Microsoft KB Archive/329897

= Computer Runs Slowly and the Winlogon Process Uses a High Percentage of CPU Resources =

Article ID: 329897

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server

-



This article was previously published under Q329897



SYMPTOMS
When you run Windows 2000 or Windows 2000-based programs, you may experience one or more of the following issues:
 * Windows and Windows-based programs run very slowly.
 * Documents do not open correctly, or when they open, they do not contain all of the expected content.
 * You cannot start Windows Task Manager.

NOTE: To start Task Manager, right-click a blank area on the taskbar, and then click Task Manager.
 * If you can start Task Manager, you notice that the Winlogon process uses a very high percentage of available CPU resources.
 * Your antivirus program no longer runs.



CAUSE
You may experience one or more of these issues if your computer is infected with a variant of the W32.Klez worm program (virus).



RESOLUTION
Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:

49500 List of Antivirus Software Vendors



MORE INFORMATION
To determine whether the W32.Klez worm program is running on your computer, follow these steps:  Quit all running programs, and then restart Windows in Safe mode. To start Windows in Safe mode, follow these steps:  Press F8 after the computer performs its Power On Self Test (POST). On the Windows 2000 Advanced Options menu that appears, use the ARROW keys to select Safe Mode, and then press ENTER. Select the operating system to start, and then press ENTER.  Log on to Windows, click Start, click Run, type services.msc in the Open box, and then click OK.</li> Browse the list of running services for the following service

WINK .EXE

where  is two to three random characters appended to the word &quot;WINK&quot; -- for example, WINKAP.EXE, WINKZFU.EXE, or WINKNWK.EXE.</li></ol>

If this service is listed, the computer may be infected with a variant of the Klez worm program.

NOTE: In many cases, you will have to reinstall your antivirus program after you remove this worm program.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: virus, worm, klez, wink, garbled, application, text, infection, program, winkds, winkie, winkoo, winkxbl, winkmm, winkcuz, winknwk, winkvnb, winkap, winkyx, winkzfu, spikes

Keywords: kbprb KB329897

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.