Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syswow64 using processes that jack up CPU usage


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kral

Kral

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 07 April 2018 - 07:53 AM

I recently had a series of problems related to malware due to a bad program install. I've cleared most of the largest issues, but the one problem that remains is after booting up the computer for a few minutes, I get a process that initiates from the syswow64 folder and increases CPU usage to around 50%. First it started as svchost.exe *32. But occasionally it would instead be TRACERT.EXE *32. This morning I renamed both files by taking ownership of them and attaching "OLD" at the end, and now my computer uses nslookup.exe *32 from that folder. I don't know how safe it is to keep renaming executables (or if it's even practical to keep renaming them all). Once this problem starts, whenever I go to reboot the system, I get a BSOD. 

I am currently using a Win7 OS, SP1. I have run a series of antimalware software and they no longer are able to catch anything suspicious. Is a fresh windows install the only way to go?



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 07 April 2018 - 09:18 AM

This morning I renamed both files by taking ownership of them and attaching "OLD" at the end, and now my computer uses nslookup.exe *32 from that folder

 

That is concerning. Personally, I would start a thread in the Virus Removal Forum here at BC. Read all the pinned posts. It will show you what logs to attach to your first post. If you do not provide the logs you may get kicked out to the AM I Infected forum. After starting a thread PM a moderator and ask that this thread be locked to prevent confusion. 

 

Edit: I would also mention to the helper what files you renamed.


Edited by JohnC_21, 07 April 2018 - 09:19 AM.


#3 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 07 April 2018 - 09:53 AM

I followed your instructions and sent a message to Grinler. Hope to get a response soon!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users