processor Worm?Help!

[richardjohnsen]

have you heard of a new virus that runs processor at 100%?, a boot avast didn't find
maybe a runinng progam Called ZOOM IN that windows won't shut down unless i click end now at reboot, repaired by sys restore
good description IF INTERESTED PLS. READ
POST AT PAINT .NET FORUM

http://paintdotnet.12.forumer.com/viewtopic.php?p=6841#6841

[mauserme]

Hi Richard,

Welcome to the forum.

Is that link you posted to a forum discussing the virus, or is to the virus itself?

[DavidR]

@ mauserme
Well DrWeb doesn't find anything on the link.

@ richardjohnsen
I'm sorry to say I haven't heard of this but I'm sure it wouldn't be difficult for a virus to increase workload and subsequently CPU activity to a point where it could severly slow or even crash your system.

Fortunately that behaviour is usually not so regular an occurance as for the most part a virus writter wouldn't want to draw attention to the virus.

But to try and help we are going to need more information.

maybe a runinng progam Called ZOOM IN that windows won't shut down unless i click end now at reboot,

Are there any more details in the program isn't responding pop-up, etc. ?

Have you checked the Task Manager Processes for anything unknown ?
avast may well not detect some malware, it is strictly speaking an anti-virus, so spyware/adware/malware may not be detected.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode. Ewido Security Suite They also have an on-line scanner which you could check out.

Also:
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are clean.

[mauserme]

Well DrWeb doesn't find anything on the link.

I asked because the PaintNet forum seems almost exclusively devoted to a graphics program;  not so much to malware.  But having said that,  I did find Richard's thread over there and the following description is excerpted from that forum:

"after first boot of this laptop i installed adaware and avast

then i returned to majorgeeks to download pnt.net and ms frame

1 i started editing a pdn file & when i tried rotate/zoom a pdn layer
2 i experienced slow processing
3 i restarted the lap
4 windows reported that it couldn't shut down ZOOM IN (a running process)
5 i hit end now
6 happened again so ran task mgr. showed 100% usage of processor
7 preformed a C drive search for zoom
8 found to suspicious cookies named, myadministratorname@zipzoomfly.122.2o7
9 ran avast avirus on boot -found nothing
10 ran adaware and it didn't find those two zipzoomfly cookies
11 i ran hyjack and didn't see or understand many new reg entries so i deleated the two cookies to recycle
12 i ran sys restore, back to before, downloading your pdn and ms, and computor runs as new
14 i know i recieved either a brand new worm/virus/trogen attatched to your download file at major geeks or a bug from your programs


Again this brand new lap top has been nowhere else on net

If you know of anyone interested in finding the trogen or bug i'll help with my files, until i turn off sys restore and/or reformat this brand new drive, as you know it take awhile just to do that

If not interested pls. just email me if you see this problem again

how do I show a pdn/.png here like you do?

I'll get Ron AT Dell/hijack to read this post, but i didn't save the hjt copy file. "



@Richard

ZOOMIN.EXE is associated with Microsoft's Visual Studio 6.x
Do you use this program?

[richardjohnsen]

thank you for reply

my bug or worm is lost in yesterdays sys restore file, i could retrieve it before reformat if you really. really want it

I'll bet a dollar the zoom .exe was causing the loop  >:(and that it is also associated with ms .net framework 2. download recommended for paint.net users, guess it didn't like my amd chip

friend, Ron-xdell/hjt recommends this after reformat

do you guys have some must do's

The first thing you should do with a new laptop is make sure the firewall is running and then go to windowsupdate.microsoft.com and get all of the updates.  The second thing is to download the latest version of Java and then remove the old version that came with it.

http://www.java.com/en/download/windows_automatic.jsp

Make sure you have removed any older versions of Java or JRE or J2RE with Control Panel, Add/Remove Programs.  Updates do not remove the older versions which have exploitable flaws.

I'm officially retired now so I have stopped working the dell forum since I'm not paid to sit at a computer
________

Did find old java in ad/remove?
But will do the stuff david just recomended
thanks again, holler if you hear of any more zoom or new processor frying issues

[DavidR]

I was once going to use the paint.net product, but at the time I couldn't see the need for dotnet framework and refused MS updates to install .net. I just couldn't see why a graphics program would require this.

I wouldn't bother with trying to extract anything suspect from the system restore 'system volume information' folder, the only way to do that is by restoring it. Your best option to avoid a possible reinfection if you restore in the future would be to disable system restore and reboot, this will clear ALL restore points and give you a clear slate.

Must dos after reformat:
Avoid reformat in the first place by having a disk imaging software for system back up and recovery strategy. Make regular weekly hard disk images and use that to reinstall everything in one fell swoop taking minutes rather than hours.

I still don't have Java on my system, removed MS JVM and never replaced it with Sun's Java, so if you haven't got a specific need for it, no need to have to have it let alone constantly update it and remove older versions. People keep telling me how do you get by without it, answer I haven't noticed any restriction in my system use without it.

Before a reformat, have all your security programs (latest version), AV, firewall, browser (firefox, IE comes with your OS), anti-spyware (AdAware, Spybot S&D, etc.), anti-malware (Ewido) saved to a CD/DVD so you don't have to go on-line to get them. Install those immediately after your OS installation and take a hard disk image (just in case, easier if you have to repeat the exercise soon). No point in installing lots of your other software at this point.

Once you done that your first port of call should be windows update to bring everything fully up to date. Take another hard disk image, then and only then start to install your other programs in order of importance, updating them as necessary.

Welcome to the forums.

[richardjohnsen]

thanks thanks
 I'll do all of it after reformat and trying to find my bug,
is any java on this new lap, looked again and didn't find it
is the avast vdrb a c drive imager or what is a good cheap/free one?

photo has me & daughter in cat eye.  i do recommend paint.net for things like photo resizing/editing/file extensions/fax ect    it has some ppt functions and makes ms paint looks like i wrote the program, ha.


i posted this below on paint.net forum would you read it?

review & a page I'll forwarded if i can figure out to who
and new questions

after first boot of this new acer laptop with amd sempron 512ddr i installed ad-aware and avast
then i returned to majorgeeks to download pnt.net and ms frame
 
as i started editing a pdn file & when i tried rotate/zoom a pdn layer.all windows processing slowed to a crawl. i was rocking on 1 of 25 layers but it didn't seem like a ram problem, and don't know how a well amd semperon chip preforms multiple processing as compared to a Pentium
 
windows reported that it couldn't shut down ZOOM IN (a running process)
task mgr. showed 100% usage of processor, though i had a defective amd
 preformed a C drive search for zoom
 ran avast avirus on boot -found nothing
 ran adaware-nothing-windows shut down still couldn't shut down ZOOM IN 
 i ran sys restore, back to before, downloading your pdn and ms, and computer runs as new

 i think i received a MS bug related to a, zoom in.exe, causing a calculation loop, on my amd processor

i was told when i asked Avast avirus about possibility of a brand new virus or Trojan, they, the virus people said mal'ware wasn't likely as' that behavior is usually not so regular an occurrence and as for the most part, a virus writer wouldn't want to draw attention to the virus
 
I want to use the new paint.net product, 2.5 was easier to use than my adobe paint 3.0, and I liked quite a few functions better,  I'll try 2.6 without MS netframe before reformatting , but at this time I can't see the need for MS dotnet framework and will refuse MS updates to install .net.
I just don't understand; 1 if ZOOMIN.EXE that is associated with Microsoft's Visual Studio 6.x and 2 is it in MS netframe, 3 why a graphics program would want this when it formally ran great without it, a requested installation by MS, or why MS couldn't close it's own program.


I for some reason thought, you, RickB were affiliated with MS.netfarame2.0 as it seemed to be nessary to run your great program,  but as you said I'm trying to get help someware else.
 
 :roll: Does anyone know what MS.netframe is or if it's needed to run.net graphics or adobe graphics :?:
 or does anyone know who could check this out at MS?   I won't bother with trying to extract anything suspect from the system restore 'system volume information' folder, but i would send the restore file to MS

Thanks again for your responses,
guess I'm off to MS world to try and fix my problem/bug.

[mauserme]

as i started editing a pdn file & when i tried rotate/zoom a pdn layer.all windows processing slowed to a crawl. i was rocking on 1 of 25 layers but it didn't seem like a ram problem, ...

I'm not at all familiar with the program you're using so they might be able to shed more light on this at the paint.net forum.  But I can tell you trying to work with 25 layers in Photoshop would absolutely kill my P4 processor.

If paint.net has an option likes Photoshop's "flatten" tool I would try that to free up some resources.  First save the your work with all the layers open, then flatten them to just a few layers and continue your work.  If you don't like the changes you've made on the working version you can always retrieve the layered version and start again.

btw, I really have to guess zoomin is just that magnifying glass tool most graphics programs have, but I could be wrong.

[DavidR]

The VRDB isn't a disk imaging it only protects certain files, .exe, dll and other system files, it doesn't protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won't be an option.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.
However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

Most imaging software is payware rather than freeware, I use Drive Image 7 which was the last version before Symantec bought out PowerQuest. This also requires dot net framework 1.1 or greater. There are others Google is your friend, http://www.google.co.uk/search?q=disk+imaging+software

[richardjohnsen]

i would get a little slow when using that many files/layers on old celeron but never had the processor say or do that after reboot, acked almost like i hibernated instead of shut down, but didn't
maybe amd isn't smart enough

will get a imager after reformat thanks

.net scares me as it me might have been problem,  and didn't want it reocuring guess i'll try my adobe 3 but is from the dos windows days and pdn is eaisier

daughter in cat eye

[mauserme]

will get a imager after reformat...

If you haven't already reformatted why not un-install the paint program first and see if the symptoms go away.  No sense going to all the trouble of re-installing your os if its just a software problem.

cool graphic ...

[richardjohnsen]

thanks
sys restore uninstalled it / fixed it

i what to reformat after i find out if it's a bug or malware
going to try reininstalling them before refomat to see if it comes back, if i does guess i'll try older versions of .net and pdn

OK?

wonder how to put graphic like/where davids is?

wonder why i'm a llama? is that a default...or new nickname

[mauserme]

i what to reformat after i find out if it's a bug or malware
going to try reininstalling them before refomat to see if it comes back, if i does guess i'll try older versions of .net and pdn

OK?

Sure.

wonder how to put graphic like/where davids is?

Go into your profile and click on Forum Profile Information.  You'll see the option to add an avatar there.

wonder why i'm a llama?

I don't know.  Do you look like a llama?

Kidding - everyone is a llama until they change it.

[richardjohnsen]

i inquiring about zoom in at MS .net forum
if i don't get a answer I'll spit like one

Thanks for ya'll help

[richardjohnsen]

posted on new thread
hi guys
i found the problem/ /processor issue for Acers using .net

when a Acer machine, probally laptops, is using a
 QtZgAcer Launch Mgr., probally version 1.6.812,

if the end user installs Paint.net with, MS.net framework 2., one, or the other, of the programs may conflict and

the processor runs at 100% and windows won't automatically shut down a process called ZOOM IN created by QtZgAcer Launch Mgr., not caused by PDNet, MS.net or MS VB6
 
after explaining it, the temp., solution from Acer Cust. Serv., is to
turn off QtZgAcer in, start/run/MSConfig/open >tab to, Start up>deselect-QtZgAcer Launch Mgr > Apply

then you have to tell windows to stop opening Config after rebooting and some acer buttons won't work.
acer will probally post a fix or repair.

Thanks for Your Help, Especially to Avast guys, sorry to bother the pdn and ms.net guys but even though they got mad & tired of helping me they were a help.

the spitting llama RJ 
am i still a newbie  :'(
was ther a beer on my message?