Please help, cpu randomly freezing at 100% usage

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ttttubby, Jan 11, 2007.

  1. ttttubby

    ttttubby Private E-2

    I have followed ALL of the instructions on the "Read This First Sticky", and would greatly appreciate some help in eradicating the crap I've accumulated.

    Post 1/2

    Attached:
    hijackthis.log
    newfiles.txt
    runkeys.txt

    Thanks guys
     

    Attached Files:

  2. ttttubby

    ttttubby Private E-2

    Post 2/2

    Attached:
    activescan.txt
    bdscan.txt
    counterspy.txt

    I really appreciate your analyzation, as I'm feeling terribly vulnerable atm
     

    Attached Files:

  3. ttttubby

    ttttubby Private E-2

    btw, bitdefender, counterspy, and panda all came up with multiple trojans :(
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    How often does the CPU usage seem high?
    Does it happen in safe mode?
    What applications/processes are using most of the CPU time?
    Does it happen when not connected (unplug cable) to the internet?
     
  5. ttttubby

    ttttubby Private E-2

    Usually I leave my computer on all the time but recently I noticed that after a few hours (when I came back to it in the morning) it would be extremely sluggish. When I checked task manager, I was surprised to see that the CPU was working at 100%, so I checked my processes, and was surprised to see that skype was taking up all of my cycles. When I stopped that process, and tried to open up firefox, my computer went again straight to 100%, until I stopped the firefox process. If I reboot, my computer goes right back to being normal and then a few hours later something is again at 100%. Sometimes its msngr, sometimes its something else, but the last time I had seen a slowdown like that, it was because my father's computer which was not behind a firewall at the time had become infected with a virus, so I started looking around for spyware cleaners. I had had some experience with adaware and spybot s&d, so I installed spybot, updated it and ran it, only to find that I was clear. I stumbled upon major geeks and hijack this and so began taking the steps to post my hijack this logs. When I ran bit defender (took like 3 hours) I found several trojans, including one in a restore point (see logs). Unfortunately I had gotten ahead of myself and performed the test in normal mode. So I stopped, downloaded everything that was suggested in your forum sticky, and followed the instructions to the letter. When I ran bitdefender a second time (this time in safe mode) the same trojans were present (even though the first time through they were supposedly deleted.)

    I'd really like to be trojan free so I'd appreciate your help in eliminating anything and everything that might still be hanging around my system.

    Thanks
     
  6. ttttubby

    ttttubby Private E-2

    Also,

    I have not yet unplugged my computer while my computer was running at 100% (should have, but didn't think to do it.)

    Also,

    My computer has been on all day today (post tests, counterspy, etc) and it hasn't gone to 100% yet (one of the preliminary programs might have taken care of this problem)

    Regardless, I'm still carrying a few trojans and I'm worried that some of my private information might be up for grabs. Is that something I should be worried about?

    Thanks
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it did not delete them. It tells you in the log that Update failed! You need to go delete the files yourself. The one in system restore will only be deleted when system restore has been disable.

    At this point your problems don't appear to be malware! They seem more like what you are running. Is your copy of Norton/Symantec legal. Based on the keygen, I tend to doubt it and suggest you start by uninstalling ALL of the Norton stuff and use a free antivirus and firewall from here: How to Protect yourself from malware!


    Just to be on the safe side, I want to check for rootkits. So I would like to have you run this AVG Anti-Rootkit and attach a log from it.


    Things that you should delete are:
    C:\downloads\programs\norton\Norton AntiVirus 2005 With KeyGen\Norton AntiVirus 2005 With KeyGen.rar
    F:\Files from the Titan\Downloads\programs\norton\Norton AntiVirus 2005 With KeyGen\Norton AntiVirus 2005 With KeyGen.rar

    Also the below file is questionable!
    C:\downloads\fraps\Beepa.Fraps.v2.7.4.5867.DVT.zip.rar
     
  8. ttttubby

    ttttubby Private E-2

    :eek: yeah, I had a bogus copy of Norton, and have been meaning to move over to a free virus scanner already, and I have already deleted all of those files (though I did not clear system restore.) How exactly do I do that? And, after that is done, which of the files that I've installed for this process may I uninstall.

    Do you think then that this 100% cpu usage thing could be caused by something else?

    Thanks again
     
  9. ttttubby

    ttttubby Private E-2

    OK,

    The anti-rootkit says I'm totally clear
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have not uninstalled Norton yet, then uninstall all of it now and then install one of the free programs in the link I gave to you.

    Then uninstall CounterSpy! I also recommend that you uninstall Skype for now. You can reinstall later and you are using an old version anyway. The current version is here: Skype



    After doing that, attach new logs from HJT and ShowNew so I can see your current status.
     
  11. ttttubby

    ttttubby Private E-2

    ARRRGGGG!!! Its still doing going to 100%, and now, more often than not the culprit is "msmsgr.exe" in the process window. Funny thing is that I end that process, and then something else goes to 100% (firefox, counterspy etc). Then I end that, and msmsgr.exe is back and at 100%. Then explorer. I did a basic search and found several posts saying that msmsgr.exe was some kind of a worm, but none of the tests you have had me run seems to see it.

    Please help...
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you don't follow the directions I give you, I cannot help you!
     
  13. ttttubby

    ttttubby Private E-2

    Ok,

    I uninstalled Norton 2003 (you had me get rid of 2005 which wasn't installed on the computer, but the actual antivirus that I had been using was a valid copy of 2003)

    I got rid of skype (and installed the new version)

    I installed Avast!

    here are the two logs you asked for
     

    Attached Files:

  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that's better!

    Now Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Now delete the below folders:
    C:\Documents and Settings\Erik Krag\Local Settings\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Now delete the below files:
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\Video Cleaner Pro Uninstaller.exe


    Now attach a new log from ShowNew. Also tell me if you are still having problems! If you are, they may be hardware related and not malware.
     
  15. ttttubby

    ttttubby Private E-2

    Ok,

    done

    here are my hopefully last hijack this files and shownew files

    I'm still a little bit concerned about that msmsgr.exe thing. Just googling it brought up a few sites that warned it might be a worm of some sort (though I'm not entirely convinced that this wasn't a scare tactic to sell me some antivirus solution)

    Nevertheless, it does seem odd that that process kept coming up even after I had ended it.

    Any insight you have would be greatly appreciated.

    Thanks
     

    Attached Files:

  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Like many processes, it all depends on where it is running from. You cannot just go by a process name. That is why Windows Task Manager is so darn useless. It does not tell you enough information about the process. You need to know the path. That is what HijackThis shows in the process list. Other programs (like ProcessExplorer) do too.

    It is part of the Windows OS but it is not something that is normally needed and it has frequently been the source of popups being sent to your PC since it had security holes. That is why most people just remove it. You should just run the below:

    Run this Disable/Remove Windows Messenger to remove Windows Messenger.


    You did not answer my question as to whether you are still having problems.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds