vshwin32 is taking 98% of system resources! HELP plz...

IPXP

IPXP

New Member
Hi, this is my first post and it's a question :confused:

As described in the title there is a McAfee file running and it is taking 98% of the system resources, I am running 2000 and when I try and stop it from running I get an error message:

Task Manager Warning
WARNING: Treminating process can cause undesired results including loss of data and system instability...

I click YES and get

Unable to terminate process

The operation could not be completed

Access is denied.

If anyone can help, it would be greatly appreciated :)
 
A

aqsg72

<b>VIP Member</b>
VSHWin32.exe is a part of McAfee VirusScan. This process run in the background and automatically scans new or files in use for viruses. Removing this process will disable the automatic virus scan in McAfee VirusScan.
Click to expand...

But this filename can be used by dangerous spyware and adware programs to mislead the user.
Click to expand...

http://www.auditmypc.com/processes/vshwin32.asp
http://www.2-files.com/filename/vshwin32-exe

Well from the sound of it you don't really want to end the process as it switches off the real time antivirus protection.

However it could be spyware/adware and from what I'm reading it sounds like you should scan your computer for these.

This doesn't really help the high cpu usage of the exe, which may well be solved through these means but definitely shouldn't be as high as it is, I recommend you consult the McAfee troubleshooting pages.
 
Praetor

Praetor

Administrator
Staff member
You can try turning down the sensitivity of mcafee's realtime virus scan ... question is ... does the cpu usage go away if you just let it sit there for a looooooooong time? :)
 
IPXP

IPXP

New Member
Thanx for the replies :eek: The cpu usage doesn't go down at all and when I searched for McAfee it doesn't seem to be on the computer, I can't find it at all anywhere when doing a search. But McAfee was installed, it just can't be found, not in add/remove programs or in any folders.

The only evidence of McAfee on the computer is vshwin32 in the task manager. There is Norton on the computer so getting rid of vshwin32 wouldn't be problem, but like I said above when trying to end the task, I get the error messages. :(
 
IPXP

IPXP

New Member
I can't find McAfee anywhere on the computer to be able to uninstall it. :confused: There is just vshwin32 in the task manager. No firewalls on the computer.

And I've ran ad-aware, but no luck. The vshwin is still taking 98% of the system resources and I can't run anything big (office packages etc) without the computer throwing out errors and crashing.

Thanx for all the help, it's much appreciated :)
 
IPXP

IPXP

New Member
here is my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 13:41:00, on 08/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\McAfee\VirusScan TC\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\McAfee\VirusScan TC\Vshwin32.exe
C:\EPOAgent\naimas32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\VirusScan TC\VsStat.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.derwentside.org.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37888.1374884259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = derwentside.gov.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8940AC-7BAE-4369-A5D8-15AC2FC909B7}: NameServer = 217.23.224.11,217.23.224.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = derwentside.gov.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F8940AC-7BAE-4369-A5D8-15AC2FC909B7}: NameServer = 217.23.224.11,217.23.224.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = derwentside.gov.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F8940AC-7BAE-4369-A5D8-15AC2FC909B7}: NameServer = 217.23.224.11,217.23.224.12

I wouldn't know what to look for, so thanx for any assistance :)
 
Lorand

Lorand

<b>VIP Member</b>
Very clean log. But how the McAfee starts itself up?
The only bad thing I found in the startups is this:
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
 
IPXP

IPXP

New Member
What I know is that a: it doesn't come up in the msconfig startup or add/remove programs and b: it is in the task manager as running and taking 98% system resources :( sorry I can't give you any more info :eek:

Does anyone know how I can get rid of the vshwin32? I have tried stopping it from running in the task manager but I get the error "access is denied" and I can't acually find it anywhere

I have just found a folder in c:\program files\mcafee\virusscan tc, which contains the application vshwin32, vsstat and avsynmgr apps too and a load of dll files +some others.

Does this help anyone? And can I remove the vshwin32 and um how, would be good too, thanx :)
 
IPXP

IPXP

New Member
Thanx everyone for all the help :) I used the MoveOnBoot and deleted the file (I created a copy on floppy just in case) and it seems to have worked.

Now the computer is running freely and letting my do as I please! Thanx again mates

One very, very happy bunny :D

Scoobie snacks for all! :p
 
IPXP

IPXP

New Member
Erm Lorand, do you think I should remove the:

O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe entry?

I won't blame you if anything goes wrong :) promise ;)
 
You must log in or register to reply here.
Top