Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% cpu usage


  • This topic is locked This topic is locked
17 replies to this topic

#1 shellfish101

shellfish101

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 18 December 2011 - 12:39 AM

My computer shows 100% cpu usage in the performance log under task manager, but the cpu usage in processes generally adds up to 2-10 cpu. The computer is running slow. I dont know if this is related but it freezes when i switch or close tabs on mozilla firefox. I also cannot delete any history on firefox. when i try to delete, the window opens and i hit clear. i either get a stop script warning or the window just closes without removing any history. I'm including a screenshot of the stop script warning

Posted Image

I am running updated malware right now.

thank you for your help

Edited by hamluis, 18 December 2011 - 11:03 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 18 December 2011 - 08:31 AM

ran a malware scan... no malicious items were detected.
Posted Image

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:01 PM

Posted 18 December 2011 - 11:02 AM

No scan with your installed AV program?

Louis

#4 Nawtheasta

Nawtheasta

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:08:01 PM

Posted 18 December 2011 - 11:50 AM

Not a helper here. Just a member. For what its worth just thought I would pass this along.
My sons computer was getting similar pop ups as you show.
I put ESET security on his computer in April.
A few days ago at the start up scan Eset showed:
Win32/Olmarik.AWO Trojan. Detected but can't clean it from memory.

Google searches found some info. that indicated MBAM should deal with this but others indicated that this is a root kit requiring more extensive removal actions.

A full scan with Updated MBAM removed 1 file but not sure if related to this.

He is presently using his computer but it still does not seem back to normal.

Good luck!

Edited by Nawtheasta, 18 December 2011 - 11:51 AM.


#5 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 18 December 2011 - 05:46 PM

Hamluis... What is AV program... I can follow directions well, but I'm not so computer literate

#6 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 18 December 2011 - 11:48 PM

Just ran McAfee too, it didnt find anything either

#7 islandgal

islandgal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 19 December 2011 - 12:01 AM

it's likely same winsock rootkit infection I just solved, see:

http://www.bleepingcomputer.com/forums/topic433286.html

#8 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 December 2011 - 10:01 PM

All of a sudden on Tuesday night, it shut itself down. When i rebooted it, there were non stop pop up ads for virus protection. Vista spyware removal 2012 was one of them.

When I tried to run malwarebytes or mcafee, the computer would either freeze or shut down. After several attempts I finally managed to run Mcafee. It found 4 trojans and quarantined them. Then I ran Malware bytes, it found 2 trojans but then shut down before I could remove them.

When I rebooted it said the Belkin password was changed and would not let me log back on to the wireless. After several attempts to get the wireless connected, my son did a system restore for 3 weeks ago.

After that I could get back online but Mcafee kept shutting itself down and when I tried to run Malwarebytes it would freeze or shut down the computer again. I finally got Mcafee to run again and it found 0 infected files.

Later it shut itself down again. When I rebooted it said system read error. Press control alt delete to restart. When I did this, I just continue to get the same error. I can't log on or do anything now.

Thank you for any help you can give me.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:01 PM

Posted 23 December 2011 - 10:53 PM

Hello, AV was you antivirus.

Can you boot into Safe mode?

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

If that worked
>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 26 December 2011 - 10:12 PM

it wont boot up under any circumstances now.... my son says the hard disk is dead

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:01 PM

Posted 27 December 2011 - 11:20 PM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 28 December 2011 - 12:07 AM

how do i know if i have 32 or 64 bit system

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:01 PM

Posted 28 December 2011 - 12:40 AM

Try both. One wont work.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 29 December 2011 - 05:44 PM

Neither worked. My son said it requires windows to operate and we can't get to windows

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:01 PM

Posted 30 December 2011 - 02:11 AM

Are you able to reach the repair console command prompt?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users