It looks like I have an issue with my computer but I’m unable to determine the cause. I have looked at some topics on the forums but found noone with the same issue so I am posting a new topic.
My issues seems a bit similar to http://www.bleepingcomputer.com/forums/t/614137/infected-svchost-windows-update-misbehaving/?hl=%2Bwindows+%2Bupdate#entry4001712 but the topic was not resolved and various different services seem to be hogging my CPU, not just windows update.
After running for 4 hours and presumably being stuck (showing no signs of working) the Windows Update DISM tool (https://support.microsoft.com/en-us/kb/947821 ) seems to have finally caught up and installed some updates. I will inform about further progress in future updates.
The Microsoft tool seems to have installed all updates on my computer successfully (after running for about 5 hours), but another service (FDResPub) is "abusing" my CPU now. I will post more info later.
I run a Windows 7 on a quadcore computer (which is a relevant information, more about that later). I use Avast! Free antivirus and most of the time my brain to protect my computer to… somewhat varying degree.
I would like to mention that I am a software developer so I use a lot of quite powerful tools (cygwin, GIT, various command line extensions, automatic scheduled tasks to simulate cron tasks on our production server and so on) which further complicates the situation as the whole issue might just be a conflict between tools that I have installed or just my own damn fault.
I have created a topic about myself in the Introductions forum but the information posted there is the same as the information I post about myself here.
As far as I can tell from my observations it seems that 100% of the time my computer is stuck at 25% CPU usage (quadcore, so one core is always at 100% usage) with svchost process having this mentioned 25% cpu usage. That is how I have noticed the issue - my computer’s fan is running all the time and my CPU usage is always high.
At first I thought it was WAMP or Chrome (I tend to have more than 20 tabs open at the same time, I have reached over 100 open tabs at one point) but then I have noticed that this issue is present even when no programs are open. But at first I didnt think it was an issue so this has been going on for quite a while - so if there is any infection, it has had plenty of time to dig deep into my OS.
The most interesting part is - judging off the Resources Monitor tool, there is always a DIFFERENT service stuck at 25% cpu. I restart it, some other one goes to 25% CPU usage. Sometimes it is the same one as before, but most of the time it is a different service. It seems almost random which service is the current CPU hog but there is ALWAYS at least one after a brief while.(after I restart the service the CPU usage goes down for like a minute and then another service starts running hight CPU - FDResPub, WSearch, DcomLaunch (not 100% sure if this one ever actually was an issue), some logging service… Wide variety of different services). Always 100% CPU core usage tho and it's the same service for (seemingly) endless time period - until I restart it, then another one takes it's place.
And it seems that the “chain” always starts with wuauserv after system restart.
Sometimes multiple services use CPU, but that seems like their legitimate usage because they always quickly drop down to 0 again, as should be the case.
My attempts to fix the issue so far
I have been trying to solve this issue for two days already, starting with Avast! anti virus scan, then backing up my work, moving to my laptop and performing a 23 hour long scan by ComboFix which I had to interrupt in the end so I dont know the results. Then I re-run ComboFix under windows safe mode and only then it completed in about 20 minutes. It removed some suspicious exe files from my hard drive and erased all the copies of GIT on my hard drive for some unknown reason but... it didn't fix the issue. I can post the log here but as far as I have red the instructions on this forum that information should not be posted in this section of forum.
A bit of disclaimer:
I am aware that the forums repeatedly state that ComboFix is a “tool for trained professionals only.” With a university degree in software engineering I may feel embarassed that I don’t know how to fix the damned issue myself but I do beleive that I am "a trained professional". I have been using it over a dozen times before to fix other people’s malware infected computers with generally good results so I’d say that I do know the basics of using it.
I have also run Malwarebytes. Found three suspicious files, but no success - the issue prevails.
Since the CPU hogging service is a wuauserv.exe most of the time, I have figured out that this might be the issue with Windows Update.
So I have tried to run Windows update and… the update process gets stuck at “downloaded 0% , downloading at 0 kbps”. So I cant run Windows Update on my computer…
So I have red through https://support.microsoft.com/en-us/kb/947821 and https://support.microsoft.com/en-us/kb/2509997 and tried to run several fixes that those articles mention and… well, guess what, they get stuck infinitely at “Looking for updates on this computer” (I dont know the exact thranslation as I run a Czech version of Windows 7) with the aforementioned wuauserv stuck at 25% CPU usage.
I have also tried running “Fix windows startup issues” from the boot menu and… “No issues found”.
Run sfc /scannow - “No integrity violations found”.
At this point I don't know what to do anymore... Right now it's the FDResPub service taking 25% CPU.
I don't know for sure what the issue might be caused by or when it started exactly. I think that there was an automatic windows update a few days ago that was successful but I am not certain as I have learned to ignore such pesky messages. I think the system did successfuly update in the last month or so. But I did change from "Install important updates automatically" to "Ask me to manually install windows updates" recently after the computer restarted itself in the middle of an online game with my friends...
From the 21 important updates that there are in the Windows Update right now, the earliest uninstalled update is from the 12th of april so that's probably some time after the last successful update.
I have also noticed that WIndows Update mentions for all the updates that "This update has been downloaded and is ready to install". That might be the issue if the system's update mechanism is somehow corrupted and repeatedly tries to prepare the updates for install but gets stuck in the process.
I do NOT receive any "updates are ready to install" popup windows in the bottom right corner of the screen (and did not receive those for quite a while now that I think about it) , so that also points towards an issue with the Windows Update.
As I have mentioned above - I have recently started using TasksScheduler in Windows to simulate Cron tasks (they run some Laravel scheduling tasks), but those Windows tasks are currently disabled.
I also use Ditto, Skype, Razer Synapse, Microsoft One Drive, AutorunEater, Overwolf overlay, Dropbox and other software that might interfere with the system to a certain degree.
I also began using Cmder console emulator recently.
And as a last mention of something that I'm not very proud of: I do sometimes work with potentially dangerous files downloaded from various sources as my friends tend to ask me to... extend trial periods on certain software from time to time. I try to stay away from this as I know that it is quite dangerous (though legal if I do not use the software myself) but I am the kind of guy who hates to say "no" to people when asked for a favor. This is one of the main reasons why I'm considering separating my work OS from my personal OS (as I have recently started working on a project that does work with more sensitive data than before) but I do mention this as that might have been a source of infection, even though I do scan all files I download.
The point is - it seems that my computer is corrupted, possibly infected but I can’t seem to find the issue neither do I seem to be able to repair it.
What are my options here? After seeing that I am unable to fix the issue I am considering reinstalling the system, possibly to Windows 10.
Any other ideas? Can this be fixed? If not, do you think that this has been caused by some malware/virus/etc. and that I should be careful when moving my old files to newly installed system?
And to further prevent simillar issues, would you recommend any tools that I should use to prevent such attacks?
As briefly mentioned before: recently I have started working on a security-sensitive web system and even though sensitive data will never be stored on my computer, I would like to prevent any potential attackers from getting for example FTP login data for my FileZilla, Git login credentials and other sensitive stuff. This is the main reason why I post this topic here - I want my work to be safe.
I am considering using separated computers / windows installations for personal use and for work. We do have external security consultants in our company but I would like to know as much as I can on my own. And I would like to try to fix the issue and learn from fixing it instead of just giving up.
With best regards
Edited by Sirgo, 17 May 2016 - 10:41 AM.