Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpu Usage Very High


  • Please log in to reply
12 replies to this topic

#1 Wassim

Wassim

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:03:52 PM

Posted 14 February 2008 - 06:30 PM

Hello,

lately after i was browsing some sites i downloaded some executable file by mistake, since my CPU usage is very high even if i am not doing anything on the PC and i can even hear the fan going faster.

Plus each time i start my PC to shortcut on My desktop appear one is Windows update but when i clik it it takes me to some website to buy a product and the second is something similar so i am sure its an adware.
I ran Ad Ware and it found and deleted some stuff but the problem is still there.

Any suggestions?
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 AM

Posted 14 February 2008 - 07:46 PM

Hello Wassim,is this an XP system? Also do you know the name of what they want you to buy? Some of them have specific repair tools.
Also when you say CPU usage is high are you referring to System Idle Process in Task manager processes or from the Performance tab in task manager.

Edited by boopme, 14 February 2008 - 07:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:03:52 PM

Posted 15 February 2008 - 07:11 AM

Yes it is an XP pro system, the Two icons one is Help and support and the other is Windows Update they take me to a site [//storageprotector.com/clean/?p=60&gai=s5rk_s6_8_p60&gli=desktop_shortcut_wupdate&gff=68113_44dc2337+BFB15D924C0B4A1BA07E4040B70C8D6F]http://storageprotector.com/clean/?p=60&am...07E4040B70C8D6F[/url]

and i a referring to the performance task bar where i can see the % of my CPU usage and it's very high wish is making my computer very slow eventually, and by slow i mean lot of time to load after password, lot of time to display the desktop icons + when i am using it, long response time.

I have also noticed that each time i startup my PC My Documents Open by its own and in My documents there are 500 .tmp files all named the same way pos2A1.tmp, pos2A2.tmp.......
and they also exist in C: and when i delete them the PC goes crazy giving me millions of Windows messages that RunDLL is unable to load a certain dll file with a very weird name its like inisgfd.dll and when i try to look it up in system32 i cant find it, plus my Zone alarm is detecting lots of Dlls in system32 but he cant apply any action on them even delete on reboot and when i try to look them up manually i can't find them.

so any clue?
i don't want to format my PC.
thanks in advance.

Edited by boopme, 15 February 2008 - 11:59 AM.
Disable active link to malware

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 AM

Posted 15 February 2008 - 12:24 PM

OK let's stsrt here. Please follow these instructions from our tutorial.
How To Remove Vundo/Winfixer Infection

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply. If vundofix stalls or fails to run, continue with the rest of the steps and try running it again afterwards.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 AM

Posted 15 February 2008 - 12:34 PM

After following boopme's instructions, continue as follows.

Please download AutoRuns and save it to your Desktop.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for an entries related to strpmon.exe or transpaid.exe.
  • If found, right-click on the entry and choose delete.
  • Exit the program when done.
If strpmon.exe is not present, skip and continue.

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.

C:\Program Files\StorageProtector
C:\Program Files\Common Files\StorageProtector
C:\Documents and Settings\All Users\Application Data\StorageProtector

  • Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


Then search for and delete the following folder in bold if still present. You can use Windows Explorer to navigate to there:
C:\Documents and Settings\<your username>\Application Data\storageprotector <- this folder

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Edited by quietman7, 15 February 2008 - 12:38 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:03:52 PM

Posted 15 February 2008 - 06:05 PM

ok guys,

i ran VundoFix.exe and it found 4 dlls' among them one that i already suspected to be the problem.

Anyways the performance is much better now.

The Shortcuts on the desktop are not showing anymore each time i startup my PC, and the CPU usage returned to normal.

Still My Documents opens by itself each time i start up but i guess this is more of a windows problem, what do you think?

Anyways thanks a lot, i was about to format my PC because it became so annoying lately.

I didnt go to any of the steps mentioned by quietman7, i only used the VundoFix.exe mentioned by boopme, should i go through the other steps mentioned by quietman for more security?

Vundofix.exe Log File



VundoFix V6.7.8

Checking Java version...

Scan started at 11:33:32 AM 2/15/2008

Listing files found while scanning....

C:\WINDOWS\system32\jnixrdsr.dll
C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini2
C:\windows\system32\pmkjk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jnixrdsr.dll
C:\WINDOWS\system32\jnixrdsr.dll Has been deleted!

Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\kjkmp.ini
C:\windows\system32\kjkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\kjkmp.ini2
C:\windows\system32\kjkmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!

Performing Repairs to the registry.
Done!


Oh and i forgot to ask, in C: there is a folder created by VundoFix.exe called VundoFix Backups containing the DLLs but changing the extention to .old, can i delete the folder?

Edited by Wassim, 15 February 2008 - 06:08 PM.

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 AM

Posted 15 February 2008 - 10:13 PM

Please follow all Quietman7's advice first. He is a malware wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:03:52 PM

Posted 16 February 2008 - 05:58 AM

Ok i will and i will keep you up todate with the results.

Thanks a lot.
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 AM

Posted 16 February 2008 - 08:45 AM

Still My Documents opens by itself each time i start up

This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

Click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #255 on the right and click on "My Documents Folder Opens Upon Boot" in the right column. In the page that opens, go to File, choose "Save page as" All Files and save userinit.reg to your desktop. Double-click on that file and choose "Yes" to merge it into the registry when prompted. Once you get a successful message delete the file and reboot.

Also see My Documents Folder Opens When Logging on to Windows.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:03:52 PM

Posted 17 February 2008 - 09:16 AM

Well Quiteman7 i tried both ways and it didn't solve the problem.

And By The way OTMoveIt2.exe didn't find the folders you told me about.
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 AM

Posted 17 February 2008 - 03:27 PM

The files/folders I had you check for with OTMoveIt2 are common locations for StorageProtector files. If you didn't find them, that's ok as I just wanted to be sure we removed them if present.

As for your issue with the My Documents folder opening at startup, those two links are the most common solutions. We will need to investigate further if they are not working for you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Waldis

Waldis

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 12 March 2011 - 03:13 PM

Hi,

MS Security Essentials just detected OTMoveIt2.exe as a trojan.

===============================================================
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:F:\-=FILES2\Virus Fixes\OTMoveIt2.exe

Get more information about this item online.
===============================================================

And this is when "Get more information" link is clicked:

===============================================================

Trojan:Win32/Rimod
(?)

Encyclopedia entry
Updated: Oct 19, 2010 | Published: Oct 13, 2010

Aliases

W32/MalwareF.CCPT (Authentium (Command)) Malware.LBWN (Norman)
Backdoor.Hupigon.GEKI (VirusBuster)
TR/Dropper.Gen (Avira)
Trojan.Win32.StartPage.oeo (Rising AV)
Trojan.ADH (Symantec)

Alert Level(?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.



Detection last updated:
Definition: 1.99.1092.0
Released: Mar 12, 2011



Detection initially created:
Definition: 1.71.1772.0
Released: Jan 05, 2010
===============================================================

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:52 AM

Posted 12 March 2011 - 05:28 PM

OTMoveIt2.exe is not a trojan or any other type of malware.

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff

Edited by quietman7, 12 March 2011 - 05:31 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users