E
Evert
Since a week or two our nt4 PC's and servers are haven a problem with a vitus
or trojan that uses cmd.exe . it uses nearly 100 percent of the cpu making
the computer sluggish and it also causes problems with dhcp and dns.
It started with a program called dirx9.exe and an entry in the registry that
started this program at startup. After startup it takes awhile before the
program starts cmd.exe . When unseen or undetected it starts even more
instances of cmd.exe and dividing the cpu time nicely between all these
instances. The first time i was able to stop the process dirx9.exe and
removed the entry from the registry and after a restart the computers
functions normally. After two days dirx9.exe shows up in the processes and
starts cmd.exe again. This time i could not stop the process, there was no
entry in the registry and i had to clean the computers in VGA mode. Again one
or two days later cmd.exe was started and used almost 100 percent but this
time there is no dirx9.exe as a process, there is no entry in the registry
and the only thing i can do is rename cmd.exe to prevent it from being
started. For the pc's this is a workable way but on the server are some
programs that need cmd.exe so i cannot rename it.
I scanned the computers and servers with a variety of antivirus,
anti-spyware and other security software but they do not find anything.
Updating to a higher level of system software is in the moment no option
because some programs are not made for newer systems.
If anyone knows an answer please let me know.
Greetings
or trojan that uses cmd.exe . it uses nearly 100 percent of the cpu making
the computer sluggish and it also causes problems with dhcp and dns.
It started with a program called dirx9.exe and an entry in the registry that
started this program at startup. After startup it takes awhile before the
program starts cmd.exe . When unseen or undetected it starts even more
instances of cmd.exe and dividing the cpu time nicely between all these
instances. The first time i was able to stop the process dirx9.exe and
removed the entry from the registry and after a restart the computers
functions normally. After two days dirx9.exe shows up in the processes and
starts cmd.exe again. This time i could not stop the process, there was no
entry in the registry and i had to clean the computers in VGA mode. Again one
or two days later cmd.exe was started and used almost 100 percent but this
time there is no dirx9.exe as a process, there is no entry in the registry
and the only thing i can do is rename cmd.exe to prevent it from being
started. For the pc's this is a workable way but on the server are some
programs that need cmd.exe so i cannot rename it.
I scanned the computers and servers with a variety of antivirus,
anti-spyware and other security software but they do not find anything.
Updating to a higher level of system software is in the moment no option
because some programs are not made for newer systems.
If anyone knows an answer please let me know.
Greetings