Broadband Tech > Security > Security > sudden slow browsing - CPU flat out

reply to madpiano

Re: sudden slow browsing - CPU flat out

Well add me to the list of people seeing symproxysvc.exe chew up 100% CPU and cause really slow browsing.

I'm running NIS 2002 on WinXP. Anyone have any definitive information as to what the problem is or if it will be fixed?

Thanks!
-S
--
The war is over??

said by sonofjay:

---

Well add me to the list of people seeing symproxysvc.exe chew up 100% CPU and cause really slow browsing.

I'm running NIS 2002 on WinXP. Anyone have any definitive information as to what the problem is or if it will be fixed?

---

There are no LUs available. I have already applied both and the symproxysvc.exe is still chewing up 97-100% CPU.

Has anyone gotten any info from Symantec or found a way to manually correct this? Web browsing in this current state is not bearable.

Thanks!
--
The war is over??

Okay, let me rephrase prior query:

It would be interesting to know what a File | Find ... on SYM*.* yields for File Created and File Last Modified dates, also same information for SNDMON.EXE .(There are others who've indicated that LiveUpdate found nothing waiting, so it's sort of important to know what you've got at the moment.)
--
Regards, Joseph V. Morris

Sorry, I misunderstood what you were asking for .

Here's what I have:

SYMDATASVC.DLL, Norton Internet Security 4.0.3.104, 63144 bytes
2002-02-18 13:06:06, SHA1: B6FA7C39FA4E72046B7D59330E60D1EC9307B860

SYMICONV.DLL, Norton Internet Security 4.0.3.104, 607912 bytes
2002-02-18 13:07:02, SHA1: 6F4B846006FDB06A6031CCFDCCB445AC4E12D7BA

SYMPROXY.DLL, Norton Internet Security 4.0.3.104, 104104 bytes
2002-02-18 13:06:12, SHA1: 5003CAB20F5707BFD929C688A80F430B3C140F22

SYMPROXYALERT.DLL, Norton Internet Security 4.0.3.104, 71336 bytes
2002-02-18 13:06:18, SHA1: 0BA248AE572E232BD8659AAEF510250D40C31246

SYMPROXYSVC.EXE, Norton Internet Security 4.0.3.104, 54952 bytes
2002-02-18 13:02:46, SHA1: 54964A03DC8A420501B764CAF0F211BC3EC025AE

SYMURL.DLL, Norton Internet Security 4.0.3.105, 124584 bytes
2002-03-01 11:20:10, SHA1: 86FD41963EB464B5CAA0C3488F645775BE301C1C

SYMWBWND.DLL, Norton Internet Security 4.0.3.104, 145064 bytes
2002-02-18 13:06:28, SHA1: FF981BFF79D53C64965251C7CEBE6FB867ECE039

Sndmon.exe
location C:\Program Files\Symantec\LiveUpdate
85.1 KB (87,184 bytes)
Sunday, May 23, 2004, 12:32:52 PM
Friday, May 21, 2004, 2:59:46 PM
--
The war is over??

Something is missing! Where's the famous SYMDNS.* file? (That's purportedly what started all this nonsense.)
--
Regards, Joseph V. Morris

Sorry, maybe there is an easier way to get the file info but I just used the NisSettings.exe and manually got the info for SNDMon.exe. Here's the info on SYMDNS.* (I only found one)

symdns.sys
version 5.3.1.54
location C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM

Sndmon.exe
version 5.3.1.9
location C:\Program Files\Symantec\LiveUpdate
85.1 KB (87,184 bytes)
Sunday, May 23, 2004, 12:32:52 PM
Friday, May 21, 2004, 2:59:46 PM
--
The war is over??

Okay, your sndmon.exe file is the same as people who have NIS/NPF 2002 working, so that doesn't seem to be the problem (same situation in a different thread at Wilders, incidentally).

I'm sorry, I'm getting confused between what's posted in what thread, so I didn't give you sufficient instructions last time.

We are fairly certain that, whatever is causing the problem, it is some file not routinely found by NIS Settings. If you check you'll notice that all the files you listed are quite old and that's what other people who've now resolved the problem have also noted. So, it's located in some other obscure Norton or Symantec directory (of which you've probably got about half a dozen scattered around your C: drive). As a working hypothesis, the next thing is to find a file, probably SYM*.*, located somewhere on the drive that shows a Date Modified after 1 May 2004 (but presumably before 24 May 2004). The way to find these files is to use Start | File | Find ... or Start | Search | Files ... , depending on your OS, and then search for the wildcard filename SYM*.* . You should find a lot of files, some of which you've already displayed above and have date modified information well before the most recent LiveUpdates -- so you can ignore those. Specifically, we're probably looking for something with a 2004 date. If you find such files, we need to know • the FileName, • the FileSize (to the BYTE, not the number expressed in KB), • the FileCreated date, • the FileModified date, and • FileVersion information (off the second tab) for each such file. You get this by right-clicking on the file(s) listed in the search/find display and then selected Properties in the pop-up menu that then appears. You're going to have to write it down, because it doesn't copy and paste easily -- be careful, every digit is important.

We can then check what you find against what someone else has and possibly identify the source of the problem.

Unfortunately probably is the operative word here; it may turn out to be some other obscure Symantec/Norton file that does not begin with SYM; Symantec is not saying and we're still looking for the source of the problem.
--
Regards, Joseph V. Morris

JV Morris I do not hve NIS or NPF but I am having the same problem. Panda and Nav both show me virus free and I am sitting behind a Internet Sharing Box with NAT enabled.I am also running NSW 2003.Any idea's?
--

That one is beyond me. I would strongly recommend that you start a new thread for NSW 2003, identify the OS you're using, and detail the precise symptoms that you are experiencing.

However, are you sure that your problems are not related to the DDos Attacks currently ongoing against a number of HTML-based security forums?

I haven't even had a chance to check out »www.incidents.org so far today, so I have to admit I'm not uptodate on what may be happening out there in general.
--
Regards, Joseph V. Morris

Thanks jvmorris!

Do you have a link to the other forum that covers this problem? I'd like to read up on it too.

SymantecRootInstaller.exe
2.0.39.0
C:\Program Files\Symantec\LiveUpdate
197 KB (201,880 bytes)
Saturday, May 17, 2003, 10:27:23 PM
Friday, January 02, 2004, 3:20:24 PM

SymantecRootInstaller.log
C:\Program Files\Symantec\LiveUpdate
42 bytes (42 bytes)
Monday, January 19, 2004, 10:33:39 PM
Monday, January 19, 2004, 10:33:39 PM

symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub
7.94 KB (8,137 bytes)
Tuesday, April 13, 2004, 4:00:00 AM
Tuesday, April 13, 2004, 4:00:00 AM

symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub
899 bytes (899 bytes)
Tuesday, April 13, 2004, 4:00:00 AM
Tuesday, April 13, 2004, 4:00:00 AM

SymRedir.cat
C:\WINDOWS\system32\drivers
20 bytes (20 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM

SymRedir.inf
C:\WINDOWS\system32\drivers
1.10 KB (1,133 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM

symdns.sys
5.3.1.54
C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM

symndis.sys
5.3.1.54
C:\WINDOWS\system32\drivers
50.3 KB (51,552 bytes)
Thursday, May 13, 2004, 9:25:12 PM
Thursday, May 13, 2004, 9:25:12 PM

SymIDSCo.sys
5.3.1.54
C:\WINDOWS\system32\drivers
166 KB (170,208 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM

symredrv.sys
5.3.1.54
C:\WINDOWS\system32\drivers
15.9 KB (16,288 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM

symtdi.sys
5.3.1.54
C:\WINDOWS\system32\drivers
257 KB (263,744 bytes)
Thursday, May 13, 2004, 9:25:18 PM
Thursday, May 13, 2004, 9:25:18 PM

SymRedir.dll
5.3.1.54
C:\WINDOWS\system32
113 KB (115,936 bytes)
Thursday, May 13, 2004, 9:25:20 PM
Thursday, May 13, 2004, 9:25:20 PM

SymNeti.dll
5.3.1.54
C:\WINDOWS\system32
493 KB (505,056 bytes)
Thursday, May 13, 2004, 9:25:22 PM
Thursday, May 13, 2004, 9:25:22 PM

SymFW.sys
5.3.1.55
C:\WINDOWS\system32\drivers
162 KB (166,048 bytes)
Sunday, May 23, 2004, 2:23:10 PM
Tuesday, May 18, 2004, 1:01:28 AM

SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040518.032
7.94 KB (8,137 bytes)
Tuesday, May 18, 2004, 6:03:22 PM
Tuesday, May 18, 2004, 4:00:00 AM

SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040518.032
900 bytes (900 bytes)
Tuesday, May 18, 2004, 6:03:22 PM
Tuesday, May 18, 2004, 4:00:00 AM

SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040519.021
7.94 KB (8,137 bytes)
Sunday, May 23, 2004, 12:34:14 PM
Wednesday, May 19, 2004, 4:00:00 AM

SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040519.021
900 bytes (900 bytes)
Sunday, May 23, 2004, 12:34:14 PM
Wednesday, May 19, 2004, 4:00:00 AM

symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpD0.tmp
7.94 KB (8,137 bytes)
Sunday, May 23, 2004, 12:34:12 PM
Wednesday, May 19, 2004, 4:00:00 AM

symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpD0.tmp
900 bytes (900 bytes)
Sunday, May 23, 2004, 12:34:12 PM
Wednesday, May 19, 2004, 4:00:00 AM

SYMAVENG.985
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpCF.tmp
1.39 KB (1,425 bytes)
Sunday, May 23, 2004, 12:33:42 PM
Wednesday, May 19, 2004, 10:53:48 AM

SYMAVENG.984
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpCF.tmp
104 bytes (104 bytes)
Sunday, May 23, 2004, 12:33:42 PM
Wednesday, May 19, 2004, 10:53:50 AM
--
The war is over??

reply to sonofjay
Okay, thanks, scratching down here.
Randy, I could use a bit of help regarding his NAV entries.

said by sonofjay:

---

...Do you have a link to the other forum that covers this problem? I'd like to read up on it too.

---

quote:

---

SymantecRootInstaller.exe 2.0.39.0 too old. . . .
SymantecRootInstaller.log LOG File ...
symaveng.cat NAV file ...
symaveng.inf Ditto ...

---

quote:

---

SymRedir.cat
C:\WINDOWS\system32\drivers
20 bytes (20 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM

SymRedir.inf
C:\WINDOWS\system32\drivers
1.10 KB (1,133 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM

symdns.sys
5.3.1.54
C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM

symndis.sys
5.3.1.54
C:\WINDOWS\system32\drivers
50.3 KB (51,552 bytes)
Thursday, May 13, 2004, 9:25:12 PM
Thursday, May 13, 2004, 9:25:12 PM

SymIDSCo.sys
5.3.1.54
C:\WINDOWS\system32\drivers
166 KB (170,208 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM

symredrv.sys
5.3.1.54
C:\WINDOWS\system32\drivers
15.9 KB (16,288 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM

symtdi.sys
5.3.1.54
C:\WINDOWS\system32\drivers
257 KB (263,744 bytes)
Thursday, May 13, 2004, 9:25:18 PM
Thursday, May 13, 2004, 9:25:18 PM

SymRedir.dll
5.3.1.54
C:\WINDOWS\system32
113 KB (115,936 bytes)
Thursday, May 13, 2004, 9:25:20 PM
Thursday, May 13, 2004, 9:25:20 PM

SymNeti.dll
5.3.1.54
C:\WINDOWS\system32
493 KB (505,056 bytes)
Thursday, May 13, 2004, 9:25:22 PM
Thursday, May 13, 2004, 9:25:22 PM

---

quote:

---

SymFW.sys
5.3.1.55
C:\WINDOWS\system32\drivers
162 KB (166,048 bytes)
Sunday, May 23, 2004, 2:23:10 PM
Tuesday, May 18, 2004, 1:01:28 AM

---

quote:

---

SYMAVENG.CAT NAV File...
SYMAVENG.INF ditto...
SYMAVENG.CAT ditto...
SYMAVENG.INF ditto...
symaveng.cat ditto...
symaveng.inf ditto...
SYMAVENG.985 ditto...
SYMAVENG.984 ditto...

---

Thanks!

Also, I just went back and confirmed that the create date and modified date were indeed the same on the files that had the two dates as being identical
--
The war is over??

reply to sonofjay

said by sonofjay:

---

For what its worth. I am able to temporarily surf normally after I disabled the Proxy service.

---

reply to sonofjay
Okay, back to the compressed list of other sites:

At Wilders, check the "Other Firewalls" forum after 13 May at »www.wilderssecurity.com/forumdis···php?f=31 .

At Computer Cops, check the "Symantec General" forum at »www.computercops.biz/forum82.html .

At Gladiator Security Forum, see the thread at »forum.gladiator-antivirus.com/in···4759&hl= .

There are multiple threads at Wilders and Computer Cops, only one (I believe) at Gladiator.

I have a problem in referencing threads in the NNTP newsgroups. The one most relevant is at nntp://news.grc.com/grc.security (hope I typed that correctly) and starts with a thread title of "AtGuard Vulnerable?" That's the one that lists the specific threads in the various HTML-based forums, which I really should consolidate and bring back here, also.
--
Regards, Joseph V. Morris

reply to sonofjay
You might also want to start monitoring the thread at »computercops.biz/postx41991-0-0.html ,
especially the recent postings by Troy_McClure.

You guys show different results on SYMFW.SYS and I'm not sure why (but that may be about to change, based on his last post).
--
Regards, Joseph V. Morris

reply to jvmorris

said by jvmorris:

---

.. I could use a bit of help regarding his NAV entries.

---