|
SYSCFG32.EXE CPU usage goes to 100%
|
Murph
08/29/02
|
For some reason the SYSCFG.EXE goes to 100% CPU usage and slows down my PC. The only solution that I've found for this is to use the Ctrl-Alt-Delete method and Ending Process of it. Does anybody know what's causing this and how to fix this? This is just an annoyance, that happens every time I start my PC about 5-10 minutes. Btw I'm using WinXP HE operating system.
|
mike
mavenali@nismo.org
09/03/02
|
i have the same problem using windows 2000 pro... The only way that i have found to fix is to do like you said and ctrl-alt-del. if i come up w/ anything i'll definately let ya know here.
|
mike
mavenali@nismo.org
09/03/02
|
Hey murph.. back at this syscfg32.exe -- w/ a pissed off attitude about this particular problem. I went to start --> search (or find) --> files or folders --> I then searched for Syscfg32.exe -- I made sure to end task it then copied it to a floppy and deleted it from the hard drive (floppy for back up of course) by doing this it had no impact on my computer other than lower cpu usage at the start up..
This is something you can try if you like... it worked great for me... i'm running windows 2000 pro..
|
Taconvino
vino@esfera.cl
09/05/02
|
Hey! Same problem on Win98 and NT4.0WS... I used an Anti-Virus Software(F-Secure) and detected the file as some DM.SETUP.mIRC Virus... the weird thing is, that i've never installed mIRC on any of my computers... any way, deleting the file (as mike said)didn't seem to damage anything on my PCs. On Win98, i had to remove a Key from the registry (actually, two keys) that called the file on every startup (...\Software\Microsoft\Windows\CurrentVersion\Run)... that solved my problem completely... hope it works for you too!
|
Some Guy
09/12/02
|
This is part of a trojan that takes partial control of your PC and then uses it to spoof DNS servers, etc. Delete it from your hard drive and any references in the registry... and uninstall Kazaa. It seems to happen mostly to people who install that spyware ridden filth of a file sharing program. Also, download Ad-Aware from www.lavasoft.de. It will help keep your system clean of spyware/malware/scumware and improve your system's functions.
|
Crashed
09/24/02
|
The trojan is called Backdoor-AHI
|
Kyle Lai
kyle@kylelai.com
09/24/02
|
I just posted some suggestions on removing Anti-Virus and Trojans on another topic "taskmngr.exe". It is also an mIRC Trojan that got Microsoft stumbled all over about 3 weeks ago.
You should run all of these tools listed below to ensure you have a virus/trojan free system. Anti-Virus alone is NOT ENOUGH! It will not remove all trojans, and definitely not all of the IRC related stuff!
Make sure you change the Windows Administrator account to something that's hard to guess. Definitely make sure they are NOT Blank!!!
Besides that, here are 4 FREE software that will help you fight the Trojan and intrusions. Make sure you get the latest updates regularly:
1. Make sure you have the latest Anti-Virus definitions that downloaded from your anti-virus software vendor. If you don't have one, here is a free one: http://www.grisoft.com
2. Make sure you get an Anti-Trojan software on top of the Anti-Virus software. Many Anti-Virus software will not detect Trojans and Hacker software that was installed during an intrusions. Anti-Virus software does not detect hacker software because it could be used ligitimately by security professionals... A free and Great one is Swat-IT by Lockdown Corp: http://lockdowncorp.com/bots/downloadswatit.html
3. Get Ad-Aware software, which is for removing the advertising software that web advertisers installed on your systems without your acknoledgement just by surfing on the Web... This is a free software too: http://www.ad-aware.com
4. Get a Firewall for your computers if you have not get one. Here is a very simple to use FREE firewall software: http://www.zonealarm.com
Good luck!
Kyle Lai, CISSP, CISA, MCSE
Information Security Consultant
Kyle Lai Consulting
508-380-2022
kyle@kylelai.com
|
Steve-o
donqueso@hotmail.com
10/23/02
|
I just came across the syscfg32.exe on my XP machine by using ZoneAlarm, and I think all these suggestions that Kyle made are great! Thanks for the help.
|
Skydigger
dtcalder@shaw.ca
11/05/02
|
I have been infected with this backdoor trojan virus. I have been trying to follow the instructions to get rid of it, but I can't delete the syscfg32.exe file. I'm running XP. Is there something I'm missing? Is there a safe mode that I don't know about? HELP.
Thanks
|
reaver
11/08/02
|
you can delete the file when you start up in safe mode. you can do this by pressind F8 key during boot process.
|
Dimitry
11/12/02
|
I got aware of syscfg32.exe because it repeatedly demanded internet connection. I just renamed the file to syscfg32.nono and deleted all related registry entries - seems to be OK now. Thanks for all your info's!
|
Vargrh
vargrh@vargrh.co.uk
12/18/02
|
I have likewise just removed this insidious little parasite. a major nuisance. Adaware failed to detect it so i had to manually delete the bitch.
|
Daix
jason_daix@hotmail.com
12/23/02
|
thank you kyle lai,i followed your constructions and my computer is running better,i am running windows xp and it is working better now that i followed them steps,thank you kindly :)
|
cobra
01/18/03
|
Hi all...Thank you for the web sites.
I too was infected by that nasty worm..wish I could have put it on a hook and fed it to the fishes..lol..
Does that worm affect add remove programs in control panel?
When I go to open it I get an error message and it says there are no programs installed on this computer.
NEED HELP!!
|
Pamlor
pamlor@hotmail.com
01/20/03
|
Hi, I dicovered syscfg32 when i installed active ports (lets u monitor the internet ports), but what i wounder is how do i find the related registry entries?.
|
slacker
slackerleech@myself.com
01/21/03
|
run regedit search syscfg32.exe should be two entries 1.Software\Microsoft\Windows\CurrentVersion\Run
(Delete)
2.Software\Microsoft\Windows\CurrentVersion\RunS
erver
(Delete)
I think
And delete syscfg32.exe and any cache..
Make sure winsys32.exe is not running on start-up because that is a virus too..
Cleaner3 will delete that..
There is just a bunch of hack---s renaming .exes to files people search for on file-sharing programs ...so be careful what .exe you download and run :}
I frickin logged and tracked the hack---'s IP.
|
slacker
slackerleech@myself.com
01/21/03
|
--> ABOVE is on an XP machine :}
|
Zell
fujima_19@yahoo.com
02/07/03
|
i have a trojan virus in my irc script how can i remove it ? Can i remove it manually ?
|
jimbob
james_boone@hotmail.com
02/20/03
|
nice one slacker! i'd like to know how to obtain IP addresses and get these MF hackers back, i recently had a trojan virus write itself to syscfg32.exe, i just ended the process (ctrl alt del), then deleted it straight off my hard disk without any backup, works fine now! i recommend using norton antivirus 2003, its really effective at picking up most crap. (watch out for tune.vbs, its a sly one!)
|
duggage
duggage@yahoo.com
03/01/03
|
Yep. I got zone alarm and it immediately started blocking this crap.
Funniny thing. AVG, Ad-aware, Swat-it. None of them would detect syscfg32.exe as "bad".
Hopefully this will stop the crappiness my computer has been having.
D
|
balance
p0l4r15@yahoo.com
03/18/03
|
How did you guys remove this? Every time I try to remove it, or stop the process, I get an "access denied" error.
|
Kyle Lai
klai@klcconsulting.net
03/19/03
|
Instead of terminating the process, you probably should:
1. remove the associated registry entries
2. if you have XP systems, disable "system recovery" feature. Follow the instruction from the link below.
3. reboot your system
4. If you have XP systems, enable "system recovery" feature. Follow the instruction from the link below.
Disabling/Enabling "System Recovery" in XP:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/7e7f15291a25d938882567e50048a048/5065b3834b10031488256b0900255ea7?OpenDocument
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
www.klcconsulting.net
|
Kyle Lai
klai@klcconsulting.net
03/19/03
|
I actually left couple points... sorry.
steps:
1. remove the associated registry entries
2. if you have XP systems, disable "system recovery" feature. Follow the instruction from the link below.
3. delete syscfg32.exe. If not possible, rename it to syscfg32.txt.
4. reboot your system
5. If you have XP systems, enable "system recovery" feature. Follow the instruction from the link below.
Disabling/Enabling "System Recovery" in XP:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/7e7f15291a25d938882567e50048a048/5065b3834b10031488256b0900255ea7?OpenDocument
If you use XP and don't disable "system recovery" before you remove viruses files, it will come back because of "system recovery" is like "self-restore" feature, which will restore lost files (in /system32)
cheers,
/Kyle
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
www.klcconsulting.net
|
Ako
04/30/03
|
i actually had a trojan virus inside that syscfg32, but then is it a windows2k original file?
ii got a real problem which is how to repair my peripherals installation wizard , it fails all the time !!!
|
ako
ark@free.fr
04/30/03
|
has the forum isn't so much seen, i let my adress... but i can't install my ethernet card and usb controlers...
|
laura
buffy_helmet@hotmail.com
05/19/03
|
THANKS FOR HIPPIN' ME TO THIS VIRUS!
correct! you can delete it! it is not a legit file! i ran win2kpro in safe mode, ended task & deleted!
|
Ian
05/24/03
|
Zone alarm spotted this for me, with this "program" trying to access the internet, virus software hadn't a clue!Grateful thanks for assistance in purging this insidious sod from my system.
|
oakley
06/02/03
|
Thanks Slacker I'm cured!
|
Dvir
12/15/03
|
Thanks alot :)
|
