Error - “Memory cannot be read” How to fix? We delete the process nssm exe The error the non sucking service manager pops up

Today we will look at an application about which there is very little information on the Internet. Despite this, in most cases the process of this utility does not pose any danger. But to be sure of this, you need to carefully study it and analyze the behavior of the system. Therefore, let’s look at what kind of Nssm program this is and how to remove it.

Program description

Nssm (the Non-Sucking Service Manager) is a free, portable utility for running any application as a service on Microsoft operating systems. Those. with its help you can convert the program into a standard one Windows service and equate them to system processes, providing appropriate permissions and authorities. It is not known why to do this and who might need it this application, but if you are reading this article, it means you are definitely not going to use Nssm for its intended purpose.

By default, nssm.exe is located at C:\Users\<ИмяПользователя>\AppData\Roaming, has a size of 294,912 (96% of cases) or 338,944 bytes and has a fairly low potential danger rating (19%).

It is noteworthy that the application file is located in a folder intended for temporary files of various programs. From this we can conclude that Nssm is needed for the operation of one of the software products pre-installed on the computer and does not pose a threat to personal data and the system as a whole.

How to delete?

If you set out to get rid of unknown software, follow these steps:


If Nssm was a regular utility, the application will be removed from the computer. But there are known cases where viruses, worms and Trojans disguised themselves as Non-Sucking Service Manager. If nssm.exe loads the processor or displays an “application error” pop-up window, it’s worth talking about a PC infection.

To disinfect your computer, follow these steps:

If Nssm has not been removed, and problems with slow computer operation and freezes have not disappeared, it is recommended to download Dr.Web CureIt! and scan completely HDD for the presence of malware. If a viral software follow the prompts antivirus scanner.

In any case, the Non-Sucking Service Manager is not a vital utility and is recommended for removal at the slightest hint of ill will. And if it is needed for the operation of another application, then you will be notified about this and download the verified version from the official website. Now we know what kind of program Nssm is and how to remove it.

Judging by the forums, there are truly a huge number of rumors, opinions and assumptions circulating on the Internet regarding the occurrence of this error. Suffice it to say that Yandex finds two million pages for the query “Memory cannot be read”. An impressive figure, you will agree.

The reason for the error is quite simple: the virtual memory manager detects an attempt to access memory pages that are not allowed for this process to access. This error, of course, is not fatal, so the standard error message “Memory cannot exist...” is displayed. To put it simply, a certain space is allocated in memory for each program. And if the application starts to go beyond this space, i.e. tries to read something from there (read) or write something there (written), then the following error will appear. That is why Microsoft does not give any recommendations for eliminating this error, because it is not its fault that some user programs cannot adequately manage the memory allocated to them.

The most common opinions about the reasons for this error:

  1. Bad memory- on many forums, the first thing they advise is to check the random access memory (RAM), but in reality broken memory behaves somewhat differently. As a rule, this either instantly reboots the computer, or simply freezes/crashes in various applications.
  2. Virus attack- viral activity usually manifests itself somewhat differently. Often this looks like a refusal to launch infected applications, the absence of the Desktop (i.e. Explorer\explorer.exe does not start) or 100% processor load. But, of course, this does not mean that you can do without an antivirus. An error has appeared - check your computer for viruses. Especially if there was no such error before.
  3. Lack of Windows updates- actual quantity installed updates has no effect on this error. In other words, you can install standard WinXP+SP2 and sit quietly at your computer, or you can download all the updates that are available, but still get this error, although on the Internet you can sometimes find advice on how to remove a particular update. Additionally, many users install complex update packages (better known as Service Packs) that contain several hundred updates, making it impossible to determine the culprit.

Possible causes of the error "Memory cannot be read\written"

Possible reason #1 - DEP service

Reference :"Data Execution Prevention (DEP) is used to prevent viruses and other security threats that perform malicious code from memory areas that should only be used operating system Windows and other programs. This type of security threat causes damage by occupying, in turn, all the memory areas used by the program. The virus then spreads and damages other programs, files and even contacts Email.

Unlike a firewall or antivirus program DEP tool does not potentially prevent installation dangerous programs on computer. Instead, it monitors programs to use system memory in a safe manner. To achieve this, DEP works alone or in conjunction with compatible microprocessors and marks certain areas as "not executable". If a program tries to run code (any code) from a protected area, DEP closes the program and displays a notification."

A comment : If a program triggers this feature, Microsoft recommends that you select OptOut mode and add that program to the exceptions list. However, often a program consists not of one executable module, but of many dynamic libraries, and it is not always possible to accurately determine which one triggers DEP. If you really need the program, but you can’t get it to work using the method described above, it’s easier to disable DEP entirely by editing boot.ini. Although, if the likelihood of this error occurring is small, and if you do not encounter it, it is better to leave DEP enabled - this way the system will be more protected from the possibility of executing a virus.

There are four options for configuring the DEP function

OptIn- (set by default). In this configuration, only essential system programs and services.

OptOut- DEP is enabled for all processes and applications, except those manually added by the user to the exception list.

Always On- In this mode, DEP is always enabled for the system as a whole, all processes and applications, regardless of the settings of the user or software manufacturer.

AlwaysOff- DEP is completely disabled.

The first two settings can be switched using the control panel: " System" -> "Additionally" -> "Performance" -> button " Options" -> bookmark " Data Execution Prevention". (For additional description, see the link from there.)

To completely enable or disable DEP, you must manually edit the file located in the root of the boot partition of the disk hidden file boot.ini by adding section to the end of the line

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

key /NoExecute with one of the options:

NoExecute = OptIn
NoExecute = OptOut
NoExecute = AlwaysOn
NoExecute = AlwaysOff

The most common advice you see is to disable the DEP (Data execution prevention) service. To do this, you need to open the file C:\boot.ini and replace the line in it

/noexecute=optin to /noexecute=AlwaysOff.

You must restart your computer to apply the changes.

Reference: the boot.ini file is one of the most important system files, so it's hidden by default. Accordingly, to display it you will need to allow the display of hidden and system files. You can also open it for editing if, in My Computer Properties, select Advanced at the top and click the “Settings” button (lowest). In the window that opens, click the "Edit" button to open boot.ini for editing.

Possible reason No. 2 - software conflict

Simply put, one of the programs prevents another program from functioning correctly and this error appears. It is clear that there is no clear list of conflicting software. However, the Norton package appeared on the Internet Internet Security 2007, Kaspersky Internet Security 2009, Outpost Firewall, K-Lite Mega Codec Pack and Dr.Web antivirus, as well as drivers from Hewlett-Packard printers. This also includes a “cluttered” system. If Windows has been idle for six months or more, then this error may well appear, especially if the OS is actively used, i.e. New programs, games and drivers are often installed.

Helpful information: If you have a Beholder TV tuner, then do not install drivers for it via install.exe. Specify the path to the driver inf file manually through the Add Hardware Wizard (Device Manager - right click to the device - Update driver...).

Possible error No. 3 - the operation of the Dr. debugger. Watson

Windows XP has a debugger called Dr. Watson. To disable it, open the registry (Start-Run: regedit) and expand the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion branch. One of the very first sections in it will be AeDebug. Right-click on it and select Delete. But keep in mind that this action does not claim to solve the memory reading error; it can only remove the error message itself.

Possible error No. 4 - Russian characters in the file path

Even in our times, it is necessary to try to install games/programs along normal paths, trying to avoid Russian letters in the name, as well as too long paths. For example, it is much better to install the game in the D:\Games\Earth 2150 folder than in C:\Program Files\Earth 2150 - War of the Worlds. And when installing programs, extra folders with the names of the developer or the program version may be added to the path. Use the shortest and most understandable paths possible (for example E:\Programs\Fraps).

Possible error No. 5 - problem accessing the system library

This error may be due to a problem accessing the system library ole32.dll, which could be corrupted or unregistered (for example, when installing/uninstalling other programs). To fix this possible reason, do Start-Run:

regsvr32 %SystemRoot%\system32\ole32.dll

Possible reason #6 - trying to submit a bug report

A very original piece of advice, which said that a similar error (Memory cannot be read\written) can be avoided by disabling the sending of any error reports to Microsoft in WinXP. In My Computer Properties, select Advanced at the top and click the "Error Report" button. Will open small window. It needs to be brought to this form:

Possible reason No. 7 - problems with multi-core processors

If you have a multi-core processor (that is, 2 cores or more), then try downloading a small program CPU-Control and set it to "CPU 1" mode. The number of cores can be viewed in the Device Manager (the "Processors" branch; 1 processor = 1 core, 2 processors = 2 cores, etc.). If CPU-Control did not help you, then set it to Auto, close it and delete it.

Note: On systems with a single-core processor, this program is useless.

Possible reason No. 8 - problems with the paging file

It is recommended to monitor how the system accesses this file. To do this, in My Computer Properties, select Advanced at the top and click the “Settings” button (topmost). A new window will open. In it you also need to select Advanced at the top and click the “Change” button at the bottom. Select the disk on which you want to place the paging file (preferably, it should be less fragmented). Place a dot next to the item Special size and enter the numbers in the fields:

It is advisable to set the minimum and maximum volumes to be the same. Before exiting, you must click the "Set" button. Reducing/disabling the paging file will require a reboot. When increasing/enabling the paging file, a reboot is usually not necessary. Below are the recommended values ​​for the size of the paging file depending on the amount of RAM on the computer itself:

  • 512MB RAM = 1536MB swap file
  • 1024MB RAM = 1024MB swap file
  • 1536MB RAM = 512MB swap file
  • 2048MB RAM = 256MB for swap file or 0MB altogether

Possible reason No. 9 (!!!) - incompatibility of RAM

Unlikely, but similar error may be caused if two RAM modules from different manufacturers are used in pairs. Accordingly, it’s easy to check: just remove one of the modules.

Possible reason No. 10 (!!!) - bad power supply

A memory reading error can also be caused by a low-quality/old power supply. Of course, this is very unlikely, but the most ideal option would be to connect the computer to a known normal power supply. If you don’t have the opportunity to borrow a power supply from someone, then simply turn off various small things, i.e. CD\DVD drive, expansion cards installed in PCI slots, printer, etc.

Possible error No. 11 (!!!) - incorrectly set memory timings

One of the most “severe” cases*. In short, all RAM built on timings (delays) for reading/writing data. This is what standard RAM looks like with its delays:

Please note that the delays for each frequency are different. Accordingly, if the timings are set incorrectly (although motherboard should do this automatically), then the computer may be, to put it mildly, unstable. Usually this is expressed by a freeze/reboot, but I have come across suggestions that this can also cause the error “Memory cannot be read\written”. Accordingly, it is recommended to set the timings manually or even increase them slightly. Unfortunately, only a very small number of users (about 1 in 1000) are able to independently set the correct timings for their RAM in the BIOS. This can also include an incorrectly set memory frequency or voltage, although an interesting message was found on one of the forums: The person was helped by a decrease in memory frequency.

I myself am very skeptical about this type of memory reading error.

Possible error No. 12 (!!!) - memory overheating

Of course, RAM modules get hot during operation, but additional cooling It is only required for specific memory sticks, for example, those that are overclocked by the manufacturer itself and therefore require good cooling. But regular memory (which 95% of users have) works fine even in poorly ventilated cases. Although in this case all this can be checked very easily - just open the case.

We are trying to identify the culprit of the error

In the first place, of course, is the conflict of programs/drivers. Unfortunately, even with available full list installed applications, it is impossible to say which one is causing the error. Accordingly, the only option is to methodically test applications. To do this, you will need an application\game that 100% causes the error (this is necessary to save time), as well as a clean system.

What is a clean system

A clean system is called Windows XP + Service Pack 2 of the Russian or English version, which was installed on a pre-formatted partition on the hard drive. This means that numerous homemade WinXP builds that are scattered on the Internet are not suitable for testing.

Testing methodology

The technique is very simple. So, you have installed a clean system. We created a user (by the way, preferably with an English name) and logged in. Install the problematic application and look at its behavior. If everything is in order, then you start installing the applications that you are used to usually using. After installing each of them, test the problematic software. If everything is in order, we continue to install the programs. I would like to draw your attention to the fact that there should not be anything other than Windows itself and the application being tested. No drivers or other software.

If reinstalling the system is unacceptable to you, and some applications refuse to work due to a memory reading error, then you can try booting into Safe Mode and try to launch them there. If in this situation there is no error, it means that the culprit of the error is loaded during normal system boot.

Reference: When loading in Safe Mode, video drivers are not loaded, so you won’t be able to test games in it. If you need to test a program that uses the network, then choose a different one. Safe mode, but with network support.

Most computers after Windows reinstallation need the following drivers:

-Video driver
-Audio driver
-Network driver
  • Practice has shown that for GeForce video cards 7xxx-series in WinXP the most optimal drivers are ForceWare 93.71. I know what it is old version, but I didn’t have a single problem with it, which is why I recommend it to all other people. This advice will be useful to you if the error “Memory cannot be read” crashes in some game (Half-Life 2 is especially famous for this), and the game does not start, because... "does not see" the video card without drivers.
  • Sound drivers (especially if it is an integrated sound chip like RealTek or SoundMAX) can cause a wide variety of errors, so for the purity of the experiment, try to refrain from installing them for as long as possible
  • Drivers for the network controller have rarely been seen to have any problems, so you can install them with peace of mind. Useful if you are testing a program that uses the network (for example, a browser)
  1. It is advisable to use memory from the same manufacturer. Of course, there are many computers that use memory from different companies, but it’s still better not to take risks.
  2. It is best to install paired modules of the same volume, i.e. It is not advisable to install a RAM type 2x256MB + 2x512MB. Of course, with a high degree of probability this combination will work normally, but it is still advisable to install the same modules (for example, 4x512MB or 2x1024MB).

Note : Some of the information was taken from the forums of various Warez portals, but the rules of the Gambling Forum prohibit leaving links to such portals, so the list of sources is not complete. I apologize to those people whose messages were used as a source of information without citing it.

And once again: if you have a build (ZverCD, etc.) and this problem starts, then it is advisable to install a clean system. Because if you have an assembly, then no one will even talk to you

The conditions for distributing the text are free; the author of this material is not responsible for your actions.

Hello friends I’ll tell you about the nssm.exe process, it’s not a particularly popular process, but some users are annoyed by it with its presence in the task manager. After rummaging around on the Internet, I didn’t find anything intelligible, nothing is clear.

But I started digging further. And this is what I found, this process nssm.exe, it seems to belong to a program such as a service manager (as it turned out, this is a console program). This program can run any software as a service. That is, it can be useful for an advanced user who understands what’s what. But if you are a beginner, then all this is unlikely to be interesting to you.

But after some more digging on the Internet, I came to the conclusion that the nssm.exe process could also easily be a Trojan or a virus, which many antiviruses do not see. But I think they already see it, there’s just not enough information, but it was left on the Internet a long time ago.

The nssm.exe process is usually located in this folder:

But I read on some sites that it may be in system folders Windows type or System32, and this is really suspicious.

Here is the process itself and its properties:


And here's where it is:


But look carefully, what’s also interesting is that the process is simply located in the Roaming folder. Although this folder as a rule should contain other folders in which programs store their settings, at least this has always been the case.

I was looking for more information on the Internet and came across the site nssm.cc, which most likely has something to do with the nssm.exe process. There is also an opinion that another asshole also belongs to nssm.exe, this is srvany.exe.

I went to this site and downloaded some program called nssm 2.24:


The program was downloaded in a zip archive, inside of which there was a folder nssm-2.24, and it contained other files and folders:


I looked a little, in general, in the src folder there are some files that clearly relate to the C++ programming language (most likely these are some kind of source code). And in the win32 and win64 folders there are versions of the nssm.exe process for 32 and 64-bit Windows, well, it seems a little clear. There are also two files, this is the log file and the README file (translated as read me).

As I understand it, this nssm.exe file needs to be placed in the system32 folder and then you can use it from the command line

There is also information on the site about what nssm is, I translated it using Google translator, in general, it’s also not particularly clear what exactly we are talking about:


In general, this is such nonsense

Well, then how to remove this nssm.exe?

If your nssm.exe file is located in the System32 or Windows folder, then do not touch it, most likely it is not a virus. And if it’s a virus, then it can be removed using anti-virus utilities, I’ll write about this later.

If you have nssm.exe in this folder:

C:\Users\YourName\AppData\Roaming

You can delete it, but first finish it in the task manager.

I stepped somewhere and didn’t write at all how to find out where it is running process. Look, you open the task manager and in the Processes tab, find the same nssm.exe (or another process) and right-click on it, select File location:


And then the folder from where it is launched will open. Well, that is, I hope it’s clear

I have one more trick for you. After the folder has opened, you can end the process in the task manager and rename the selected file in the folder, for example to:

Now this process will not start. And if it starts, it looks a lot like a virus

I also found out that the nssm.exe process can easily be a virus and will be identified as Trojan.Win32.Gibi.qg. For some users, this process loads the processor, these are the things

So what should we do in the end?

Well, it seems to me that there is only one right decision. This is a check with special utilities for both regular viruses and adware (these are more annoying, but not as dangerous). And here are the utilities I recommend:

  • — removes ad viruses well, checks the registry, Windows folders, browser folders, can analyze browser extensions;
  • — just like the previous utility, it is aimed at ad viruses, but uses slightly different detection mechanisms, no worse; can find threats even in cookies, this is data that was left by sites on your computer; finds viruses and Trojans in normal programs and removes them from there;
  • — a well-known scanner, probably one of the best in terms of a universal solution; checks everything possible, removes the usual but more dangerous viruses, spyware and adware; downloaded with a random name and already with anti-virus databases;

Check your computer with these utilities. If they don’t find anything, then most likely you don’t have viruses.

I wrote everything I dug up to you. I hope everything was useful, I wish you good luck

01.06.2016

Often regular users computers begin to notice a suspicious process in the task manager called nssm.exe.

There is almost no intelligible information on the Internet, so a user faced with this problem may not immediately understand how to act. Actually, this utility no way does not cause harm, but it is not useful either if it was not downloaded intentionally. Thanks to her you can convert any software as standard service Windows.

However, most often this process appears on its own, unnecessarily, and causes rejection, since sometimes it can be noticeably load processor and interfering with work computer. The nssm.exe file can be found in the folder Roaming, following from what it turns out that this program it was installed on the PC to run some other program, and therefore does not pose any threat.
However, it also happens that different Trojans And worms are hidden under the guise of the nssm process, bringing harm computer or braking operation of the Internet, so if this process causes any problems in the system, urgently carry out technical work and clean up your operating system.

Removing a process

To remove nssm you need to open it Task Manager and find the process, right-click and select “ Open file storage location”.
After this you can safely end the process And erase file in the path that opens. If deleting the file did not help and everything came back, you need to use special utilities to clean your computer from malware and other debris. Dr. programs handle this best. Web, HitmanPro and AdwCleaner. After successful cleaning you can check the registry, it is best to use the utility for this Reg Organizer. If nothing helps, you can roll back the system or reinstall Windows, then the error will definitely disappear.

When you become infected with nssm.exe, the next time you turn on your computer, instead of your desktop you will see a fraudulent notification in the local language, stating that illegal activity in cyberspace was associated with your IP address and therefore your computer has been blocked by local law enforcement agencies. It uses the victims' PC resources to mine Moner, Bitcoin, Dashcoin, or other cryptocurrencies for its developer. The Trojan is executed when an email recipient downloads a .doc application containing information about the latest political events in the world. This means that this Trojan can only run on one computer behind your back, but it can also jeopardize the life of your video card, possibly by overloading it. Thus, it is only natural that we urge users to stay away from them at all costs. Luckily, it's not really a Screen Lock - users can still switch Windows via the Alt+Tab keys and reboot their computers. More detailed information about this infection will be provided later in the text, so if you want to know how to avoid ransomware, it may be a good idea to continue reading. If, unfortunately, you already have this malware, use the comprehensive removal guide that can be found below. Read the information below to know more about nssm.exe removal. But let me tell you in more detail what we found while testing this ransomware. Continue reading to know about this and nssm.exe removal.

Like most ransomware infections, this one is also distributed through spam email messages. When users run its ChkDsk.exe file (it has this name for a reason - it pretends to be a harmless disk scan), it scans the system, finds where the users' important files are located, and finally encrypts all files without mercy. If collateral is something you would like to avoid in the future, we urge you to be more careful next time. He said that the emails are attached with the executable file of this ransomware. Cyber ​​criminals are also willing to decrypt 3 files for free to show users that they have the key and can open the files. Once nssm.exe is executed on a PC, it encrypts the files (most likely using an AES cipher) and attaches a unique extension (.xdxdlol) with their names. Unlike other applications in this category, it does not encrypt files in the %userprofile%desktoptest directory. The screen lock window can be eliminated once and for all by restarting your computer. Have you found the “ZINO_NOTE.TXT” file on your desktop (or folders with encrypted files)? If your files aren't copying, take a note to get started backup data to ensure that you don't lose it in the future. However, nssm.exe remains a major virtual threat that should not be taken lightly.

After completing file encryption, nssm.exe should show an explanatory note. For example, it can encrypt Office documents, OpenOffice, PDF, text files, databases, photographs, music, videos, files, images, archives and so on. The repair matters, no luck, and after it is completed or the computer is restarted, the red flashing skeleton in ASCII text appears "press any key! That is, this one file allows the threat to not only encrypt all personal files on the computer, but also place a warning message on the screen. It may make it harder to remove this malicious application, but, with our help, you should still manage to take care of it without help automatic deletion malware. This program also adds encrypted files using the .nssm.exe file extension as an indication that the files are encrypted. It can also infect your computer through bogus Flash players or java updates, which are often promoted by malicious websites. Therefore, you should practice safe browsing habits, which means avoiding questionable sites at all times. Such a tool is of utmost importance as it can detect and warn you in advance of any virtual threats. Therefore, ensuring system security should be your top priority. Keep in mind that setting automatic application security does not mean that you can act without regard to the Internet. First, you will be asked to pay a ransom, and it can be quite large.

Bad programs, especially ransomware infections, which enter computers with the aim of obtaining money from users, are such threats that illegally slither into users' computers. A note in Spanish is provided. The executable is usually presented as decent spam email attachments, for example, and may even pretend to be a harmless document, which explains why so many users open these attachments and infect their computers with malware. The reason for this can be twofold. Warning: This Trojan displays the background on your desktop and should scare you so much that you pay without hesitation. however, this tool will not decrypt your files. If you want to remove nssm.exe automatically, make sure to use a professional anti-malware program for this task. The attachment may look like a simple Word document or PDF file, but by opening it, you would infect your system with nssm.exe.