Problem System Idle Process.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Levithian_666, Oct 24, 2004.

  1. Levithian_666

    Levithian_666 Private E-2

    I'm back... sigh, I'm having a slight problem, my System Idle Process is varying from 85-95 CPU usage, and my computer has slown right down... Also pop-ups come up, and I don't even need to star IE. I can post my Hijackthis here, if you guys want. The pop ups vary from cursormania/smiley central/fun web products etc... Like i said the system idle process is really slowing my computer... I'm getting pop ups as I type.... "friend finder"... Help please, sorry I don't know if this is spyware or what. Could you investigate this? thfwpiqv.exe, i accidently added that to my allow list don't know if thats causing the problems or what...
     
    Levithian_666, Oct 24, 2004
    #1
  2. Levithian_666

    Levithian_666 Private E-2

    Played a game for 20 minutes and went to go and check my msn and bam 6 IE running... This is really starting to be a pain in the @$$
     
    Levithian_666, Oct 24, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    When your not doing anything on your computer System Idle Process should be taking up most of your CPU time. There is nothing wrong with that. For example right now I have about 33 processes running (including 3 browser windows, a virus app, a spyware blocker and more) but the processes are basically idle since they are not scanning. And my System Idle Process fluctuates from 95 to 99. System Idle Process does not slow your computer down. It is what you computer does when it has nothing else to do. The actual time your computer is spending doing any work is 15 to 5 percent of the CPU useage.

    Normal procedures require that you please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    If you are having problems with cursormania/smiley central/fun web products etc, goto Add/Remove Programs and uninstall them.
     
    chaslang, Oct 24, 2004
    #3
  4. Levithian_666

    Levithian_666 Private E-2

    #1- The system idle process was never like that using 85-95 CPU and if I run anything, it starts using the CPU, it's never done that. I don't even have any new processes except for one taking up 6000k and it doesn't make any difference.

    #2- curson mania, etc. Are not in my Add/Remove programs list, its just pop ups, I don't even need to open IE up to get them either...
    I guess I will try that READ ME FIRST thing...
     
    Levithian_666, Oct 24, 2004
    #4
  5. Levithian_666

    Levithian_666 Private E-2

    Still having pop-ups. what now chas?
     
    Levithian_666, Oct 24, 2004
    #5
  6. Levithian_666

    Levithian_666 Private E-2

    Still having pop-ups ----> After I did those steps. I guess the System Idle process is normal, would like to get any errors or spyware off of my computer. The process that thing told me to do got rid of some of it... What should I do now?
     
    Levithian_666, Oct 24, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Oct 24, 2004
    #7
  8. Levithian_666

    Levithian_666 Private E-2

    Here it is...
     

    Attached Files:

    Levithian_666, Oct 24, 2004
    #8
  9. PhilliePhan

    PhilliePhan Guest

    Levithian_666,

    Your HijackThis is OLD and you are running it improperly!
    Please read the link Chas gave you.

    Download an up-to-date HJT (v1.98.2) and extract it to its own safe folder C:\Program Files\HijackThis.

    You may also be well served to download this tool. You may need it:
    LSP Fix

    Hopefully you can get this done before Chas checks back ;)

    Best,
    PP
     
    PhilliePhan, Oct 24, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hi PP! Nope he did not beat me back. And yes LSPfix will be needed. But first as you said we need the proper version of HJT run from the correct folder before continuing.
     
    chaslang, Oct 24, 2004
    #10
  11. Levithian_666

    Levithian_666 Private E-2

    Bah, sorry here it is, I downloaded LSP fix.. And I ran it from Program file HJT.
     

    Attached Files:

    Levithian_666, Oct 25, 2004
    #11
  12. Levithian_666

    Levithian_666 Private E-2

    Bah sorry im tired :( I ran HiJack This from C:/ Program Files/ HJT
     
    Levithian_666, Oct 25, 2004
    #12
  13. Kodo

    Kodo SNATCHSQUATCH

    Lev,
    download this program

    http://www.majorgeeks.com/download172.html
    a-squared (a²) Personal Edition 1.1 (free registration required)

    and run it in safe mode. Hopefully it will catch this line
    O4 - HKLM\..\Run: [cybech] C:\WINDOWS\system32\thfwpiqv.exe
    which looks like a trojan to me.

    make sure lspak.dll is not loaded in any process. If it is, kill it.
    Then do this

    start-> run
    type
    regsvr32.exe /u c:\windows\system32\lspak.dll
    hit enter and hopefully you should succeed in unregistering it.
    find the file and delete it. then run the lspfix.

    when all that is said and done, reboot and dump these lines in HJT if present.

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKLM\..\Run: [cybech] C:\WINDOWS\system32\thfwpiqv.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

    Do yourself a favor and get rid of kazaa
    C:\Program Files\Kazaa Lite K++\KazaaLite.kpp

    I would bet money that it's part of your problem.
    post a new log file.
     
    Last edited: Oct 25, 2004
    Kodo, Oct 25, 2004
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just in case you are not sure how too use LSPfix

    Run it.
    Check the "I know what I am doing" box Click on lspak.dll on the left window and click on the
    arrow pointing to the right. Click Finish and follow the prompts.
    Delete the following file (if found):
    c:\windows\system32\lspak.dll
     
    chaslang, Oct 25, 2004
    #14
  15. Levithian_666

    Levithian_666 Private E-2

    It says this when I got to the regsvr32.exe /u c:\windows\system32\lspak.dll
    thing : c:\windows\system32\lspak.dll, but the Dll unregister server entry point was not found. Should i stop or what. And the other 33 Malware should I delete them as well?
     
    Levithian_666, Oct 25, 2004
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Just skip that and use LSPfix as I told you to remove that file from your LSP chain. Then perform the other steps noted fixing the lines using HijackThis.

    What do you mean by "And the other 33 Malware should I delete them as well?" What are the 33 malware items you are referring to?
     
    chaslang, Oct 25, 2004
    #16
  17. jbonevia

    jbonevia Private E-2

    I am having the exact same problem with my PC.

    Every 5-10 minutes an IE window will start up and take me to one of several sites, smileycentral.com cursormania.com and some other sites.

    PC is running WIN2K - all win updates current

    I have exactly the same entries in my hosts file:
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch

    If i delete the hosts file altogether, it is regerated right away, with the same information in it. If i try to edit the hosts file, the same thing happens.

    It happens in safe mode as well as normal mode.

    I have read through and followed the sticky posts to the letter, AdAware, HijackThis etc recognise the hosts file problem and fix it, but it comes back right away.

    I dont seem to have the LSP problem.

    Its driving me nuts!
     
    jbonevia, Oct 29, 2004
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please start your own thread and reference this thread.
     
    chaslang, Oct 29, 2004
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds