Hi Hayton,
You seem to be running with version 2010 of McAfee Internet Security Suite.
I am running with the latest version of McAfee Total Protection 2011 Beta, full of unwanted behavior.
Even though I run with Real-Time Scanning off, but took a PrtScrn Snapshot of mine with it turned on. McAfee total Protection 2011 version has two Scan Settings. One for Boot. One for regular scanning. Boot can't be disabled.
Yes, I have 2010. Looking at the 2011 interface I think I prefer the greater level of fine-tuning in the 2010 version.
mcshield update : now behaving better - except when opening and using Chrome (like now). Changing those settings definitely helped, to some extent at least.
I've been looking through the tools available from SysInternals, and I've found something that might be useful, if anyone else wants to download it and give it a go : ProcDump - from http://technet.microsoft.com/en-us/sysinternals/dd996900
ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.
It's command-line, so presumably needs to be run from a DOS window (you might get away with running it with a short argument list from Start-->Run). I don't know whether this definition of a "cpu spike" quite describes the runaway cpu hogging that mcshield is guilty of, but it might be worth a try.
@Anyone reporting problems with winlogon.exe : have a look at the snippet below, taken from a malwarecity report about a new botnet spreading by (among other means) getting users to click on a fake Java Update alert :
On top of that, the bot proceeds to uninstalling other bots such as Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite if found injected into winlogon.exe, csrss.exe and services.exe.
According to the latest VirusTotal report (HERE) this is detected by McAfee as Artemis!B2282DE189F1, so you should perhaps run a quick scan to check you're okay.
Message was edited by: Hayton on 22/07/11 04:05:31 ISTHayton wrote:
@Anyone reporting problems with winlogon.exe : have a look at the snippet below, taken from a malwarecity report about a new botnet spreading by (among other means) getting users to click on a fake Java Update alert :
On top of that, the bot proceeds to uninstalling other bots such as Cerberus, Blackshades, CyberGate, or OrgeneraL DDoS Bot Cryptosuite if found injected into winlogon.exe, csrss.exe and services.exe.
According to the latest VirusTotal report (HERE) this is detected by McAfee as Artemis!B2282DE189F1, so you should perhaps run a quick scan to check you're okay.
Message was edited by: Hayton on 22/07/11 04:05:31 IST
At least in my case , that is not the cause. A complete uninstall / reinstall on 6/23 did not solve the issue. A scan has been run and nothing was found.
Hello Spyron, Peacekeepr, jwolford and all again - Its been while....
Just thought I'd throw in my observations going back a few weeks - namely that mcshield.exe IS using a lot of memory and its only started doing it realtively recently ( say 6 weeks ago? )
I see it going as highly as 280,000 sometimes - though not often. After reboot it goes steadily up and up for about 10 minutes, then stays steady at - and I'm giving you right now numbers - 71,200.. The only process running higher than this if Firefox.
Does this seem high to you? t times, it has gone so high that the system locks up completely - shutting down the process is the only way I'm running. I've been away for a few weeks so can't say this has happened in the last week or so, but it was certainly happeneing back in mid June.
Security Center Version 11
Build 11.0.572
Virus Scan 15
Vuild 15.0.291
DAT 6317 \
Firewall 12
Build 12.0.338
XP SP3
On current observation, as I was writing this message, the 71,000 suddenly dropped down to 29,000 ( no reason for this - all I ws doing was typing this message, and its racking up again. Now at 34,600.
10 minutes later now at 57,300
I'm quite ready to be told this is all normal! Just grateful for some feedback
Message was edited by: islandgirl on 7/25/11 7:14:51 AM GMT-06:00Not usual mine maxs out at 34K when scanning We will talk about it today. What is your ram size?
2Gb. In the course of the day McShield.exe has gone down to 12,000 - which is where it should be. Strange,.
I will reboot and see what happens.
rebooted and the moment i started Firefox it shot up to around 320,000. Nothing else open. Then dropped down again to around 33,000 then rose to around 60,000. Ten minutes or so later - with no browinsg in Firefox, just sitting open now dropped to 32,000
I am lurking on this forum to see how another thread is going - when I spotted this one.
Has anyone investigated/checked/considered what version of the C++ library is installed on PC's that are having the problems?
Just a thought...
islandgirl wrote:
rebooted and the moment i started Firefox it shot up to around 320,000. Nothing else open. Then dropped down again to around 33,000 then rose to around 60,000. Ten minutes or so later - with no browinsg in Firefox, just sitting open now dropped to 32,000
Hi islandgirl and All,
Everyone is complaining about Mcshield.exe memory usage. When is the last time, you have done maintenance on the Hard Drive and operating system?
By maintenance, I mean, manually cleaning out your \Temp folders, deleting all possible files and sub-folders. Running Disk Cleanup. Cleaning the caches of FireFox, Java and Adobe Flash Player. Running Chkdsk and defragmenting the Hard Drive.
Cleaned the History List?
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: