Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU usage wich turn the pc off itself


  • Please log in to reply
33 replies to this topic

#1 Maquiavel

Maquiavel

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 November 2009 - 05:20 PM

My pc since a few days ago have been disconecting itself often, wich it seems to be too much CPU usage . it sometimes become slow
and use a lot of cpu(too much) for simple thing like browsing and running a game (football manager 2005 makes my pc shutdown with 90% usage :S)

tried improving my pc CPU eficciency with desfragmentation of hard drive , using UNIBLUE powersuite driverscan 2009 , registry booster 2009 and speedupmypc 2009. everything is perfect beside a few registry that the program cant seem to fix but 7 compared to the 300 i had before is nothing.

ran 2 diferent spyware Xoftspyse and my current one spybot search and destroy and found 1 , wich infortunately i didnt wrote down the name
scanned my pc with 2 diferent antiviruses las one beeing kaspersky 2010 wich found this " virus HEUR:trojan-downloader.win32.generic
wich was inside a rar i had downloaded not so long ago so . i think that rar was the virus carrier
i uninstalled both the rar and what was inside but the problem persisted ofc, evil was done when i opened it the first time.
also been checking info from internet and downloaded hijacked this though i dont really know how to use the log info , chinese for me:P.One of this days a black box started apearing when starting windows WINDOWS/sistem32/msupdte , wich is probably part of the problem or even THE problem. took it of my windows starting schedule list but the problem persist and i cant seem to manage to destroy it.
I already had posted in the windows XP part of this forum but i have been told that it really was a virus and to use SDfix to destroy it.
but when i went to downloaded it , it was written then i shouldnt use it witouth proper guidance so here i am.
I know at least msupdte is one of the problems , but it might not be the only one , hope u can help me with it
(sorry for not so good english)

Edited by Maquiavel, 11 November 2009 - 05:21 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 12 November 2009 - 09:34 AM

Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- If Malwarebytes Anti-Malware results in any error messages, please refer to Fixes for common problems and Error Codes. Some issues with errors can be related to malware infection but others are not.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 November 2009 - 08:43 PM

hello again, sorry for taking so long to comeback.
anyway i have done what u asked me to and showing to you know the log info.
------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 5.1.2600 Service Pack 3

18-11-2009 1:24:01
mbam-log-2009-11-18 (01-24-01).txt

Scan type: Quick Scan
Objects scanned: 114743
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Get-Torrent (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------------------
it seems to be taken off , will test my pc for the next days and see if the problem persist or not.
either way is there anything i can do to be sure that my pc CPU usage is back to normal and that my pc wont shutdown anymore?

#4 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 November 2009 - 09:21 PM

Just happened again. problem not solved :thumbsup: :flowers:

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 18 November 2009 - 09:36 AM

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

IMPORTANT NOTE: One or more of the identified infections (msupdte.exe) was a backdoor Trojan.

Backdoor Trojan, Botnets, and IRCBots are very dangerous because they compromise system integrity be making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. Read Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection was identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 18 November 2009 - 02:31 PM

full scan log
----------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3193
Windows 5.1.2600 Service Pack 3

18-11-2009 19:16:28
mbam-log-2009-11-18 (19-16-28).txt

Scan type: Full Scan (A:\|C:\|D:\|I:\|)
Objects scanned: 259012
Time elapsed: 50 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------
will do the next steps right away

this pc is only for games university works , not used for any important transactions , beside emailing friends(nothing special) and a World of warcraft account wich i would rather ofc not loose )
i would prefer to solve the problem witouth having to reformat yet.
too much stuff wich i cant make backups , programs i dont have the cds with me , and even lost my windows copy/code . so its really a no go atm.
would do so unless in a last resort.
i hope you can help me the best possible to solve this mess in some other way
ty in advance for all the help and effort in helping me.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 18 November 2009 - 02:46 PM

will do the next steps right away

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 18 November 2009 - 05:51 PM

after trying quite a few times , Norman malware cleaner kept failing cause my pc shuttdown every single time quite fast
Notice it did when it reached C:\\documents and settings\all users
also kept my eyes on the CPU usage wich was never even close from 100% when it shutted down
i also remember that it happened the same a few weeks ago when i wanted to "clean my hard drive" C: to gain back some hard drive space...
what should i do? seems like something is preventing me from doing what needs to be done.

Edited by Maquiavel, 18 November 2009 - 05:52 PM.


#9 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 18 November 2009 - 07:11 PM

also found something that looked strange . PCU usage on the ctr+alt+del windows thingie (sorry forgot the english name) basicly the list of everything running on my pc .its strange that the inactive CPU amount was at about 90% , nothing else seemed to push much for the cpu but the value down below wasnt matching the value on the list,CPU usage was saying 53 %. how is that possible?
(sorry bad english)

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 19 November 2009 - 07:48 AM

Norman malware cleaner kept failing cause my pc shuttdown every single time quite fast

Did you run it in safe mode? Did you perform the Dr.Web CureIt scan work in safe mode?

strange that the inactive CPU amount was at about 90%

System Idle process is used for measuring how much idle time the CPU is having at any particular time (100% minus the sum of all tasks CPU usage). It accounts for processor time when the system is not processing other threads and will display how much CPU resources, as a percentage are 'idle' and available for use. One instance of this process operates per CPU, and runs to occupy the processor when other threads are not running. System Idle process also issues HLT commands which put unused parts of the CPU into a suspend mode, thereby cooling the processor. Normally this process should take up at least 90%+ of processor time on average (this is the value in the CPU column). In non-technical terms, this figure represents how much CPU time has not been requested by anything else on your system.

System is a process in NT "kernel mode" that contains most of the system threads and handles various basic system functions. When Windows loads, the Windows kernel starts and runs in kernel mode to set up paging and virtual memory. It then creates some system processes and allows them to run in "user mode" but restricts their access to critical areas of the operation system. The User mode processes must request use of the kernel by means of a system call in order to perform privileged operations on their behalf. Kernel mode has full access to system resources and controls scheduling, thread prioritization, interrupt handlers, memory management and the interaction with hardware. The system process cannot be terminated. For more detailed information, refer to:Please download Rooter and save to your desktop.
alternate download link
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.
Important: Before performing a scan with Rooter, it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 November 2009 - 08:29 AM

i folowed exactly what u told me too

ran norman malware on safe mode indeed , didnt tried to use the Dr web cure it yet cause the precious step as i said failed .
was waiting for your instructions

#12 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 November 2009 - 08:38 AM

btw would it change something if it was on safe mode with net acess?
should i had used Norman on the administrator or i can use it on my usual "account"
?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 19 November 2009 - 08:49 AM

Run with an Admin account. If Norman will not complete, just skip and try Dr.Web.

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning for suspicious behavior or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted or unsafe programs (PUPs).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
To speed up your scans, uninstall unnecessary programs, clean out the temporary files or use ATF Cleaner first, close all open programs and do not use the computer during the scan. If the scan still seems slow, then perform the scan in "safe mode".

Note: It is not unusal for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files. Certain files in the System Volume Information Folder like the Tracking.log (created by the Distributed Link Tracking Service to store maintenance information) have also been reported as a source causing some scanners to hang.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Maquiavel

Maquiavel
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 November 2009 - 09:18 AM

anyway dont take me wrong , i didnt found strange about the value to be 90 % , what seemed strange is that it was showing 90 % of cpu not used from the list but in the down part it was saying 53% of cpu used , at same time. couldnt it mean that something out of that list is using a lot of my cpu on background...? sorry if its noobie what i said
(and again sorry for the crappy english)

Edited by Maquiavel, 19 November 2009 - 09:28 AM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 19 November 2009 - 10:18 AM

Most of the processes in Task Manager will be legitimate as shown in these links.Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program so that it can run automatically each time the computer is booted. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users