MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-10, 23:44
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default services.exe high cpu usage...

So I started getting my symantec antivirus poping up everytim i booted my computer (windows xp) and it would say it detected something, quarantine it, reboot and it will be removed, always did that and everytime I rebooted the popup would always come back and realized my internet was dramatically taking for ever to load simple pages and sometimes wont load at all. So I figured I had some sort of malware or something. I starting going through the awesome malware removal guide like usual, was going through the process with no problem until I got to the step on using SUPERAntiSpyware...

I ran it, it detected 3 things, it removed them, then rebooted the pc bc it asked, and thats where the problem started...

at first when it rebooted, it would get to the windows logo loading screen and then after a few seconds would reboot again... and it just kept doing that as a loop... then I F8 it to get into safe mode, would attempt to load up safe mode... and just reboot again in the windows screen... F8 again, attempted safe mode with network, and once again rebooted at windows screen, then I tried the other option wihch was load windows with previously working settings I believed it was called and that did the trick, but once windows did load, thats when the service.exe CPU usage is at 99% and now I literally can't use the computer bc it takes for ever to do anything, so until I get that issue resolved I can't perform the rest of the malware guide on that computer, does anyone have a solution on fixing this service.exe high cpu usage?

also I managed to get a the SASlog and a screen shot off that computer, the virus/malware prompt box that my antivirus was telling me I had b4 I started attempting the malware guide removal.

im not sure if the SAS removed something that wasn't supposed to be removed which is causing the high cpu?

P.S. im probably not gonna be available for the next day or 2 to attempt to fix the pc but I will be looking at the thread to see any solutions so any help would greatly appreciate it, thanks!
Attached Images
File Type: jpg 1.jpg (88.6 KB, 14 views)
Attached Files
File Type: txt SASlog.txt (841 Bytes, 6 views)
Reply With Quote
Sponsored links
  #2  
Old 04-01-10, 01:13
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

Quote:
Originally Posted by KiLL CraZy View Post
and now I literally can't use the computer bc it takes for ever to do anything, so until I get that issue resolved I can't perform the rest of the malware guide on that computer, does anyone have a solution on fixing this service.exe high cpu usage?
If you managed to get the snapshot and the SAS log, perhaps you can do more than you think. We understand that it may be slow, but you will not have much of a choice, unless you want to remove the hard disk to work on it in another PC or unless you want to build a special boot CD (obviously using another PC) so that you can attempt to clean components of the infection.

Are the two files shown in your snapshot, still on the PC or were they deleted?

Does Task Manager open ( even if it takes a long time)? If so, do you see any unknown processes running?


See if you can boot in safe mode now with your cable to the internet unplugged. Then try to run ComboFix and then MGtools. Attach any log you can get. We need more info.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 04-04-10, 16:58
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

ok, here is the CombiFix and MGL...

I am able to open task manager even though it takes a little more time for it to open and to my knowledge I don't see anything weird on it, ill try and take a snapshot of it also to upload so you can take a look at it, and when I tried to run the SAS log, it recommend to turn off my antivirus which I tried but every time I disabled it it would re-enable automatically for some reason so it did the scan with it on, and as to the pop ups, I dont get them anymore after the first SUPERAntispyware scan it seems, so im hoping now the only problem im having is the services.exe CPU usage but once that is fixed, I will contirue with the malware guide to be 100% sure
Attached Files
File Type: zip MGlogs.zip (130.2 KB, 9 views)
File Type: txt ComboFix.txt (19.1 KB, 6 views)
Reply With Quote
  #4  
Old 04-04-10, 17:11
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

and here is the taskmanager
Attached Images
File Type: jpg Tankmanager.jpg (98.0 KB, 17 views)
Reply With Quote
  #5  
Old 04-05-10, 13:12
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

Any ideas? =\
Reply With Quote
Sponsored links
  #6  
Old 04-05-10, 21:02
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

ok so I did some searching around and found out that the sevices.exe could possibly be a virus/malware hence its using the CPU 100%... but I can't seem to find a way to get rid of if so far, any tips?
Reply With Quote
  #7  
Old 04-05-10, 23:11
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

Quote:
Originally Posted by KiLL CraZy View Post
Any ideas? =\
Please read this:Don't Bump! It Only Hurts You!!!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #8  
Old 04-05-10, 23:15
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

Quote:
Originally Posted by KiLL CraZy View Post
ok so I did some searching around and found out that the sevices.exe could possibly be a virus/malware hence its using the CPU 100%... but I can't seem to find a way to get rid of if so far, any tips?
No your services.exe process is valid. It is just that you have malware hooked into it. Possibly a form of Conficker.

ComboFix did not finish properly running last time. Let's try a fix to see if we can make any improvment.



Now download The Avenger by Swandog46, and save it to your Desktop.
  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
Quote:
Files to delete:
C:\Documents and Settings\NetworkService\onmyni.exe
C:\Documents and Settings\Andrew\Application Data\vgj.dwq
C:\WINDOWS\system32\drivers\etc\1.hosts
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now see if Malwarebytes and SUPERAntiSpyware will run.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:
  • C:\avenger.txt
  • the Malwarebytes and SUPERAntiSpyware logs if they ran
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 04-06-10, 22:41
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

ok, did all the steps you said, didn't encounter any problems during the scans... only thing I did realize was with avenger one of the files wasn't removed because it said it wasn't found? but im sure you will see that in the log, I noticed you mentioned let's fix to get combofix to do a proper scan but I did not try combofix yet because you didn't mention it in the guide to do so yet, just putting that out there. =]

other then all the scans, the pc is still running services.exe at 100% CPU... =\

I shall wait for your next step =]
Attached Files
File Type: txt avenger.txt (1.7 KB, 3 views)
File Type: txt mbam.txt (902 Bytes, 1 views)
File Type: log SASlog.log (465 Bytes, 1 views)
File Type: zip MGlogs.zip (205.6 KB, 3 views)
Reply With Quote
  #10  
Old 04-09-10, 00:32
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

You must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer You should not even have this running at all since you have CounterSpy running. Between the two of them, your PC will slow down quite a bit.

Question: Does your Symantec software also include and antispyware component? If yes, you need to uninstall CounterSpy.

You now need to make sure Teatimer really got disabled and is not running, and then shutdown CounterSpy and also Symantec. Then try running ComboFix as instructed in the READ & RUN ME. Attach the log if it runs. If it does not run in normal boot mode, try safe mode.


Are you still having problems?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #11  
Old 04-09-10, 05:41
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

Quote:
Originally Posted by chaslang View Post

Question: Does your Symantec software also include and antispyware component? If yes, you need to uninstall CounterSpy.
No, Symantec is only a virus scanner, not a antispyware, in the combifix guide is recommends to turn off any virus scanners and such during its scan but symantec is giving me problems on disabling it.... you think I should uninstall that and uninstall counterspy (if its also giving me problems on disabling, not sure, havent tried it yet) before I re-run combofix?
Reply With Quote
  #12  
Old 04-09-10, 20:55
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

Just try running ComboFix in safe boot mode. If that does not work, then uninstall Symantec and CounterSpy and retry ( normal mode 1st ).

Did stopping Teatimer have any effect on your CPU use? If you uninstall CounterSpy and Symantec, also take note of your CPU use.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #13  
Old 04-10-10, 16:12
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

ok, i disabled tea timer, (and yes my CPU usage was still high, I started getting that problem before I installed spybot) I uninstalled counterspy, and was able to disable my antivirus. (CPU still high)

I ran Combofix twice, the first time I ran it seemed to have went smooth but i got a weird error at the end, which was why I scanned it a second time to be safe but the same error appeared, it doesn't appear to be a serious error, I did take a snap shot and posted it below, that would pop up right after the blue screen of combofix closed, and after I clicked "Yes" in the box nothing happened so I just closed the log and looked for the combo fix log in my C drive.

Combofix1 is my first scan and Combofix2 is my second scan.

I tried booting into safe mode but after the pc booted up, it would bring me to the blue screen to log on to either "Administrator" or "Andrew" which I found odd bc I thought that my andrew one was the administrator... but either way, once I got to that screen I had no power over my mouse or keyboard to choose an option so I was pretty much stuck at that screen and just had to reboot the pc in normal mode to do the scans. I even connected another keyboard and mouse to the pc and I still had no control over the mouse to choose an option, so just rebooted in normal and the mouse and keyborad worked again, odd.

and so far my pc is still running a 100% CPU usage...

what else should I try?
Attached Images
File Type: jpg ComboError.JPG (72.3 KB, 6 views)
Attached Files
File Type: txt ComboFix1.txt (22.4 KB, 4 views)
File Type: txt ComboFix2.txt (22.8 KB, 1 views)
Reply With Quote
  #14  
Old 04-11-10, 22:46
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

Quote:
Originally Posted by KiLL CraZy View Post
I uninstalled counterspy, and was able to disable my antivirus. (CPU still high)
I did not suggest disabling it. You cannot disable all of it properly. You would have to go in and stop and disable all services and processes to do this otherwise some components and hooks are still in effect. To properly test whether the problems are at all related to Symantec, it needs to be fully uninstalled and then a new scan and log from MGtools should be attached so that we can verify it uninstalled since it frequently does not.

Currently, it is not looking like you have malware problems.


Quote:
Originally Posted by KiLL CraZy View Post
I tried booting into safe mode but after the pc booted up, it would bring me to the blue screen to log on to either "Administrator" or "Andrew" which I found odd bc I thought that my andrew one was the administrator...
Your andrew account is just an an account that has administrator priviledges. It is not the Administrator account.

Quote:
Originally Posted by KiLL CraZy View Post
but either way, once I got to that screen I had no power over my mouse or keyboard to choose an option so I was pretty much stuck at that screen and just had to reboot the pc in normal mode to do the scans. I even connected another keyboard and mouse to the pc and I still had no control over the mouse to choose an option, so just rebooted in normal and the mouse and keyborad worked again, odd.
Harware/driver or setup issues in your BIOS. Not malware. Possibly related to what the below is mentioning about Legacy Devices:

http://whitecanyon.com/esupport/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=83
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #15  
Old 04-11-10, 23:22
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

The reason I disabled antivirus was bc in the combofix guide it suggested to have all virus/antispyware software off b4 doing the scan.

Do you propose I should Uninstall Symantec and re-run MGtools and post those logs?

And I looked into the BIOS settings and I search up and down and didn't find anything about Legacy Devices.... The closes thing I could find as to regards of USB devices was in the VIA OnChip PCI Device settings were options such as:

OnChip USB Controller [All Enabled]
OnChip USB 2.0 Controller [Enabled]

and as u can see they were already enabled.

what should I do next?
Reply With Quote
Sponsored links
  #16  
Old 04-13-10, 13:50
KiLL CraZy KiLL CraZy is offline
Private First Class
 
Join Date: Mar 2007
Posts: 67
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: services.exe high cpu usage...

I just wanted to say thank you chaslang for all the help you provided me. But I think I'm
just going to buy a new hdd to back up my stuff if it let's me and re-install windows. I can't take this anymore and I'm loosing my mind with this. Haha. I do appreciate the help you have provided me with and hope you guys keep fighting the battle against spyware. Kudos
Reply With Quote
  #17  
Old 04-13-10, 23:34
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,385
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: services.exe high cpu usage...

You're welcome. Good luck with your reinstall and surf safely!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
KiLL CraZy (04-14-10)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
help with high CPU usage scott.jeffreys Software 2 02-11-09 13:58
CPU usage High HuntingWolf Hardware 11 11-20-07 00:58
RealProducer utilises over 90% CPU usage? Will high CPU usage damage CPU? ppkk Software 4 06-10-05 18:35
high cpu usage from windows xp services jonsimmonds Software 4 07-14-03 11:49
XP and high CPU usage Allen Software 2 04-22-03 21:38


All times are GMT -5. The time now is 21:21.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger