Boss' Laptop driving me nuts

I come into work today and find out my boss is having troubles with his Windows XP Home laptop. I decided to see if I can fix it, but now it's starting to get to me, too.

He says he can't do anything because it all tends to freeze. He shows his IE sitting there not responding and other such programs taking forever to load. I force the computer off and on, log back in and open Task Manager. Turns out an svchost.exe under SYSTEM is taking up 100% CPU usage. If I attempt to terminate it, it gives 60 seconds before it forcibly restarts because of the DCOM something or other (I didn't get a chance to see what it was exactly) stopping unexpectedly. I then thought perhaps it has something to do with malware, but it's impossible to tell the anti-malware programs won't load! When I do finally pull up his antivirus (Symantec Antivirus), I find out that it seems like it's running 12 different scans at the same time. Tried to see if I could stop them but to no avail. Tried to see if I could uninstall it, but it just stopped part way through. So I decided that's enough with the regular Windows, it's time to go into Safe Mode. But now I can't even get into those, it just stops after MUP.sys and sits there with the HDD light solid.

There's just so damn little that I can do because everything just freezes because of the high CPU usage. What else can I do here before we just declare this 5 year old laptop dead and get him a new one?

 

reinstall xp and get rid of the power hungry norton antivirus.

 

Pretty much all I can do, huh? Well, it is a 4 or 5 year old machine, so the boss may just get a new one instead. We can try to save some things from this one (won't be easy when it's this slow) before I wipe it completely and reinstall everything.

 

You can fix this one, but it depends on your level of expertise and your resources.

I ran into a very similar situation recently--high cpu usuage, safe mode inaccessible. It was a piece of malware that was so poorly written it could not even load itself.

What I did was build a VistaPE disk with RegeditPE, loaded it, killed the offending process that was loading in the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

key.

I used that to track down the location of the malware which was something like

c:\documents and settings\{userprofile}\application data\BAD_PROGRAM_NAME

and deleted it.

This process is not difficult, but it seems a little over your head.

Arguably, you could use an ubuntu linux disk and find the offending program by date of the folder and just delete the executable, then clean up the registry later.

 

You may try logging in with another profile and see if it is only in his profile.

If so, you are in luck, and only need to backup the files in his profile and rebuild.

If not, you will have to format the system.

In either case, if malware, I'd not attempt to clean it and format... never know what is installed. Deleting malware/spyware/root kits/key loggers or whatever fancy name you want to put on this crud is not the answer.

Restore from backup is ideal.

Using this situation to setup a backup plan is ideal. ;-)

 

*Edit* Sorry didn't see the Safe Mode before hand, limited by my iPhone resolution...

If you have a spare hard drive caddy you can place the hard drive to another computer and temporarily store files there. Then reformat the drive with a clean OS then replace the files back on.

Or you could try the Windows Recovery console by placing the XP disc in and let Windows reinstall the missing or corrupted files that prevented you from doing Safe Mode in the first place.

 

Run MSconfig set anything thats not windows to not startup. Ive also seen symptoms like this with a dying HDD. If you have access to Eurosoft diagnostics or somethign similar run those. You also may have a boot to diagnostic option on startup (if its a dell hit Fn on startup, if HP look for a boot option).

 

I guess its a virus.Remember it happening to me once.