jay

Distinguished
Mar 7, 2001
581
0
18,980
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

when i run adaware se, it says there are 36 process running and 1300+process
modules. what is a process module? also, when i come tothis site i can never
sse the whole page, its cut off on the right. anyideas? thx, jay
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

If you plan on spending any time at all in newsgroups, set up Outlook
Express as your newsreader and dump the CDO.

Getting News from Newsgroups
http://www.microsoft.com/windows/ie/using/howto/oe/gettingnews.asp

Using Outlook Express To View Newsgroups
http://support.microsoft.com/default.aspx?scid=%2fdirectory%2fworldwide%2fen-gb%2fnewsout.asp

Viewing and Posting to Newsgroups
http://www.microsoft.com/windows/ie/using/howto/oe/newsgroups.asp

Windows XP Newsgroup Setup Instructions
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp

Setting up Outlook Express Newsreader
http://michaelstevenstech.com/outlookexpressnewreader.htm

Set Up Outlook Express
http://www.microsoft.com/windows/ie/using/howto/oe/setup.asp

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:919BEB85-EBAC-4597-A4E4-6C12F3532F16@microsoft.com,
jay <jay@discussions.microsoft.com> hunted and pecked:
> when i run adaware se, it says there are 36 process running and
> 1300+process modules. what is a process module? also, when i come
> tothis site i can never sse the whole page, its cut off on the right.
> anyideas? thx, jay
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

jay wrote:
> when i run adaware se, it says there are 36 process running and 1300+process
> modules. what is a process module? also, when i come tothis site i can never
> sse the whole page, its cut off on the right. anyideas? thx, jay

Typically they are DLLs opened by the parent EXE file.
If you download Process Viewer -
http://www.xmlsp.com/pview/prcview.htm
you can see a list of running processes.
If you right click on a process in the list one of the choices will be
"Modules."

--
HTH
Bob Dietz
 

Linda

Distinguished
Apr 11, 2004
143
0
18,680
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

i am having the same problem, im showing 1300 + modules , that info is on the
ad ware when im doing a scan. is it normal to have that many modules? and if
not how do u get rid of them or know which ones are okey to get rid of. thx

"Bob Dietz" wrote:

> jay wrote:
> > when i run adaware se, it says there are 36 process running and 1300+process
> > modules. what is a process module? also, when i come tothis site i can never
> > sse the whole page, its cut off on the right. anyideas? thx, jay
>
> Typically they are DLLs opened by the parent EXE file.
> If you download Process Viewer -
> http://www.xmlsp.com/pview/prcview.htm
> you can see a list of running processes.
> If you right click on a process in the list one of the choices will be
> "Modules."
>
> --
> HTH
> Bob Dietz
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Nothing abnormal about that number. I currently have 1,313 so-called process
modules, with no problems whatsoever.

Ted Zieglar

"linda" <linda@discussions.microsoft.com> wrote in message
news:8B4152A1-A1B4-4FFB-BF1E-89A4021BB36A@microsoft.com...
>i am having the same problem, im showing 1300 + modules , that info is on
>the
> ad ware when im doing a scan. is it normal to have that many modules? and
> if
> not how do u get rid of them or know which ones are okey to get rid of.
> thx
>
> "Bob Dietz" wrote:
>
>> jay wrote:
>> > when i run adaware se, it says there are 36 process running and
>> > 1300+process
>> > modules. what is a process module? also, when i come tothis site i can
>> > never
>> > sse the whole page, its cut off on the right. anyideas? thx, jay
>>
>> Typically they are DLLs opened by the parent EXE file.
>> If you download Process Viewer -
>> http://www.xmlsp.com/pview/prcview.htm
>> you can see a list of running processes.
>> If you right click on a process in the list one of the choices will be
>> "Modules."
>>
>> --
>> HTH
>> Bob Dietz
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Ad-Aware and Process Viewer see the same modules, but total them up
differently. For example:
Process A
Module 1
Module 2
Process B
Module 1
Module 3
Process C
Module 1
Module 4

Ad-aware would report:
3 Running Processes
6 Process Modules

In Process Viewer, select the View> Module Usage menu item. Then look at
the status bar of the newly opened window and you'd see '4 Module(s).'

In both case there are exactly 4 modules in memory, but Module 1 is
being used by three distinct processes.

Your count of 1300+ modules is normal for Ad-Aware, but that doesn't
tell you if they are all legit modules. If you're dealing with super
critical data (access codes to Fort Knox, locations for the missing WMDs
....) and there has been an intrusion on the system --- you'd probably
want to verify the location and version of each module as well as
compare byte count and MD5 check sum of each module against a known good
reference image.

For us normal folk, if SpyBot, Ad-Aware and your anti-virus program all
give clean scans we'll just assume the 400+ unique modules reported by
Process Viewer are all OK.

For more information see Robert Hensing's Weblog.
http://weblogs.asp.net/robert_hensing/
Robert Hensing is a member of the Microsoft Product
Support Services Incident Response team.

--
Bob Dietz

linda wrote:
> i am having the same problem, im showing 1300 + modules , that info is on the
> ad ware when im doing a scan. is it normal to have that many modules? and if
> not how do u get rid of them or know which ones are okey to get rid of. thx
>
> "Bob Dietz" wrote:
>
>
>>jay wrote:
>>
>>>when i run adaware se, it says there are 36 process running and 1300+process
>>>modules. what is a process module? also, when i come tothis site i can never
>>>sse the whole page, its cut off on the right. anyideas? thx, jay
>>
>>Typically they are DLLs opened by the parent EXE file.
>>If you download Process Viewer -
>>http://www.xmlsp.com/pview/prcview.htm
>>you can see a list of running processes.
>>If you right click on a process in the list one of the choices will be
>>"Modules."
>>
>>--
>>HTH
>>Bob Dietz
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

In a previous post I mentioned that the number of process modules is not
what matters - it's what those process modules are doing that counts.

You didn't mean to exclude me from "us normal folk" did you?
--
Ted Zieglar


"Bob Dietz" <rbdietz_1999@yahoo.com> wrote in message
news:e5d5ldv$EHA.608@TK2MSFTNGP15.phx.gbl...
> Ad-Aware and Process Viewer see the same modules, but total them up
> differently. For example:
> Process A
> Module 1
> Module 2
> Process B
> Module 1
> Module 3
> Process C
> Module 1
> Module 4
>
> Ad-aware would report:
> 3 Running Processes
> 6 Process Modules
>
> In Process Viewer, select the View> Module Usage menu item. Then look at
> the status bar of the newly opened window and you'd see '4 Module(s).'
>
> In both case there are exactly 4 modules in memory, but Module 1 is
> being used by three distinct processes.
>
> Your count of 1300+ modules is normal for Ad-Aware, but that doesn't
> tell you if they are all legit modules. If you're dealing with super
> critical data (access codes to Fort Knox, locations for the missing WMDs
> ...) and there has been an intrusion on the system --- you'd probably
> want to verify the location and version of each module as well as
> compare byte count and MD5 check sum of each module against a known good
> reference image.
>
> For us normal folk, if SpyBot, Ad-Aware and your anti-virus program all
> give clean scans we'll just assume the 400+ unique modules reported by
> Process Viewer are all OK.
>
> For more information see Robert Hensing's Weblog.
> http://weblogs.asp.net/robert_hensing/
> Robert Hensing is a member of the Microsoft Product
> Support Services Incident Response team.
>
> --
> Bob Dietz
>
> linda wrote:
> > i am having the same problem, im showing 1300 + modules , that info is
on the
> > ad ware when im doing a scan. is it normal to have that many modules?
and if
> > not how do u get rid of them or know which ones are okey to get rid of.
thx
> >
> > "Bob Dietz" wrote:
> >
> >
> >>jay wrote:
> >>
> >>>when i run adaware se, it says there are 36 process running and
1300+process
> >>>modules. what is a process module? also, when i come tothis site i can
never
> >>>sse the whole page, its cut off on the right. anyideas? thx, jay
> >>
> >>Typically they are DLLs opened by the parent EXE file.
> >>If you download Process Viewer -
> >>http://www.xmlsp.com/pview/prcview.htm
> >>you can see a list of running processes.
> >>If you right click on a process in the list one of the choices will be
> >>"Modules."
> >>
> >>--
> >>HTH
> >>Bob Dietz
> >>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Ted Zieglar wrote:
> In a previous post I mentioned that the number of process modules is not
> what matters - it's what those process modules are doing that counts.

That's essentially correct.

Two days ago I worked on a system where the initial scan (Ad-Aware run
in ***SAFE MODE***) showed:
9 Running Processes
317 Process Modules
1924 Objects Recognized
1924 New Critical Objects

After clean up, Ad-Aware scan (not in ***SAFE MODE***) shows:
30 Running Processes
1229 Process Modules
0 Object Recognized
0 New Critical Objects

Those 1924 New Critical Objects represented 37 separate infections.
Ad-aware was able to remove all that. Opon normal boot, a rogue process
was (still) creating randomly named .dll files in %windir%\system32\
and inserting them into a system start up location. I had WinPatrol set
to inspect the system once every 5 minutes at which point it would alert
me and I'd disable the item. The rogue item was a module being run
inside one of the svchost.exe processes. I killed the svchost parent
process which resulted in an instantaneous power off of the system. I
booted into safe mode and renamed the offending .dll. That seemed to
cure the problem, but I still gave a pretty close look at the rest of
the modules to make sure that file path, file version and file creation
date all made sense.

>
> You didn't mean to exclude me from "us normal folk" did you?

If anyone were to be excluded from "normal folk" it would be me - 'cause
I'm a geek. :)

--
Bob Dietz
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Geek or not, that was a great post! I'm taking notes.
--
Ted Zieglar


"Bob Dietz" <rbdietz_1999@yahoo.com> wrote in message
news:uAdq0Nw$EHA.1264@TK2MSFTNGP12.phx.gbl...
> Ted Zieglar wrote:
> > In a previous post I mentioned that the number of process modules is not
> > what matters - it's what those process modules are doing that counts.
>
> That's essentially correct.
>
> Two days ago I worked on a system where the initial scan (Ad-Aware run
> in ***SAFE MODE***) showed:
> 9 Running Processes
> 317 Process Modules
> 1924 Objects Recognized
> 1924 New Critical Objects
>
> After clean up, Ad-Aware scan (not in ***SAFE MODE***) shows:
> 30 Running Processes
> 1229 Process Modules
> 0 Object Recognized
> 0 New Critical Objects
>
> Those 1924 New Critical Objects represented 37 separate infections.
> Ad-aware was able to remove all that. Opon normal boot, a rogue process
> was (still) creating randomly named .dll files in %windir%\system32\
> and inserting them into a system start up location. I had WinPatrol set
> to inspect the system once every 5 minutes at which point it would alert
> me and I'd disable the item. The rogue item was a module being run
> inside one of the svchost.exe processes. I killed the svchost parent
> process which resulted in an instantaneous power off of the system. I
> booted into safe mode and renamed the offending .dll. That seemed to
> cure the problem, but I still gave a pretty close look at the rest of
> the modules to make sure that file path, file version and file creation
> date all made sense.
>
> >
> > You didn't mean to exclude me from "us normal folk" did you?
>
> If anyone were to be excluded from "normal folk" it would be me - 'cause
> I'm a geek. :)
>
> --
> Bob Dietz