Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage is frightening


  • Please log in to reply
7 replies to this topic

#1 hisdimple

hisdimple

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:27 AM

Posted 14 June 2015 - 09:20 PM

I have a problem, she cried.  :ranting:

The past couple weeks noticed my cpu spiking for no reason.
Cleaned, scrubbed...the whole 9 yards...no change except is gradually
worsening. Took everything off my desktop,,nope. running programs?.. nope
IE 7 kept crashing p.c. uninstalled it, will reinstall later.
Had conflicting Javas..uninstalled all instances...hopefully. Will reinstall later.

Nothing over 25%....yet. Started at around 4/7%

Explorer.EXE (capitals?) ->Wscript.exe (what in tarnation is network.vbs) and why does it run away when I try to open?

System   / lsass.exe

Services / svchost.exe (-k netsvcs )
              / svchost.exe ( k-rpcss )
              /wmiprvse.exe

I've searched all over and cannot find a correct solution. Many users are having the same issue.
(Blurry eyes and raging headache she has now)  :wacko:

Win XP Pro sp3
Dell Compaq 7100 P4
I use Avast-MalwareBytes-Mbar-Ccleaner-WiseCleaner regularly
I have tried Sys.Explorer-Rkill-SecurityTaskManger-SuperAntiSpyware-Frst
I have not done TDS-HiJack or Hitman Though I do have installed.
Have disabled darn near everything from start up ( Piriform )

Dell Compaq will not allow into safemode ( no f8 function ) and misconfig boot puts it in a continous start up loop.

( Starts pulling out her hair )  :smash:

I have read that I can try a modified boot.ini onto a cd,  

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Safe Mode"
/noexecute=optin /fastdetect

but real iffy about that.

Tried everything I feel safe with except the new software....

"How to chop your p.c. in half with one blow" :killcomp:

 I actually read the file details on one process that read .. I kid you not....."Destroy Window"

Now what the H E Double L Hockey Sticks ???

I've read article https://support.microsoft.com/en-us/kb/310353...seems a little drastic.

Seen here http://www.bleepingcomputer.com/forums/t/574445/annoying-cpu-usage-pattern/
The guy never came back I guess
Read a few others


Any ideas or instructions to help this damsel ( ahem ) in distress is greatly appreciatted.

 

P.S. It is late here here in FL, may not return till Mon morn.



BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,865 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:27 PM

Posted 15 June 2015 - 06:05 AM

Good morning :).

 

I see 2 things that I consider problems:

 

a.  IE 7...is outdated and poses a significant (IMO) security risk because of known vulnerabilities to malware.  IE is a basic part of Windows and you say that you "removed" IE, which I believe is impossible.  So, IMO, you have a system that is more vulnerable to malware than it has to be.  I suggest immediately installing IE 8, then visiting the Windows Update site for all applicable critical updates that are now not currently installed.

 

b.  You are using Wise software which I believe to be a "registry cleaner/optimizer".  BC does not support the use of such, see Registry Cleaner, Animal - http://www.bleepingcomputer.com/forums/t/526247/tune-up-utilities-2014-problem/?p=3303494 .  I would uninstall this application immediately (after addressing the IE issue above) and then follow up with running the chkdsk /r command, followed by running the sfc /scannow command.

 

To run chkdsk /r command:  Start/Run...type chkdsk /r (exactly as I typed it), hit Enter.  Type Y in new screen, hit Enter.  Reboot the system...the command will execute before booting into XP.  If you cannot boot into XP, you can run the chkdsk /r command from the XP Recovery Console.

 

To run sfc /scannow command:  Start/Run...type sfc /scannow, hit Enter.

 

Let us know how it goes.

 

Louis


Edited by hamluis, 15 June 2015 - 06:07 AM.


#3 JohnC_21

JohnC_21

  • Members
  • 21,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 PM

Posted 15 June 2015 - 08:01 AM

Explorer.EXE (capitals?) ->Wscript.exe (what in tarnation is network.vbs) and why does it run away when I try to open?

 

 

Everything I have searched on this indicates a possible malware infection but a very old one. Is there anything in your startup folder? All Programs > Startup

 

The correct location for explorer.exe is C:\Windows\explorer.exe  Where is the location of Explorer.EXE? Where is the location of network.vbs?

 

The links are for reference only. Do not use any of the removal instructions.

 

https://www.f-secure.com/v-descs/netlog.shtml

 

http://www.symantec.com/security_response/writeup.jsp?docid=2000-121816-3619-99

 

http://home.mcafee.com/virusinfo/virusprofile.aspx?key=98477

 

 



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,865 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:27 PM

Posted 15 June 2015 - 01:52 PM

Topic moved to Am I Infected forum for a malware check...let's try to rule that out before diggin in more.

 

Louis



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:27 AM

Posted 16 June 2015 - 11:11 AM

Hello,

 

I will try to help you, to rule out or to confirm infection. I see that you have complicated situation here.

 

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

------

 

If you already have MBAM 2.0 installed:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

----

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 hisdimple

hisdimple
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:27 AM

Posted 16 June 2015 - 08:53 PM

@JohnC_21   Thank You.

I guess hamluis is stepping back......Thank You for your help Sir.

 

I have removed Wise-Had to remove SP3 in order to install IE8 ( that was a process )

Am not comfortable doing a chkdsk - I do not have cd, but I do have a dwlded cd of RD, just not sure of it.

 

As for locations JohnC

 

Can't post pic but    Start Up  -> Network

Explorer.EXE is at head of tree of Process Explorer ( system explorer )

 

Piriform cannot remove   C:\WINDOWS\system32\wbem\Logs

Cannot disable from startup either

webcore.log
GetUserDefaultLCID failed, restorting to system verion ( continuous loop )

I have original wmeb dwld.....will it overwrite if reinstalled?
----------------------------------

Somehow all restore points are gone but latest 2.
----------------------------------

All files were accessed 2/27-can't tell by what.
----------------------------------
 

Had to dwld pics of camera today, I use a card opener via usb.  S & Gs I opened all available usb ports.

Found a Network.vbs program sitting between 2 DCIM folders ( Days pics were taken )

How could that possibly be on a camera card?

 

 

@severac....Thank You

 

I ran Mbam and Mbar and ESET. No alerts.   The only program that found this goofy Network.vbs thing was Wise Registry Cleaner and Ccleaner ( tools->startup )

 

I will run Mini ToolBox and all others and post results.   Many thanks to all with patience for me.



#7 JohnC_21

JohnC_21

  • Members
  • 21,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 PM

Posted 17 June 2015 - 08:14 AM

In XP do a search for Explorer.EXE. What is the full path of it's location? Also do the same for Network.vbs. I would also do a scan with Hitman Pro.

 

Bleeping Computer does not recommend the use of Registry Cleaners.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 PM

Posted 17 June 2015 - 08:11 PM

Can't post pic

How do I post a screen shot?
How to Take a Screenshot in Windows XP
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users