Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus taking up CPU


  • This topic is locked This topic is locked
4 replies to this topic

#1 Famuzy

Famuzy

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 November 2017 - 02:31 PM

A little while back, maybe a few weeks or a month ago I got a virus but removed it pretty quickly with a Malwarebytes scan, but i'm thinking it missed something.

 

This process in Task Manager labeled "Windows Process Manager" often takes up a good amount of my CPU, sometimes it sits at 0-3% but other times it will take up 5-10% or more. https://i.imgur.com/DBGcF9m.png

 

If I try to end process it simply doesn't do anything, However when I right click and go to details it shows me something called "pchrvuk.exe". There a multiple of these https://i.imgur.com/mRDRwbA.png

If I try to end task from there, it tells me "Unable to terminate process. The operation could not be completed. Access is denied.https://i.imgur.com/FYXGipH.png

 

When I right click on pchrvuk.exe and click "Open file location", it tells me "Location is not available. C:\users\isaiah\appdata\Local\snnxewc is not accessible. Access is denied" https://i.imgur.com/zu5JAbK.png

I've tried running a custom scan in Malwarebytes on just that folder and it comes up clean.

 

There's also another program in my task manager called "Client Service" that links back to that folder when I Open file location. https://i.imgur.com/YPXuxrC.png

 

Another important thing, this "pchrvuk.exe" is taking up quite a bit of my data usage, which is pretty worrying. https://i.imgur.com/fqH4xoR.png

 

Not entirely sure what all of this means and what to do about it, so hopefully I can find some help here.

 

Edit: I just noticed while scrolling through Task Manager that there are quite alot of svchost.exe's running. Not sure what to make of that or if its related doesnt seem right though. https://i.imgur.com/kkwGzfk.png


Edited by Famuzy, 08 November 2017 - 02:37 PM.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:57 PM

Posted 08 November 2017 - 02:54 PM

See what a scan using the two programs below can find. If they find nothing relating to that file then I suggest you start a new topic in

the malware removal forum by following the last set of instructions below. Last I looked, the volunteers in that forum are very busy and it may be

a few days before they get to your new topic.

 

First...clean up the computer.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Famuzy

Famuzy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2017 - 02:29 PM

See what a scan using the two programs below can find. If they find nothing relating to that file then I suggest you start a new topic in

the malware removal forum by following the last set of instructions below. Last I looked, the volunteers in that forum are very busy and it may be

a few days before they get to your new topic.

 

First...clean up the computer.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.

Here are the contents of the adwcleaner logfile:

 

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 08 20:08:40 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-07-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\isaiah\AppData\Roaming\acestream
PUP.Optional.Legacy, C:\Users\isaiah\AppData\LocalLow\.acestream
PUP.Optional.Legacy, C:\Users\isaiah\AppData\Roaming\.acestream
PUP.Optional.Legacy, C:\Users\isaiah\AppData\Roaming\Geunfy
PUP.Optional.Legacy, C:\Program Files\RunBooster
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Users\isaiah\AppData\Roaming\Installer.dat
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{A4522146-C6CC-46F6-80A3-CBE0C343A8AA}C:\users\isaiah\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F6115701-FB7D-44AC-A841-6CBA93464BEF}C:\users\isaiah\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-265876308-2032660472-480554556-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11082017133322612\Software\Earth Networks
PUP.Optional.AceStream, [Value] - HKCU\Software\RegisteredApplications | AceStream
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#4 buddy215

buddy215

  • BC Advisor
  • 12,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:57 PM

Posted 09 November 2017 - 05:03 PM

After you have posted Eset's scan results....rerun AdwCleaner and be sure to click on Clean when scan finishes.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:57 PM

Posted 09 November 2017 - 06:01 PM

OP reposted in MRL, https://www.bleepingcomputer.com/forums/t/662404/possible-virus-taking-up-cpu/#entry4376741 .

 

To avoid possible confusion, this AII topic is now closed.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users