In Cisco Networking, someone brought in a computer to be repaired. So I took a look at it, and it was basically frozen. Long story short, there was a process running called libdos.exe, that was taking up 80% mem. Here is an image of the mem usage: libdos.exe image
It took me a while, but I managed to remove it. But the problem is, I still have no idea what it is. Google, Dogpile, etc, find nothing on that process. It was in C:\WINDOWS\repair. I started a topic on GaiaOnline, and no one knows what it is, although we are keeping the topic bumped until we find it. The process was running on a Windows XP SP2 machine.
Some info from my GaiaOnline topic:
C:\WINDOWS\repair>dir /a
Volume in drive C has no label.
Volume Serial Number is 3485-30E0
Directory of C:\WINDOWS\repair
01/20/2005 01:07 PM <DIR> .
01/20/2005 01:07 PM <DIR> ..
08/29/2002 07:00 AM 1,688 autoexec.nt
07/25/2002 03:51 PM 2,577 config.nt
07/25/2002 03:54 PM 229,376 default
11/23/2004 12:10 PM 867,328 libdos.exe
11/23/2004 12:07 PM 320,735 lituteni.bak2
07/25/2002 03:51 PM 229,376 ntuser.dat
07/25/2002 03:54 PM 20,480 sam
07/25/2002 03:51 PM 240,852 secsetup.inf
07/25/2002 03:54 PM 28,672 security
07/25/2002 03:48 PM 201,419 setup.log
12/04/2004 04:00 PM 1,671,629 sodbil.bak1
12/04/2004 04:07 PM 1,671,629 sodbil.bak2
01/20/2005 01:07 PM 108,657,940 sodbil.ini
01/20/2005 01:51 PM 25,616,384 sodbil.tmp
07/25/2002 03:54 PM 8,192,000 software
07/25/2002 03:54 PM 1,036,288 system
16 File(s) 148,988,373 bytes
2 Dir(s) 30,483,976,192 bytes free
C:\WINDOWS\repair>del /f libdos.exe
Could Not Find C:\WINDOWS\repair\libdos.exe
Process: libdos.exe Pid: 116
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\crypt32LogoffEvent
File \Device\Netbios
File C:\WINDOWS\repair\sodbil.ini
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\Brenda\Desktop
File C:\Documents and Settings\Brenda\Local Settings\Temporary Internet Files\Content.IE5\index.dat
File C:\Documents and Settings\Brenda\Cookies\index.dat
File C:\Documents and Settings\Brenda\Local Settings\History\History.IE5\index.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\WininetConnectionMutex
Mutant \BaseNamedObjects\WininetProxyRegistryMutex
Mutant \BaseNamedObjects\_!MSFTHISTORY!_
Mutant \BaseNamedObjects\c:!documents and settings!brenda!local settings!temporary internet files!content.ie5!
Mutant \BaseNamedObjects\c:!documents and settings!brenda!cookies!
Mutant \BaseNamedObjects\c:!documents and settings!brenda!local settings!history!history.ie5!
Mutant \BaseNamedObjects\WininetStartupMutex
Section \BaseNamedObjects\376d3fd1
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Local Settings_Temporary Internet Files_Content.IE5_index.dat_16171008
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Local Settings_History_History.IE5_index.dat_851968
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Cookies_index.dat_196608
Section \BaseNamedObjects\UrlZonesSM_Brenda
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Thread libdos.exe(116): 848
Thread libdos.exe(116): 1948
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0
Does anyone here have any information on what this is?
It took me a while, but I managed to remove it. But the problem is, I still have no idea what it is. Google, Dogpile, etc, find nothing on that process. It was in C:\WINDOWS\repair. I started a topic on GaiaOnline, and no one knows what it is, although we are keeping the topic bumped until we find it. The process was running on a Windows XP SP2 machine.
Some info from my GaiaOnline topic:
C:\WINDOWS\repair>dir /a
Volume in drive C has no label.
Volume Serial Number is 3485-30E0
Directory of C:\WINDOWS\repair
01/20/2005 01:07 PM <DIR> .
01/20/2005 01:07 PM <DIR> ..
08/29/2002 07:00 AM 1,688 autoexec.nt
07/25/2002 03:51 PM 2,577 config.nt
07/25/2002 03:54 PM 229,376 default
11/23/2004 12:10 PM 867,328 libdos.exe
11/23/2004 12:07 PM 320,735 lituteni.bak2
07/25/2002 03:51 PM 229,376 ntuser.dat
07/25/2002 03:54 PM 20,480 sam
07/25/2002 03:51 PM 240,852 secsetup.inf
07/25/2002 03:54 PM 28,672 security
07/25/2002 03:48 PM 201,419 setup.log
12/04/2004 04:00 PM 1,671,629 sodbil.bak1
12/04/2004 04:07 PM 1,671,629 sodbil.bak2
01/20/2005 01:07 PM 108,657,940 sodbil.ini
01/20/2005 01:51 PM 25,616,384 sodbil.tmp
07/25/2002 03:54 PM 8,192,000 software
07/25/2002 03:54 PM 1,036,288 system
16 File(s) 148,988,373 bytes
2 Dir(s) 30,483,976,192 bytes free
C:\WINDOWS\repair>del /f libdos.exe
Could Not Find C:\WINDOWS\repair\libdos.exe
Process: libdos.exe Pid: 116
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\crypt32LogoffEvent
File \Device\Netbios
File C:\WINDOWS\repair\sodbil.ini
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\Brenda\Desktop
File C:\Documents and Settings\Brenda\Local Settings\Temporary Internet Files\Content.IE5\index.dat
File C:\Documents and Settings\Brenda\Cookies\index.dat
File C:\Documents and Settings\Brenda\Local Settings\History\History.IE5\index.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Key HKCU
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\WininetConnectionMutex
Mutant \BaseNamedObjects\WininetProxyRegistryMutex
Mutant \BaseNamedObjects\_!MSFTHISTORY!_
Mutant \BaseNamedObjects\c:!documents and settings!brenda!local settings!temporary internet files!content.ie5!
Mutant \BaseNamedObjects\c:!documents and settings!brenda!cookies!
Mutant \BaseNamedObjects\c:!documents and settings!brenda!local settings!history!history.ie5!
Mutant \BaseNamedObjects\WininetStartupMutex
Section \BaseNamedObjects\376d3fd1
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Local Settings_Temporary Internet Files_Content.IE5_index.dat_16171008
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Local Settings_History_History.IE5_index.dat_851968
Section \BaseNamedObjects\C:_Documents and Settings_Brenda_Cookies_index.dat_196608
Section \BaseNamedObjects\UrlZonesSM_Brenda
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Thread libdos.exe(116): 848
Thread libdos.exe(116): 1948
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0
Does anyone here have any information on what this is?
Welcome to the Forums 
Facebook
Twitter