Anti-theft program Prey and RAM usage on XP SP3 desktop.

[ratchet]

The process "bash.exe" keeps replicating (for a better word) itself and eating RAM.  In task manager there are always three instances of it listed and although the total of the three never exceeds around 7,000 kb, CleanMem doesn't seem to be able to control it.  I have Prey installed on a Vista laptop and there is no such process listed.  I've uninstalled Prey, reinstalled and the same issue (and processes) occurred.  I've notified Prey!  I discovered this two AMs ago when RAM usage on my 1gig machine over night was up to 50% (20% or less would have been normal) at idle and sored to over 75% when a browser session started.  Very strange!  At first I thought it had something to do with the CleanMem pro version since I had recently installed it but soon realized it had nothing to do with it.  Since CM doesn't seem to be able to tame it  (In retrospect, I did not try entering it in the advanced settings although I suspect it may not make any difference because I did manually invoke cleaning and it didn't make any difference) I thought you would be interested.  Thank you!

[Shane]

In vista and newer MS lets programs be protected. So no other process can touch it. These protected processes can't be touched by CleanMem because of that. Some AV's have their processes running protected.

The Microsoft® Windows Vista™ operating system introduces a new type of
process known as a protected process to enhance support for Digital Rights
Management functionality in Windows Vista. These protected processes exist
alongside other processes in Windows Vista.

The primary difference between a typical process and a protected process is
the level of access that other processes in the system can obtain to protected
processes. In versions of Microsoft Windows® earlier than Windows Vista, the
process model allows a parent process to acquire a handle to and manipulate the
state of any child process that it creates. Likewise, processes that users created
with sufficient privileges can access and manipulate the state of all processes on
the system. This behavior remains true for typical processes. However, the level of
access to protected processes and threads within those processes is significantly
more constrained.

Shane

[ratchet]

In vista and newer MS lets programs be protected. So no other process can touch it. These protected processes can't be touched by CleanMem because of that. Some AV's have their processes running protected.

The Microsoft® Windows Vista™ operating system introduces a new type of
process known as a protected process to enhance support for Digital Rights
Management functionality in Windows Vista. These protected processes exist
alongside other processes in Windows Vista.

The primary difference between a typical process and a protected process is
the level of access that other processes in the system can obtain to protected
processes. In versions of Microsoft Windows® earlier than Windows Vista, the
process model allows a parent process to acquire a handle to and manipulate the
state of any child process that it creates. Likewise, processes that users created
with sufficient privileges can access and manipulate the state of all processes on
the system. This behavior remains true for typical processes. However, the level of
access to protected processes and threads within those processes is significantly
more constrained.

Shane

Very interesting and thank you.  I doubt anyone will ever walk out of my home with the desktop anyway!