I have a PC problem

Started by jamesraykenney, November 21, 2011, 04:40:07 PM

Previous topic - Next topic

jamesraykenney

A few days ago, I started noticing my machine getting VERY slow. Slow as in I move the mouse and have to wait 2 or 3 seconds for the mouse to start moving!
I clicked on process lasso, and the process lasso task was taking over 80% !
The core engine was taking the rest.
If I shut it down and start it up again, whan I click on it, it show the red line jump from the bottom of the graph to the top and the green line take a 160 to 70 to 80 deg dip untill it is at 10% or less!
I managed to get it to upgrade to the latest beta but that did not help.
What could be the problem?

I have checked the dma mode on my HDs as that was a problem a while ago that was quickly fixed by clearing the reg entries controlling hd mode and letting the system recreate them.
I have fixed a few other machines at work that way. That increased my speed by almost 4 to 5 TIMES... A heads up to anyone with a sudden slowdown!
MOD EDIT: Not recommended for casual users, or Vista or above.. or even 2K/XP users, except in rare cases.

But this latest slowdown does not seem to be IO related.


My machine is XP sp3
AMD Athlon xp 2800+
2.08 GHz 2.00GB RAM

Jeremy Collake

#1
There is no way that Process Lasso and its core engine would be consuming that many CPU cycles under any circumstances not influenced by third-party software (e.g. malware or other).

It sounds like you may have malware or something that is injecting itself into other processes, and acting 'within them'. This is common for malware, as that way they don't have a process of their own. If it were me, I would recommend a full reinstall of your OS to ensure you have a safe environment. Of course, that must be done by a trained technician, and you must have a full backup of your data before proceeding. When restoring your data, be very careful, else you might restore a rootkit or other malware.

Seriously, there is no way Process Lasso or its core engine is going to every consume that much CPU under any circumstances other than malware or something else operating within its process context. If you feel PL is responsible, uninstall it for a while and see what happens.

You may also want to use the current final, in case that somehow helps whatever situation is going on there. I honestly have no answer for this.
Software Engineer. Bitsum LLC.

hanemach_gt

#2
Quite possible (if about malware infection), that AutoRun feature let to infect. I suggest to set NoDriveTypeAutoRun in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer to 0xDF. This will disable AutoRun for everything but CD-ROM devices. Reboot is required for it to take effect. Speaking of that, I assume to apply this tweak on fresh system install, as malware may cause it to be re-enabled.
<img src="[url="http://imageshack.com/a/img913/7827/On37F9.gif"]http://imageshack.com/a/img913/7827/On37F9.gif[/url]"/>

Jeremy Collake

Yes, though of course once a rootkit gets installed, you are hopeless. That's why there is no sure way other than an OS reinstall.
Software Engineer. Bitsum LLC.

hanemach_gt

That's why I respect malware fighters, as they have terribly hard job. These AutoRun infections are the vast majority I suppose, since most people do not care on what is going on when plugging in an pendrive.
<img src="[url="http://imageshack.com/a/img913/7827/On37F9.gif"]http://imageshack.com/a/img913/7827/On37F9.gif[/url]"/>

jamesraykenney

The problem is, that I AM the technician... :-) This machine started out at SP ZERO and has data spread out so many places that I could never be sure of re-installing it all. I was in fact planning on creating an image of the main and secondary drive and making a virtual xp machine on my win7x64 machine.

Autorun has been disabled for years.

Many of the programs were installed off of floppy!, One or two off of 5.25" floppy! I even have data on magnetio-optical drives that there are no longer any drivers for. I am on my 3rd motherboard in fact!

I have ran most of the common root kit checkers, but have not found anything yet. I guess it is time to bring out the heavy hitters as this has to be fixed... It is a mission critical machine and must be kept running.

By the way, without Process Lasso running, it is at least usable, if slow.

Wish me luck!

Jeremy Collake

Process Lasso v5.1.0.22 is an essential update if you are using a Symantec (e.g. Norton) or Comodo security product, and perhaps others as well. Some of their intrusion detection technologies are very sensitive and prevent Process Lasso from interacting with them to retrieve even some of the most basic metrics. Worst, their API hooks make it appear as though Process Lasso is the consumer of CPU cycles actually consumed by their intrusion detection technologies emission of unending numbers of duplicate log events. Multiple security products are affected by this phenomenon, some unaffected, and some affected but handle it well.
Software Engineer. Bitsum LLC.

jamesraykenney

Thanks for the heads up.
I am running Microsoft Security Essentials, after having given up on Symantic/Norton and years ago, switching to AVG until they started getting bloated, then to Avira.
Just to try it out, I have been running the trial version of Webroot Secure Anywhere alongside MSE for the last month.

Do you know if Webroot or MSE have the same problems???

Given that the ProcessLasso does seem to stop using the processor after a few hours, that sounds like a possible virus scan problem.

airborne

You should never have more than one antivirus installed.
Its like asking for problem.  ;)

Jeremy Collake

Microsoft Security Essentials (MSE) is definitely 100% compatible with Process Lasso. I will investigate WebRoot and see if it has any features that may be problematic with Process Lasso. I apologize that you've seen this problem. In almost all cases I track the cause to some other application not playing so nice. It seems some applications think they 'own' your PC as soon as you install them, literally. I am *not* speaking of Webroot, I have not even looked at it. I am speaking of anonymous other applications I can't mention.

If Webroot shows any problems, I will let you know. Of course, the cause may still be something else, as it sounds very strange to me. However, Webroot *would* probably be something that would inject code into *all* running processes in order to accomplish its goals. Therefore, this does make it a candidate for possible interoperability issues that could result in a scenario like what you saw.

airborne is correct though, never run two overlapping security products on the same PC. It is a recipe for disaster. Many newer security products suggest or force uninstallation of other security products due to this.
Software Engineer. Bitsum LLC.

jamesraykenney

Webroot SAID that it was fully compatible with all other anti-virus/malware/spyware software. I had a known infection that webroot was the only known fix for, and it worked very well to remove it. I left it running concurrency just to see whether it was as compatible as they claimed it was.
My trial period ends today, so now will be the start of a good test...

Jeremy Collake

Let us know how it goes, I'm curious on this issue still.
Software Engineer. Bitsum LLC.