Five year old laptop has been acting kind of of slow lately. Then we went to Cedar Pointe last weekend and rented a cabin with wireless. Got home and my computer virtually ground to a halt. Opened task manager and went to performance and saw that the CPU was running at 100% with no programs open. Clicked on resource monitor and saw many rundll.exe programs running with the description com surrogate. Also my permissions had changed so I couldn't download the latest version of Norton Eraser. Not that it would have done any good. I already scanned it with Norton and Speedy PC Pro: nothing. Really debated what to do with this 5 year old computer. Wasn't planning on replacing it for a few more years, so I bit the bullet and paid Norton $99.99 to have a tech crawl through my computer to fix it. They said it would take 60-90 minutes while they accessed it remotely (obviously from India). 4 hours later they declared it fixed. Meantime I left and wasn't home when they finished, so I allowed them to close out the case as they claimed I was now 100% virus free. NOT.

So they reopened the case tonight at 6:15 and finally by 11:30 they seemed to have really fixed it this time. Nine hours, don't think they made any money on that one. The tech said the com surrogate is a very complex virus and it takes many iterations and scans to remove it. Not something you are going to fix yourself. Makes you want to strangle the hackers that think up these viruses, and screw up everybody's life just because they can.

com surrogate is not a virus according to what came back from a google search. There must have been another virus on your laptop that was using the process. did norton give anymore details?

Just a suggestion, that I have found helps. Create a non admin user account and use that for daily computing. Most people run as admin all the time, and a rogue program doesn't have to escalate privileges, as the machine is already running as admin! You will have to put in the admin password to install programs(be sure it is something YOU were installing!) but the inconvenience is worth it.

Create a new admin account, and change your current account to a user account is the easiest way.

Good idea on the admin account, just changed it as suggested and used a strong password. They explained to me that the "virus" replicates and runs the rundll.com process until that is almost all your cpu is doing. The description attached to the rundll.exe programs is com surrogate. Prior to the cleanup I had anywhere from 80-100 processes running, it is now around 50.

Yep Ole, some nasty stuff out there! Glad you got it taken care of.

Just a suggestion, that I have found helps. Create a non admin user account and use that for daily computing. Most people run as admin all the time, and a rogue program doesn't have to escalate privileges, as the machine is already running as admin! You will have to put in the admin password to install programs(be sure it is something YOU were installing!) but the inconvenience is worth it.

Create a new admin account, and change your current account to a user account is the easiest way.

That's how I've been running my XP box, it's been pretty bug free. Only problem with XP Home(ly) you can't adjust the limited account settings. In my case I'm sure the admin would allow me to use the CD/DVD. There's probably a registry tweak that could fix it but I don't use the drive enough to bother.

-Tom

User Account Control in Vista/7 helps somewhat with viruses/malware too. Some of the time a virus/malware can't install without a prompt from Windows asking if it is okay to install the program.

That's how I've been running my XP box, it's been pretty bug free. Only problem with XP Home(ly) you can't adjust the limited account settings. In my case I'm sure the admin would allow me to use the CD/DVD. There's probably a registry tweak that could fix it but I don't use the drive enough to bother.

-Tom

If you're running XP, run regedit and change
HKLM:Software:Microsoft:Windows NT:CurrentVersion:Winlogin:allocatecdroms to 1.

Viruses are a lot rarer than people think. That's because every time their computer slows down they assume it was caused by a virus, when it was actually just poor side effects of the software they deliberately installed. Anti-virus companies take advantage of the hysteria so they can sell more software and services, just like the $99 charged above.

Geez, as I was typing this, a commercial just came on the TV advertizing MyCleanPC, and showed a graphic suggesting they removed 1180 virus files from a computer. :confused:

If it was a virus, it wouldn't have taken the technician very long to get rid of it. What took him so long is that he probably went through and cleaned up all the automatic processes that otherwise legitimate software sets up on the computer whether you use the software or not.

Viruses are a lot rarer than people think. That's because every time their computer slows down they assume it was caused by a virus, when it was actually just poor side effects of the software they deliberately installed. Anti-virus companies take advantage of the hysteria so they can sell more software and services, just like the $99 charged above.

Geez, as I was typing this, a commercial just came on the TV advertizing MyCleanPC, and showed a graphic suggesting they removed 1180 virus files from a computer. :confused:

If it was a virus, it wouldn't have taken the technician very long to get rid of it. What took him so long is that he probably went through and cleaned up all the automatic processes that otherwise legitimate software sets up on the computer whether you use the software or not.

It wasn't hysteria on my part, it was choosing between a new computer and trying a fix for $100 from a well known company. Previously I bought into a $40 fix from Speedy PC Pro, who claimed to be a Microsoft "Partner". I did a little research and couldn't find anything contrary. Yep, they fixed 3500 problems, and afterwards I had 70 processes running rather than the 90 prior to the scan. But when I called with a question, they wanted $200-$300 to do what Norton ended up doing for $100. That is when I became suspicious. The first tech from Norton removed Speedy PC Pro claiming some of my problems were from that program. And so far, so good, my computer is running almost like new.

I believe the issue started when I noticed that Norton messages started popping up stating they had blocked Poweliks and Adclicker viruses.

Here is a typical response to a person with an infected computer: "Hi, Please don't try fixing yourself. From the behavior of the system, it seems there is a chance of multiple infection which bypassed the security shields. I strongly recommend you to visit a free malware removal forum list at https://community.norton.com/forums/malware-removal-forum-recommendations . . "

I can't imagine how many back and forths I would have had on such a forum trying to straighten out the problem, when it took Norton techs 9 hours to finally fix it.

My website got hacked and it crashed my forum (Which, by the way, used the same software as this forum). I discovered that there was a "back door" to the forum software that was fixed in a later version. Apparently I did not update in time. The hack came from China. The only reason to have hacked my site was to try to put me out of business. They got no financial gain from shutting down my site. Believe me, there is a war going on in cyberspace. All my spam attempts came from China and former Soviet countries.

It wasn't hysteria on my part,...If it wasn't just hysteria, what was the virus you supposedly had? If you actually had a virus, the Norton technician would have made a big deal about telling you that you did.

Viruses are a lot rarer than people think.

I'm not sure I'd agree with that.

http://cybermap.kaspersky.com

Take a look at the USA (click on it when the map is spinning). #3 most infected country in the world is the USA. I'd say that's a long way from being "rare".

Let's separate "viruses" from "malware". Malware is what most people run into... surreptitiously installed programs that force your browser to go to a specific search engine, pop up coupon images, etc. Annoying, but they're relatively harmless (other than sucking up precious CPU cycles). Viruses are programs intended to either harm your machine (e.g., deleting files) or steal information (e.g., copying files).

Virus infections are relatively rare, comparatively speaking. Malware infections are rampant (I'm continually cleaning the munchkin's machine of junk that gets installed in the background every time she plays a new game). Removing admin rights to your often-used account is the cheapest (and easiest) method to cut down on malware. Virii are going to get in regardless the vast majority of the time.

The best way to avoid any of the above is to watch where you surf (and turning off ads in general with programs like AdBlock Plus helps everywhere). If you are infected at some point, how valuable is your time and money worth? If you value both as much as I do, you'll reach for a backup CD and load it, wiping the current system clean beforehand. Most virii will be toasted in the process (boot sector/UEFI virii being the exception), and if you are careful in your surfing habits, this should only be necessary once in a blue moon (I've had to do it twice in 10 years (?), and both times were due to work-related activities).

Let's separate "viruses" from "malware". Malware is what most people run into... surreptitiously installed programs that force your browser to go to a specific search engine, pop up coupon images, etc. Annoying, but they're relatively harmless (other than sucking up precious CPU cycles). Viruses are programs intended to either harm your machine (e.g., deleting files) or steal information (e.g., copying files).

Virus infections are relatively rare, comparatively speaking. Malware infections are rampant (I'm continually cleaning the munchkin's machine of junk that gets installed in the background every time she plays a new game). Removing admin rights to your often-used account is the cheapest (and easiest) method to cut down on malware. Virii are going to get in regardless the vast majority of the time.

The best way to avoid any of the above is to watch where you surf (and turning off ads in general with programs like AdBlock Plus helps everywhere). If you are infected at some point, how valuable is your time and money worth? If you value both as much as I do, you'll reach for a backup CD and load it, wiping the current system clean beforehand. Most virii will be toasted in the process (boot sector/UEFI virii being the exception), and if you are careful in your surfing habits, this should only be necessary once in a blue moon (I've had to do it twice in 10 years (?), and both times were due to work-related activities).

Viruses are a type of Malware.

When people say "Malware," they are (if properly using the term) referring to the entire category of malicious software.

If it wasn't just hysteria, what was the virus you supposedly had? If you actually had a virus, the Norton technician would have made a big deal about telling you that you did.

We don't typically waste time trying to tell clients what they had, they wouldn't understand anyhow.

We don't typically waste time trying to tell clients what they had, they wouldn't understand anyhow.But you're not Norton. They do, because it solidifies the meaning of their existence in the minds of the subscriber that pays them money. That's the same reason why they make such a big deal out of trivial things, like, "hey we found a tracking cookie on your computer".

The point is that the majority of people that assume their computer has a virus do not have a virus. I'm not saying they are not out there. But the infection rate is far lower than most people believe.

If you're running XP, run regedit and change
HKLM:Software:Microsoft:Windows NT:CurrentVersion:Winlogin:allocatecdroms to 1.

Thanks Phil.

Just gotta love SMC, get good help without asking!

-Tom

But you're not Norton. They do, because it solidifies the meaning of their existence in the minds of the subscriber that pays them money. That's the same reason why they make such a big deal out of trivial things, like, "hey we found a tracking cookie on your computer".

The point is that the majority of people that assume their computer has a virus do not have a virus. I'm not saying they are not out there. But the infection rate is far lower than most people believe.

I can't agree with that.

The Norton tech probably won't reach-out for a convo after they're done because there is no upside. Tell the person you found "xyz.123" and they may come back with "well, I had Norton, why didn't it prevent this?" Now you have to explain zero-day viruses yada yada yada. Next they want to know if their bank accounts were compromised, if they need to change all their passwords. Those conversations can go on for thirty minutes to an hour.

And on the issue of whether people assume they're infected when they're not, I really don't get a lot of that. It happens. But I'd say it is a far greater occurrence that someone asks me to look at something ("I can't print") and I see obvious signs of an underlying infection.

If it wasn't just hysteria, what was the virus you supposedly had? If you actually had a virus, the Norton technician would have made a big deal about telling you that you did.

Excuse me? What point are you trying to make? Virus, malware, whatever, my computer was rendered useless and now I have it back. Resurrected might be the best single word term. The problem, as explained by the Norton tech, and as I already explained if you took the time to read, was with someone installing a (insert: virus, malware, whatever) on my computer that replicated the rundll.exe files with the description com surrogate. And it showed up when the "System infected: Trojan.AdClicker Activity" as well as another Norton message started showing up every time I opened up my laptop. And that was the straw that broke the camel's back. There was 5 years of accumulated "malware" and miscellaneous junk that was also removed. Was it from some action I took while trying to use my computer? Probably. Or maybe not. Semantics.

And after 5 hours the second time and removing multiple issues, the tech wasn't interested in spending 2 more hours going over exactly what he did. He wanted to either go home or get on to the next customer as I bet he gets paid by the case. Nor did I want to listen as his Indian accent was so thick I would have only understood 30% of what he said. I finally ended up communicating through the log he was posting as he went.