vsssrv.exe process eating all my CPU time.

FormFactorFormFactor At the core of forgotten
edited November 2004 in Science & Tech
Making my pc run like crap.

Google only gives me 1 hit on that process. Anyone know how to get rid of it? or what it even does?


Thanks in advance.


-4m

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    vsssrv.exe is spyware. Download HijackThis and post your log in the Spyware/Trojans/Virus forum.
  • FormFactorFormFactor At the core of forgotten
    edited November 2004
    Hey thanks for the info!


    I think I can get rid of it without posting my log. Its been a long time since i have run a virus/trojan/spyware ennima. And I am definately due. It takes a long time to run all that crap, so I have been slacking it.

    Thanks for pointing me in the right direction.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited November 2004
    FF:

    vssrv is registered as a service, a system service, in XP and Win2K. Thus, it is system protected.

    First, go into services mgr and shut down the service if you can.

    Second, you need to edit registry with regedt32 or regedit to pull all reg entries that start this service OR refer to it, so delete all entries or values that include vssrv.exe by searching for that and deleting values including that name. IF you were unable to use the services mgr to shut down the service, then you need to do this registry pruning in a boot into safe mode, as administrator. BACK up REGISTRY first, naturally (this is here mostly for folks who read here later). WRITE down files locations and file names you may find referred to in keys or values you delete, including files or processes or ActiveX things that appear to call or register this piece of junk, as you go. EXPECT soem software breakage, though NOT pure OS breakage, if you are not careful. HJT will actually list what it thinks are registry entry exceptions, so if you get stuck, restore your registry backup, run that, then give us a log.

    Third, THEN you can delete the files themselves AFTER a Restart, in safe mode or normal mode-- I tend to do this in safe mode, and hope computer will normally boot, but if I am careful it will boot up errorless. IF you miss a registration subprocess call that loads this service's reg entries back in, you start from square one, IE the first step, again.

    I stuck this here simply for advanced folks who need a quick reference on the general process that works 90% of the time to pull a registered malware-as-service infection. Those things can be given this simple process enema, process by process, with the registry edit happening in one OS boot session preferably, if proper precautions are taken. In fact, that is how I pull systems back together without reloading, after spy\mal\viral infections. "The devil is in the details when doing this," and HJT is a dang good "devilish" details exposer. So is an F-Prot AV run on a system, AFTER updating F-Prot to latest definitions. Then the report from F-prot can be used as a deletion candidate template for what registry entry values to look for if you print it or remember where it is so you can open it in safe mode and flip back back and forth between it and regedt32.
  • FormFactorFormFactor At the core of forgotten
    edited November 2004
    Ok I have gorren rid of the vsssrv.exe, but now I have a new one called eulaip.exe.

    it resides in c:\windos\system\eulaip.exe

    It looks to be some sort of trojan as it keeps writing a file called c:\windows\system\pialue.tmp. It is doing this constantly. and it is pissing me off to no end. I just wanna play hl2, but these processes are lagging my machine. I am trying to avoid the ever more seemingly inevidable reformat and rebuild.

    I Tried HJ This, I tried straight_man's reg scrub, and delete method but tht little eulaip bastard keeps coming back.

    any more suggestions?

    If only i could express how much this is pissing me off. oh god I hate spyware, and malware now more than evar before!!! Who knows what type of illeagle this little file has my machine doing.

    SO PISSED OFF!

    But thanks for the help so far!
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited November 2004
    It's one of the oldest tricks in the virus book of dirty secrets. It will likely keep regenerating under a new name until you find the root of the problem.

    A start would be to try cleaning everything up while in Safe Mode. You might also run a full virus scan (with latest definitions) in Safe Mode.

    I would also recommend that you go ahead and post your HJT log - an extra set of eyes might help spot something. I follow this forum to learn more about the subject, since it's become such a big deal nowadays. If you look through some of the other threads here you'll find lots of times where several different people find different rotten files - adding up to a full solution. :thumbsup:
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited November 2004
    for your eulaip.exe thing, try this:

    http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=58986&VName=TROJ_AGENT.L&VSect=T

    Then, leave NAV running, install the 30-day F-Prot AV trial gotten from http://www.f-prot.com/. Update F-Prot on the web. Restart into safe mode, run F-Prot, post the log F-Prot generates. F-Prot knows a bunch of Agent-hijacking type Trojans, and a total of over 134,630 virals, trojans, worms and other malwares. You can set F-Prot to update as often as every two hours, mine updates twice a day.

    Note, F-Prot logs have no private info in them, unless you think file paths of things detected are private.
Sign In or Register to comment.