Robert Baer wrote:
Diesel wrote:
Pwr@p. Wed, 12 Oct
2016 22:03:24 GMT in alt.computer.workshop, wrote:

Hi,

Often when I'm just sitting there reading or doing something
that's not bothering the hard drive, or right after it has booted
up but I haven't started using it yet, I can hear the hard drive
crank up and start making it's busy noises when it seems like
there should be nothing for it to do. Is there a way to view what
it IS doing? If so, can we tell if it's a virus or malware or
something, and find out where they are so we can try to get rid of
them?

You could use Process Monitor by Sys Internals if you want to see which
program(s) may be reading/writing data. Or, Diskmon if you just want to
see what the HD is doing. As in, read/write, time, sector, bytes
written/read.

https://technet.microsoft.com/en-us/...processmonitor
https://technet.microsoft.com/en-us/...ernals/diskmon

The older versions of Sysinternals apps supported XP, this suite
partially does. Diskmon works, Process Monitor does not. I didn't check
all of them, but, it's unlikely the majority are partially/fully
functional on XP.

And...what about Win2K?


ProcMon uses the ETW subsystem. Which is present
on WinXP or later.

"Event Tracing for Windows"
https://blogs.msdn.microsoft.com/ntd...-and-overview/

"Event Tracing for Windows (ETW) is a system and
software diagnostic, troubleshooting and performance
monitoring component of Windows that has been around
since Windows 2000."

So we just have to step into a Time Machine and go back
and grab a copy. No problemo.

https://web.archive.org/web/20080921.../bb896645.aspx

"Process Monitor runs on Windows 2000 SP4 with Update Rollup 1,
Windows XP SP2, Windows Server 2003 SP1, and Windows Vista
as well as x64 versions of Windows XP, Windows Server 2003 SP1
and Windows Vista."

I hope your Win2K is fully patched...

HTH,
Paul