It started when I noticed my laptop was running pretty slow; I opened up the task manager to see if there was anything suspicious going on and found my cpu,memory and disk usage to be all REALLY high. I ran a spybot and AVG scan, avg found nothing but spybot found/fixed a good amount of threats, but it didn't help so I headed over to tomshardware.
Overall the things I've noticed is that it starts with either a conhost.exe or cmd.exe starting, then random programs start opening in the background and consuming large amounts of system resources (never any one program consuming too much, at times it almost seems evenly distributed across multiple programs), and eventually I get a lot of error windows asking to close tons of cmd.exe instances; occasionally my laptop crashes altogether.
At some point I figured out that the malware (if this even is malware, I still haven't ruled out a legitimately bugged program) doesn't work without an internet connection (or so it seems at least). From there I found that after the cmd starts a bunch of msiexec.exe instances (consuming way more resources than any installer normally would), then typically theres a presentationhost.exe (it's supposed to be a legitimate microsoft program, and I've never seen it on my computer so I'm not sure whether its using mre resources than it should) shortly after, followed by msdtc.exe and theres always a random notepad.exe towards the end (in the background where I can't see it, that's what has me nearly convinced it's malware.) and all the while random cmd or conhost instances open. Occasionally a duplicate of a program that's already open will be created, such as the wmp library sharing service or ctfmon.exe, and strangely even though I have AVG uninstalled theres a random AVG secure-search installer process in the background sometimes.
I've tried multiple scans with a bunch of scanners (excluding avg, one scan with no results while others found plenty wrong was enough for me lol) - spybot, malwarebytes, emsisoft anti malware, virus vault, ccleaner and adwcleaner. they all found some threats and fixed them, but the problem persists.
While running scans I ran into a problem - I malwarebytes won't update, it can't connect to the server, but it works fine on another computer. I tried to get combofix but I couldn't even access the download site.
and to top it all off - I can't even access this site. It's as if the site is down, but seeing as I'm currently writing this post I'm pretty sure it's not lol
anyone know what's going on here? I'm at my wit's end with this, any help at all is appreciated. just let me know if any logs are needed.
*EDIT* I should probably mention I'm running windows 8.1
Edited by patey, 17 April 2015 - 02:56 PM.