Thanks to Darragh

oh man, not services.exe, one of our sites was hit by something very similar a while back.
ok, after running avg, try malwarebytes and then spybot, also do a disk clean of the c drive and remove all temp files and clear IE caches.
If you're still getting grief then maybe rolling back and doing a windows restore to a date before all this happened.
If that that doesnt do it then windows might be damaged, do a windoew repair using an installation cd, if not that then a clean install.
It might be a hardware issue, do you know what make of harddrive do you use, drives like maxtor seem to be very susseptible to going belly up, I once saw a stack 6 foot high of these in an office, amazing.

Dave pipped me to the post - but here's the advice I received from my brother, who is IT/security weenie in his office...

Malwarebytes Anti-malware is available at www.malwarebytes.org/mbam.php . It is not a general anti-virus program like McAfee or Norton or AVG; it's more of a specific-purpose tool. But it is available free of charge.

Take a look at the virus removal instructions on bleepingcomputer.com - www.bleepingcomputer.com/virus-removal/ ; that will help you to identify the cause a little better and give more specific instructions, But otherwise the general rule is as follows:

-Download Malwarebytes from www.malwarebytes.org/mbam.php on a clean (uninfected) computer and save to a disc or USB stick. Make sure it is a disc or stick that can be reformatted afterwards and if possible has a write-protect lock on it.

-Boot the infected computer into Safe Mode: press F8 just as the first Windows screen appears during boot to get into the Windows boot menu (start pressing it earlier, and press it repeatedly until the Windows boot menu appears). Select the option for Safe Mode (not Safe Mode with networking!)

-Install Malwarebytes. Remove the USB stick or disc used to install it; treat this stick or disk as possibly infected!

-Run Malwarebytes. Select Perform Full Scan, then press the Scan button. This can take a couple of hours to complete. Allow Malwarebytes to fix any threats it finds.

-Go into Internet Options - Start-Control Panel/Internet Options. Select the Connections tab, then the LAN Settings button. UNselect any tick beside Proxy server. Press OK twice to close the LAN settings and Internet options windows.

-Reboot the PC normally. Run Malwarebytes again. Select the Update tab and press the Update button. When Malwarebytes has updated, select the Scanner tab and run a full scan again. Let Malwarebytes fix any more threats it finds.

-Check that the anti-virus program is working properly, or re-install it if it is not. Update the anti-virus program, and run a full scan. If you don't have any anti-virus installed GET ONE QUICK. A good choice is AVG Free edition ( free.avg.com/us-en/download?prd=afg and choose the free download from CNET Downloads on the left of the page). But there are many other good anti-virus programs, and the paid-for ones are usually a bit better than the free ones. There is a review of several anti-virus programs, both free and paid-for, in the current (Feb 2010, I think) issue of PC Pro. AVG, even the free edition, did well in this review.

-Reformat the USB stick or disc that you used to install Malwarebytes, just in case it has picked up any infection.

That should (no guarantees without knowing a lot more about the specific infection) fix most types of recent infections that are not veing fixed by anti-virus programs. The reason for the particular sequence of steps is that the infection will sometimes (often) prevent the anti-virus program, including Malwarebytes, from updating, so its necessary first to use a recently-downloaded copy of Malwarebytes, then after it has fixed what it can, to reboot to switch on networking again and then allow Malwarebytes to update.

Hope this kills it for you,

Phil.

hi folks,

I spent most of last week battling virus issues for clients. Some things that cropped up were;

- a process called _ex-08.exe running after the PC booted up
- a call to siszyd32.exe in the start-up list
- numerous trojans and hacktool rootkits attempting to infect PCs

As Dave suggested, Malwarebytes will track down the above but you need to run it in Safe Mode on your PC. Check the startup options after because siszyd32.exe reappeared a couple of times and had to be unticked on each occasion.

A couple of clients had run freefixer.exe but removed critical system files. A re-install of Windows was necessary in each case (I tried a repair but that didn't work.)

Hope the above helps Frank.

John

...and golden rule #1:

ALWAYS back up your important files and not just to another PC on the same network because if one pc on your network gets infected it will likely infect all others, no ifs, no buts, no excuses, just DO IT!

Absolutely Dave, you must back up valuable files for sure.
and incase people are freaking out, services.exe should be in your task manager, dont go stopping it, its only suspicious if it has a constant non stop high cpu usage.

Hasn't the virus situation on the web gone through the roof over the past week or 2 !!!

Tell me about it!
I thought I was well protected...

Thanks lads for all the imput.
I've checked again and it does look like
Services.exe is the cause,
it's hogging lots of cpu power.
As Dave says, dont worry about seeing services.exe
running, its normally a legit part of windows,
just can be hijacked for baddies.

I'll attack this problem on the laptop tomorrow.
Give my head some peace.

Meanwhile,
At least I have the family pc sorted.
It was not connected to the net on 'black Monday'
and I've rid it of MacAfee and installed all the
good free stuff.

Boy am I glad I backed up everything last month!!!