PDA

View Full Version : OT, XP question....



J Tiers
04-18-2004, 12:15 AM
Evan, this is probably your bailiwick...but I'll take anyone's ideas.....

Neighbor has a HP with XP on it. He has a gig of RAM, but gets a lot of messages telling him things about the swapfile needing to be expanded.

He also gets "out of memory, can't do that" type messages. (I'm relaying what he said, haven't got to look at it yet.). Latest was trying to load a game that requires only 256MB. Wouldn't work, put up insufficient memory messages.

He did look to see what was running, and found 27 open processes....which I thought was an awful doggone lot...but it IS XP, so.....

My initial diagnosis is (assuming no hardware problem) probable worm/spyware, but he has ad-aware and spybot, plus zonealarm. He is "between programs" for virus-scanners, having fired McAfee, so I pointed him at AVG.

I also told him to run scandisk (for the swapfile problem), but he didn't find anything like it. Apparently it is renamed or not present in XP?????

My questions:

Is 27 open processes reasonable for XP?

Is the chance of "mal-ware" as high as it looks to me?

Is scandisk really not there in XP?

Are there viri that would cause a lot of processes without popping up zonealarm alerts as they attempt to call out?
I know that if they use an allowed program, like explorer, ZA won't stop them.

I'd like to help him out, since they feed us some darn good dinners.....but I know gar nichts about XP, since I run 98.

Thanks....
JT

P.S. AVG has worked great, thanks for the steer towards it...

robert
04-18-2004, 12:38 AM
Try posting on this forum. http://www.annoyances.org/ Good source of info.--RG

Evan
04-18-2004, 12:54 AM
My questions:

Is 27 open processes reasonable for XP?

Is the chance of "mal-ware" as high as it looks to me?

Is scandisk really not there in XP?

Are there viri that would cause a lot of processes without popping up zonealarm alerts as they attempt to call out?

My machine as I sit here is running 27. That is determined by looking under the Performance tab in Task Manager. I have my machine carefully tuned to start the absolute minimum number of processes. Undoubtedly your friend has some unneeded/unwanted things running. Have a look at the Commit Charge peak value. That tells how much ram has been needed at any time since boot. I doubt the machine is really running short on ram, other things are happening. It is a common problem for progams to have a mistake in them where they have what is called a "memory leak". The program requests ram for its use and fails to deallocate it when finished. As far as the system is concerned that ram is forever still in use and no longer available. It can be seen as the commit charge climbs ever higher and will also cause a swap file error message. Unfortunately I can't tell you where to look. It could be anything. Use Msconfig from the run prompt and begin temporarily disabling startup items to try and narrow it down.


Malware is a huge problem. Nearly every machine I see has similar problems. It is totally out of hand. Microsoft just issued patches for 20 new vulnerabilities including one that allows an e-mail or web page to install anything at all merely by enticing you to click on a link. Indetectable by the antivirus software and contains no attachment when as an e-mail.

Scandisk is still there, it is called "chkdisk" in XP. It may be invoked from the command line (dos box) or by right clicking on the drive in Explorer and selecting properties from the menu. Select the tools tab and then pick "error checking".

As to viri not activating Zone Alarm, yep sure. The latest crop of viruses disable Zone Alarm as well as other firewalls and antivirus software. Whats happening is a big change in the nature of viruses. Organized crime is now in the picture. These things aren't being written by teenage boys who can't get laid. It is the work of the Russian Mafia. They are using the viruses to set up networks of Zombie computers so they can use them to attack online betting and gambling sites. It's a modern version of the old protection racket.

See here: http://www.theregister.co.uk/2003/11/12/east_european_gangs_in_online/

[This message has been edited by Evan (edited 04-18-2004).]

gvasale
04-18-2004, 07:18 AM
I just checked my pc and there are 42 processes running. What does that mean to me?

J Tiers
04-18-2004, 09:16 AM
<font face="Verdana, Arial" size="2">Originally posted by Evan:
[i]Scandisk is still there, it is called "chkdisk" in XP. It may be invoked from the command line (dos box) or by right clicking on the drive in Explorer and selecting properties from the menu. Select the tools tab and then pick "error checking".
</font>

This isn't the OLD chkdsk, is it....that used to be basically a reporting program, with minor "repairs" (data tossing) to the file structure.

Scandisk could do a disk surface scan and mark out bad areas. That is what I hoped it would do, as I wondered if a bad area were not messing up the swapfile
(with a gig of RAM I hope the swapfile isn't that important, but this IS Microsoft....home of the 5 meg "Hello" file).

Evan
04-20-2004, 10:40 AM
Nope, not the old chkdisk. It also has a couple of command line options that change how it works. The swap file is important and is used regardless of the amount of ram present. Also, some programs will check for the existance of a swap file and won't run without it.

Added: It doesn't help to try and relate Win 9X to XP. Win XP is Windows NT 5.1. That is how it identifies itself in an error report. Win 2000 is NT 5.0 which is the basis for Win XP. They are nearly the same but for the user interface and a few extras in XP.

Gvasale, it means you have too many processes. Time to clean up with Spybot. Also, if you have an HP computer HP is fond of running all sorts of extra unnecessary crud. Kill them with the msconfig tool from the run dialog box.


[This message has been edited by Evan (edited 04-20-2004).]

Mike Burdick
04-20-2004, 10:47 AM
JT,

Try this:

Click on the Start button and click on Run. At that point type in "msconfig" (without the quotes) and press OK. A requester will come up - then open the "Startup" tab and check or uncheck the processes you want or don't want. You will then be asked to restart the computer - do so.

This also works for Windows 98.

Edit:

Changed to "startup" from "Services"



[This message has been edited by Mike Burdick (edited 04-20-2004).]

Evan
04-20-2004, 10:57 AM
Mike,

Disabling services from msconfig is not a good idea. In their infinite wisdom Microsoft made it possible to disable services in msconfig that are essential to system operation. Leave them alone. It is safe to disable startup items in msconfig. To correctly disable services, and there are many that may and should be disabled, use the management tool "services.msc" from the run prompt.

It will allow you to stop a service and disable it. If the service is essential it will warn you of this and list the dependencies (other services that depend on that one). If you want to try doing this first find out what services are safe to disable, there are lots of web site dealing with this topic.

Here is one:

http://www.uksecurityonline.com/husdg/windowsxp/disableservices.htm

Mike Burdick
04-20-2004, 11:07 AM
Evan,

Oops -- you're right, should have said startup instead of services.


[This message has been edited by Mike Burdick (edited 04-20-2004).]

ACF
04-20-2004, 04:47 PM
Gentlemen,

Let me say that I'm a computer illiterate, and don't know much at all about these things. My computer has the XP windows system. When I bought it I also got one of the norton anti-virus programs, which I try to keep updated. Recently after running the norton scan I found I had a few "threats" called adware.virtumonde and a couple other adware ones. Everything still seems to be working OK but I couldn't delete them. How did I get these things? I thought that's why I had the norton program, to protect me from this garbage. Doesn't appear to work though. When I checked on the symantec website they had removal instructions, but I don't know if I have the skills needed to remove them. Looked like a real job for a computer illiterate like myself. What's going to happen if I don't remove them? Man, I love reading this forum and conversing by email to my friends but there are times like this when these damn computers hurt my head.

Chris

Tuckerfan
04-20-2004, 06:06 PM
ACF, you need to download, install and run a couple of programs. One is AdAware, the other is Spybot Search and Destroy. Both of these programs will easily clean your system up.

J Tiers, while this is probably over-kill for your neighbor's situation, I recommend that anyone who knows what they're doing with computers (except Evan, he probably doesn't need this) try out a program called X-Setup Pro ( http://www.x-setup.net/ ). It makes it easy to get into your system and muck around with things (including changing the start up window screen). Thanks to it, I've been able to cut my boot and shutdown times dramatically.

[This message has been edited by Tuckerfan (edited 04-20-2004).]

wmgeorge
04-22-2004, 08:29 PM
Just be very, very carefull in downloading ANY software or opening ANY email with or without attachments if you don't know who sent! At work I have a Scumware / virus whatever, SpyBot can't get rid of it nor can the virus checker do it. The IT people tell me the only way to deal with is to re-format the harddrive!! Thank the Lord I don't have it at home, and I really can't say how it got on my computer at work... but this is something new, as in the last few months or so. B.G.

Evan
04-22-2004, 10:24 PM
"...or without attachments if you don't know who sent!"

This is the biggest mistake most people make. Knowing who sent you something means absolutely nothing. You will recieve viruses from your friends, they are the ones with your e-mail address on their computer! Knowing who sent you something is no protection at all. Also, the viruses will fake the return address using whatever address it can find on the infected computer.

J Tiers
04-22-2004, 10:46 PM
Well, the neighbor has done the look-over and used the correct tool to follow the recommendations on the list.

As soon as he re-booted, within five minutes he got the "swapfile needs to be bigger" message again, just as if he had done nothing at all....

Using the scan tool did seem to make the machine work a bit better, he said. But it didn't fix the swapfile problem.

So, I told him that he should put on AVG (he hadn't yet) and run it and then all the others (spybot, ad-aware, etc).

Then he told me that now he can't get a connection on his cable modem!

He is going to go through and double-check anything he changed (he took notes).

I may have to go over and check this out myself over the weekend, my nice dinners are in danger http://bbs.homeshopmachinist.net//biggrin.gif

CCWKen
04-23-2004, 10:54 PM
Not knowing JACK about XP except it's expensive (in ca$h and space), the older versions had the swap file size in:

Control Panel -
System -
Performance Tab -
Virtual Memory Button

You could set the size yourself or have WinDooz manage it. It could be set too small.

J Tiers
04-24-2004, 12:02 AM
Yabbut, he is letting XtraPoofy set it, which it seems to want to do all the time....as well as not working well, and refusing to install programs due to insufficient memory (a gb isn't enough!!!).

However, he says after some more work, he has internet and it hasn't mumbled anything about swapfiles for a while, so maybe it just needed to settle down.

I have noticed that older Windoze seems to need to do a couple shutdowns and re-starts before it really settles down. XtraPoofy may need that too.

Evan
04-24-2004, 01:19 AM
JT,

Either something has a memory leak or is spawning multiple processes. Trying to manage the swap file in XP is not a good idea unless you know exactly how to balance it to the memory in the machine. It is much more critical than 98.

J Tiers
04-24-2004, 10:30 AM
<font face="Verdana, Arial" size="2">Originally posted by Evan:
JT,

Either something has a memory leak or is spawning multiple processes. Trying to manage the swap file in XP is not a good idea unless you know exactly how to balance it to the memory in the machine. It is much more critical than 98.</font>

Yeah, although I always thought that "programs" don't have memory leaks, OS do. If XtraPoofy could manage memory right, it would know what was allocated, and nothing would get lost. And it's a pretty good leak that runs through 1 gig of ram in a few minutes. Even 98 takes a few days to run thru 500meg.

As for processes, I understand he is down from the 27 slightly. I don't have the present number.

And he is letting XtraPoofy manage its own swapfile.
That suggests to me that it shouldn't have to ask permission......I wonder if he "really" has been letting it manage its own file? Maybe there is a "notify" checkbox.....

We'll see if it stays fairly stable, it has been looking better since the "treatment".

Thanks very much for the advice.

Evan
04-24-2004, 11:39 AM
JT,

Because of the way memory allocation works in Windows if a program asks for memory to be allocated the the OS must oblige if it can. If the program fails to deallocate the OS can't do anything about it. I had a driver for a slide scanner that would allocate 12 megs each time a slide was scanned and failed to deallocate. Each slide used up 12 megs of ram until it was all used.

When I was beta testing PSP8 last year I found a bug in one of the image manipulation routines where if you continued to perform the function with the mouse button held down (a blur function) it would eat ram at the rate of about 30megs per minute. When you finished the function it didn't give it back. That was on XP.