Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nt kernel and system


  • Please log in to reply
7 replies to this topic

#1 paulos123

paulos123

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:greece
  • Local time:08:36 AM

Posted 01 February 2013 - 08:57 PM

im having problems with my nt kernel and system.while doing nothing it uses 5-20% of my cpu.

Edited by bloopie, 02 February 2013 - 12:43 PM.
HJT logfile removed as it's not allowed to be posted in this forum, nor is the tool used anymore. ~bloopie


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:36 AM

Posted 02 February 2013 - 01:09 PM

Hello and welcome to BC! :thumbsup:

==========

Please try to explain what other problems you are having with your computer in detail so we can better help you.

There could be a number of things causing your CPU usage to rise...a silent scan from your Antivirus program for example...etc.

Anymore information you could provide would be greatly beneficial!

==========

The operating system is Windows 7, 32-bit correct?

==========

I noticed from your HJT log there were some Greek entries. Would you prefer I use a translator, or are you comfortable in English?

bloopie

#3 paulos123

paulos123
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:greece
  • Local time:08:36 AM

Posted 02 February 2013 - 02:56 PM

the problem is that my service nt kernel and system makes my cpu go from 10-20% up all the time without any reason.
i started thinking of a virus of driver causing the problem

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:36 AM

Posted 02 February 2013 - 03:26 PM

Hi again,

It's hard to tell if that's malware causing the problem without any logs, so I'd like you to reboot the computer and let me know if the problem persists.

If so, then run these scans for me:

Step :step1:

Let's get a Security Check of your machine:

Please download and run Security Check from HERE,and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

==========

Step :step2:

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions but change the Quick Scan to a Full Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

==========

Step :step3:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it to your next reply

==========

In your next reply, please include the following:

  • The Security Check log
  • The MBAM log
  • The TDSSKiller log

Are you still experiencing the problem?

bloopie

#5 paulos123

paulos123
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:greece
  • Local time:08:36 AM

Posted 02 February 2013 - 08:51 PM

solved.the problem is that i had installed trend micro internet security(which has no firewall)
and outpost pro firewall.maybe they didnt stick together.now that i uninstalled them,everything seems back to normal.
thanks for all your guidance.bloopie i just want one last thing.you to suggest me some good protection(now that i have nothing).
antivirus/antispyware/firewall. and some programms like mbam and spybot that their services will be turned off and will be used only for scan.i'm waiting for your opinion.thanks anyway.

paulos

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:36 AM

Posted 02 February 2013 - 10:42 PM

Hi again,

everything seems back to normal. thanks for all your guidance

My pleasure, and glad to hear that! :)

suggest me some good protection(now that i have nothing).
antivirus/antispyware/firewall.

  • The choice is yours, but my suggestion is to keep Microsoft Security Essentials as an Antivirus program (from my 'all clean' speech below).
  • MBAM from last post #4 as an AntiMalware program.
  • If you're using a router, then there's not much need for an extra firewall aside from the "Windows" firewall already present from your Windows installation.
All you need to do is to practice safe surfing.

==========

My "all clean" speech with links is here:

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. you can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:
If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

==========

Uninstall everything but what I mentioned above, and you should be fine! :)

====================

If you have any further questions, I am here for you! :thumbup2:

bloopie

#7 paulos123

paulos123
  • Topic Starter

  • Members
  • 313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:greece
  • Local time:08:36 AM

Posted 03 February 2013 - 08:31 AM

bloopie thats amazing!!!!!all that information and guidance.thanks for everything.
thats the first security internet page that takes its members for serious.
and you also answer so quick and have to suggest many solutions.
one last thing,whats your opinion about comodo internet secuirty?(instead of avast or mse)
its free and it has its own firewall(propably the best on market http://personal-firewall-software-review.toptenreviews.com/)

p.s sorry for my english.......


paulos

Edited by paulos123, 03 February 2013 - 08:31 AM.


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:36 AM

Posted 03 February 2013 - 01:35 PM

Hello again,

Thanks for the kind words! :)

I would not recommend the Comodo Internet Security package. See here: http://www.pcworld.com/product/290845/internet-security.html

However, their firewall is very good. A better choice if you insist on using a firewall would be only Comodo Firewall in addition to a better Antivirus like MSE. Of course, that is just my opinion...the choice is ultimately yours.

Hope that helps! :thumbup2:

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users