Red.

    Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
    HJT Log.
    <http://forums.spywareinfo.com/index.php?showtopic=227>
    <http://forums.spywareinfo.com/index.php?showtopic=11150>

    Finally, have your HJT log interpreted by experts at one or more of the
    following security forums (and please post a link to your forum posts, here):
    Aumha: <http://forum.aumha.org/index.php>
    Net-Integration: <http://forums.net-integration.net/>
    Spyware Info: <http://forums.spywareinfo.com/>
    Spyware Warrior: <http://spywarewarrior.com/index.php>
    Tom Coyote: <http://forums.tomcoyote.org/>

    If removal of any spyware affects your ability to access the internet (some
    spyware builds itself into the network software, and its removal may damage your
    network), run LSP-Fix and / or WinsockXPFIx.
    (Also) Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
Ask a new question

Read More

Windows XP