zero CPU usage???

A friend handed over his WinXP laptop which was having STRANGE issues.

The gist of it is I booted it up and installed Malwarebytes to see if there are any nasties about. After some period of time the scan just stopped dead in its tracks. Thinking it was hung, I hit ctrl-alt-del as a last resort. Up popped the interface that allows me to shut down, run task manager etc. I ran Task manager and clicked the option to show all processes. Now this is where it gets WEIRD, all processes showed zero percent cpu use. Yes ALL processes and ZERO percent. Even the performance chart shos zero percent use! I can move between tabs on task manager at will. But I cannot click on the Start icon in the lower left of the desktop. If I minimize task manager, its window does NOT disappear, but I can no longer click on any tabs of anything else for that matter.

Odd, huh. I am booting in safe mode right now to try the same sequence in that mode. Anyone else ever come across anything similar? The machine is a Dell Vostro 1500 with 3gb of memory running XP pro.

Gary

 

i've seen virus-crapped xp machines having incorrect displays in the taskmanager, yes. i've seen user names dissapear, i've seen cpu percentages being wrong (all zero, or stuck frozen at some values, or what ever).

if it hooks itself at the right place, it can cheat anything. maybe it should hide itself in the process view? so it tries to interface that list to remove itself visually? no clue..

but i never look much further if i see such virus riddled systems. i just clean install. i don't even bother to find out what exactly all was wrong and infected and such

 

Were it MY machine, I would do the same. But this machine has a bunch of apps loaded on it (legally) that the owner no longer has access to the install media. (Lost in a move.)

They are not zero initially, just after some period of time. Really strange. Malwarebytes quick scan found three trojans, while in safe mode. Sophos AntiRootkit will not run in safe mode... sigh.

I'll report back anything else I find.

Gary

 

ouch. get him to find the cds!!

nah, good luck, hope you find something. i'll report ideas if i get some..

 

he can re download the applications or even borrow some cds but what about the serials ?

 

Well this saga gets stranger and stranger. I pulled all the data off the machine to an external drive. Then I booted from a WinXP install disk and tried to repair the OS. It ran for a while and hung. I can open a command prompt with the shift F10 trick and see that the system has stopped. I knew this because the setuplog.txt file stopped getting entries added to it.

I tried this several times, using the trick of examining the setupapi.log file to see what INF package it hung on and then renaming the offending package. I got it to complete the installing devices phase, but then it would stop again on the Installing network phase.

On my last try, it hung again on the installing devices phase. I hit shift-F10 and got the command prompt. Typed out the setuplog.txt file (I'll share a trick about that in a moment). It always ends with a note about invoking CMD.EXE (as a result of my hitting shift-F10) but I noticed something odd. The time for the CMD.EXE entry in the log was 11:08AM and the real time of day was 2:30 PM. The clock was STOPPED!!! I could type TIME and hit return and it kept showing the same time. I could do anything I wanted in the CMD window. But when I typed EXIT the window remained and the system was hung.

Man oh man, this is one BIZARRE machine.

So now I am reinstalling WinXP (not trying to do a repair) and it seems to be going smooth as silk. (knock on wood).

Film at 11.

Gary

 

Wow, I have seen and repaired a lot of machines, but none like this though. I hope it works.

 

Yeah, nuke and pave. A lot of the nastier viruses get into the system files and intercept various system calls to hide from scanners. That can include things like system performance monitoring calls. Nuke and pave is the only way to really be sure you fix what's wrong with that machine. And virus-scan the heck out of any files you copied off of his computer.

 

Well I did the nuke and pave and the clean install went like a champ. Not sure WHAT was going on that prevented the XP repair, but...

Have no fear the files I pulled from his machine will be SCANNED three ways before they go back on.

Gary

 

Happy to report that the clean install went just fine and the system is behaving normally. Unortunately my friend now needs to dig thru a BUNCH of moving boxes in search of several install disks. (He is now a firm believer in an external backup!)

Gary

 

Hi OP, I would like to know if the external backup = system image?

I would also like to know what is the difference between system image and windows backup?

*Windows backup is now on 6th hour and still at 38% completed , is it that slow to do a windows backup?

Thanks!

 

I can't really tell you anything about windows backup as I don't use it. An "image" is an exact copy of a partition. This copy can be made to a series of DVD disks, to another partition or to an external device. It may be compressed or uncompressed. A "system image" is an image of the system partition, usually the C: partition. There are many apps that can create these images Acronis, Norton Ghost etc. Depending on how the image is created and with which software, you MIGHT be able to extract a single file from an image. But usually an image is restored in its entirety back to the original partition or a new one.

Gary

 

Macrium Reflect is what I use to make my backup images; it just copies the contents of an entire partition into a single file, which you can then mount to a virtual drive in explorer and go back through and copy single files or folders out of it if you want to.