My computer is running Windows 7 Home Premium 64-bit, and I'm pretty sure I ended up with a virus somehow. The three main symptoms I've noticed:
- On system startup, the Windows Firewall service is disabled. Running services.msc and setting it to automatic does start it up normally, but any time I shut down and restart, it's disabled again.
- My CPU "idles" hellaciously hot. Before the problem manifested, my CPU would idle after startup around 30-35C and my GPU at 40-45C, with the fans running at 50% (I use Speedfan for heat/noise management). After the apparent infection, the CPU is more like 65C with the GPU often breaking 70C with all fans cranked up to 100% speed. Task manager also shows between 30-50% CPU usage with absolutely no other programs open, so obviously something very intensive is running that wasn't previously.
- There's a suspicious svchost.exe process running in task manager. If at any point during this assessment my reasining is wrong, please point it out because I'm sort of guessing my way through it: the svchost in question ends with a *32, which I think indicates it's a 32-bit program instead of 64-bit. Since I'm running 64-bit Windows 7, there's shouldn't be any 32-bit svchosts. Second, the description for every other svchost is "Host Process for Windows Services"; the suspicious one's description is just "svchost.exe". When I kill this process, Windows keeps running normally and nothing seems to break. Additionally, it seems that process is what's pushing my computer's CPU so hard; as soon as I kill it, temps and usage % drop back into the normal range.
I think it's pretty obvious that my system is infected with some sort of malware, but I have no idea what to do about it. I downloaded Microsoft Security Essentials but multiple full system scans have found nothing. A friend suggested it might be a bitcoin miner; I did some research and that kind of software does match my problems, being something heavily CPU-intensive that would need unrestricted access to the internet, but I've absolutely no clue how to confirm that, how to find it, or what to do about it if I could.
All I can do for now is make sure to re-enable my firewall service and kill the false svchost after every startup. Any advice on how to get rid of this thing permanently would be greatly appreciated!
Edited by Village Baka, 22 February 2013 - 06:06 PM.