Jump to content
Posted 06 July 2010 - 09:02 PM
Posted 07 July 2010 - 01:50 PM
Posted 07 July 2010 - 02:32 PM
Posted 07 July 2010 - 06:59 PM
Posted 07 July 2010 - 10:38 PM
Posted 07 July 2010 - 11:43 PM
Ok, looking into this I may have discovered some deeper issues. I plugged my mouse in another computer and used it for several hours with no problems. I am not really sure if that is enough time to test it but on my laptop, it was acting up about two or three times an hour. So, for now I will conisider that a valid test.
I then went to the remove-malware.com site and read up on it. For the first time, I ran a GMER rootkit scan on my computer. That is when things started happening that I have never encountered before. First, my comptuer froze. I checked my taskmanager and found out that there were four applications that were maxing out my system but the only programs I was running were IE explorer and GMER. One of the applications was very annoying. It was the wuauclt.exe application. I would end the process on task manager and then it would return. I must have ended the process of that application about 5 times and then gave up on it. I had to restart my computer again and all was fine....until I ran GMER again. Then, yep, you guessed it, three or four applications began to max out again. I even saw an application appear on task manager using 34% of my system and then dissapear never to come back. I thought that was odd. Of course, the wuauclt.exe application was working overtime too. Still not sure if all of this was supposed to happen. After a third time of attempting GMER, I was able to go through the scan in its entirety. However, when GMER had finnished, I made the mistake of trying to open up Internet Explorer to research the wuauclt.exe program. Well, because my computer was maxed out with applications, my computer froze and I was not able to do anything but see the files that were written on the GMER Malware scan page. Any idea as to what this is all about? Looking forward to your reply. Thanks.
Oh, I just checked task manager and the wauaclt.exe is not found on it right now, but it will be back I am sure. Also, the other application that was at 30%+ during the GMER run was the sprtcmd.exe.
Posted 08 July 2010 - 12:43 AM
Edited by quietman7, 08 July 2010 - 07:07 AM.
Posted 08 July 2010 - 07:09 AM
GMER is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you should not be using it. Some ARK tools are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Arks are powerful tools and using them incorrectly could lead to disastrous problems with your operating system. Most of the more effective ARK tools like GMER should only be used under the guidance of an expert who knows how to investigate its log for malicious entries before taking any removal action. One reason is that you can encounter issues when performing a scan which results in crashes or system freezes and a trained helper would be able to provide additional instructions in order to get GMER to run properly.
I ran a GMER rootkit scan on my computer. That is when things started happening that I have never encountered before
wuauclt.exe is Windows Automatic Updates application which checks the Microsoft Windows Update website for updates to be installed. This file is known to cause high CPU usage when performing its updating task. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate wuauclt.exe file is located in the C:\Windows\system32, C:\Windows\system32\dllcache, C:\Windows\ServicePackFiles, C:\I386 folders and sometimes in C:\Windows\Prefetch with a random set of alpha-numeric characters followed by the .pf extension. If found running from a different location it is probably malware.
One of the applications was very annoying. It was the wuauclt.exe application.
Are you using a Dell machine?
Also, the other application that was at 30%+ during the GMER run was the sprtcmd.exe.
Posted 08 July 2010 - 01:41 PM
Posted 08 July 2010 - 01:47 PM
Posted 09 July 2010 - 11:42 PM
Posted 10 July 2010 - 07:06 AM
Posted 10 July 2010 - 10:21 AM
Posted 10 July 2010 - 11:11 AM
Posted 10 July 2010 - 12:40 PM
0 members, 1 guests, 0 anonymous users