Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comupter being slower and uses more resources, suspecting virus(es)


  • This topic is locked This topic is locked
14 replies to this topic

#1 RoiMan

RoiMan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 April 2016 - 08:18 AM

Hi, I noticed that in-game my coumputer uses up to 99-100% of CPU, and when idling up to 60%.

I tried sniffing around and checking processes and usages, and stumbled upon this piece of work: https://i.imgur.com/hLCpw4W.png

( from right to left: process, PID, description, status ( all ON ), sub-processes, CPU and avarage CPU ). A friend 

told me I should run a malware scan and I did, and found plenty of mostly hramless ( ? ) things, which I've removed. I'm adding the scan report in the file section.

Could this bottleneck be anything else that any of you might know of?

 

my specs are:

 

CPU - i5 4690

RAM - 8GB

GPU - R9 390

MoBo - Gigabyte H97-HD3

 

Thanks.

 

Attached File  malware results.txt   4.68KB   5 downloads



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 26 April 2016 - 08:27 AM

Hello RoiMan and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Malwarebytes got rid of a lot of junk but I suspect there's more on your computer so let's have a look.

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 April 2016 - 09:14 AM

Hello, Satchfan. Thank you for the fast response. I am adding the four logs to this message.

 

Attached File  AdwCleaner log.txt   1.77KB   2 downloads

 

Attached File  JRT.txt   691bytes   1 downloads

 

Attached File  FRST.txt   65.02KB   3 downloads

 

Attached File  Addition.txt   103.99KB   2 downloads



#4 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 26 April 2016 - 11:07 AM

Thank you for the fast response.

That was luck as I had just checked on one of my other threads. Unfortunately it doesn’t always work like that as we have jobs/families etc. but we all try to reply as quickly as we can.


Thanks for the logs.

I suggest that you uninstall Popcorn Time.


P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Can you tell me if there are any remaining problems.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 April 2016 - 11:34 AM

That was luck as I had just checked on one of my other threads. Unfortunately it doesn’t always work like that as we have jobs/families etc. but we all try to reply as quickly as we can.

 

Of course, but I thank you for the fast response either way. I have no problem with waiting, and appreciate the help.

 

I am attaching the log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016

Ran by 1 (2016-04-26 19:24:08) Run:1
Running from C:\Users\1\Desktop
Loaded Profiles: 1 (Available Profiles: 1)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:
*****************
 
AvastVBoxSvc => service could not remove
gdrv => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VBoxAswDrv => service could not remove
VGPU => service removed successfully
EmptyTemp: => 3.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:25:15 ====
 
As for UTorrent and Popcorntime - I rarely use Torrent, but when I do, I try to find the most reliable sources. I know it's absolutely not 100% safe, but I'm gaining much more with it than without it entirely. I need it , but will keep it off for now.
 
Popcorntime was removed.

Edited by RoiMan, 26 April 2016 - 11:37 AM.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 26 April 2016 - 04:34 PM

Can you tell me if there are any remaining problems.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 April 2016 - 05:30 PM

 

Can you tell me if there are any remaining problems.

 

 

Oh, through these analysis, I conclude that there isn't something wrong ( anymore ) regarding Malware and virusus? In that case I will stress test my PC and see if the problem continues. If it does, I will contact the store I bought the CPU from to try and figure out if there is something wrong with it. I think that is all, thank you for the help and support.



#8 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 26 April 2016 - 05:40 PM

I'm pretty sure you're OK but I think it would be a good idea to run an online scan to be certain because of what was found by the scans.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:


If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 27 April 2016 - 01:33 AM

This is what the scan found

 

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\03D40274-1439746084-05F3-8606-260700080009\Uninstall.exe.vir Win32/Adware.ConvertAd.AEY application
C:\Program Files (x86)\wmvtoavi_setup\wmvtoavi_setup\wmvtoavi_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
F:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application


#10 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 27 April 2016 - 01:56 AM

We’ll get rid of what was found: the other entry that’s not included is only reporting what has already been quarantined: it  can't cause any harm and will be removed when we tidy up.

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Program Files (x86)\wmvtoavi_setup\wmvtoavi_setup\wmvtoavi_setup.exe”
del /f /s /q “F:\Program Files (x86)\uTorrent\uTorrent.exe”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

Please let me know if you’re happy to tidy up.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 27 April 2016 - 02:58 AM

Done, bat deleted and all.

 

Please let me know if you’re happy to tidy up.

 

Was this first stage of tidy up/pre tidy up/all tidy up?



#12 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 27 April 2016 - 03:03 AM

That just got rid of what was found by Eset.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up the tools we’ve used and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall jre1.8.0_66

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 RoiMan

RoiMan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 27 April 2016 - 05:23 PM

Thank you. I have installed some of the recommended softwares, since they look useful and great. I will bookmark your last message ( and thread ) for future refrence, since it has some good, useful info.

That is all, thank you very much for your help.



#14 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 27 April 2016 - 05:30 PM

You're welcome.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:31 AM

Posted 28 April 2016 - 02:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users