Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I might be infected


  • Please log in to reply
5 replies to this topic

#1 Andre_Castillo14

Andre_Castillo14

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 26 March 2016 - 08:04 PM

I recently began noticing over the past few weeks that whenever I open Task Manager, the CPU shows up going from 100% down to 5% and in Processes can go up to 25% then down to 2.1%, this got me a bit worried as I recently installed a CAD Program called POV-Ray 3.7 and with it comes a software coming from Eldos Corporation, although I did ask every people I know who uses the program that the software from Eldos Corporation is indeed important for the CAD Program to work properly, all of them said that POV-Ray and LDD to POV-Ray is safe to install and the software it comes with aswell.

 

 I then installed Malwarebytes into my PC, and whenever I open Task Manager, CPU usage shows it goes up to 60% now then goes down back to 5%. Could this be a malware, Bitcoin Miner doo-hickey, just the Rendering program being passively CPU intensive, or just normal since I only noticed this happening after I installed the Programs.

 

Edit: I had Malwarebytes do a scan and even look for rootkits and it all comes clean

 

If pictures are needed, i'll provide them if I can


Edited by Andre_Castillo14, 26 March 2016 - 08:21 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:02 PM

Posted 27 March 2016 - 05:44 AM

Andre_Castillo14:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.

CAD programs are CPU-intensive as are video and photo editing applications. When in Task Manager, you should be looking to see which processes are taking up the most CPU cycles. That can put your mind at ease, if you see that it is legitimate applications that are consuming your CPU. You can easily sort the processes in the order of CPU usage, by clicking on the "CPU" column header.



I suggest that we run a few preliminary scans to determine how if your computer might be compromised.


:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2: Download and install Malwarebytes Anti-Malware.  I know you have already run this previously, but I would like to see a current log.

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

I would like you to paste the logs from both scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 Andre_Castillo14

Andre_Castillo14
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 28 March 2016 - 01:46 AM

Hello Phil, I finished both the ESET Online Scanner and Malwarebytes scan, but for some reason, ESET Online Scanner didn't produce a log as it only allowed me to choose "Finish" although it states there was no infected files, while Malwarebytes says the same story:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/28/2016
Scan Time: 5:30 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.28.03
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Andre Castillo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360906
Time Elapsed: 7 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Also a new problem was already arising: Last week, while I was starting up my PC, I received a Yellow Screen of Death, but since the text was purple, I couldn't see the text. Then 3 days ago, I recieved a BSOD stating KERNEL_SECURITY_CHECK_FAILURE. I left my PC idle the next day to see if it will happen again, and it did happen again after 4 hours. And then while ESET Online Scanner and Malwarebytes was scanning my PC, it suddenly happened again. I already made a new topic in the Windows Support Forum.
 
If I give you the link maybe you can work with the person that will be handling my topic in the other forum.

 



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:02 PM

Posted 28 March 2016 - 11:54 AM

Andre_Castillo14:

 

Thank you for the MBAM log.  As long as ESET did not find anything, we are good to go.  I think that you did the right thing in posting in the BSOD Forum.  There are some very knowledgeable folks over there, who will help you out.

 

Right now it does not appear that your issues are malware-related, but I will be available if you, and your BSOD Forum helper, think that we need to look deeper into a possible malware-related cause.

 

Have a great day, and good luck!

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Andre_Castillo14

Andre_Castillo14
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 29 March 2016 - 03:45 AM

I got another question; I just realized in my C: Directory that there is a folder called Vulkan and inside the folder is two shortcuts called vulkaninfo and vulkaninfo32. What could it be? I did do a bit of googling around and they told me was an API Driver similar to OpenGL that is included with Nvidia. When I uninstall it, it doesn't return back until I update Nvidia again and it shows up in my C: Directory



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:02 PM

Posted 29 March 2016 - 05:27 AM

Andre_Castillo14:

 

Thank you for your post.  The newest Nvidia drivers do install "vulcan" files in your computer.  Just this morning, I updated my Nvidia driver to the latest version, and there are "vulcanRT.exe" and "vulcaninfo.exe" files, though they are not in "Vulcan" folder directly under the root; i.e., C:\Vulcan", but rather buried a little deeper in several folders.

 

You might want to do a complete clean install of the newest Nvidia driver because it is unusual for Nvidia to install a folder in the root folder of the OS.

 

Some more information on the "vulcan" files can be found here.  See in particular, Post 19.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users