CPU pegged @ 100% whenever any web page loads, all browsers

Discussion in 'Malware Help (A Specialist Will Reply)' started by maxplanck735, Dec 23, 2008.

  1. maxplanck735

    maxplanck735 Private E-2

    Whenever I load a web page my CPU pegs @ 100% for around 5-10 seconds, and web pages load much slower than they used to. This happens with all browers I have tested, including Firefox 3.0.5, IE 7, and Slimbrowser.

    When no web browser is open, my computer runs fine, no problems.

    I have defragged hard drive, run all scans listed in the MajorGeeks Windows XP Cleaning Procedure, Avast boot scan, AVG 7, and problem remains. Ran HDTach to test hard drive, my hard drive's performance closely matches the benchmark for my hard drive's make/model.

    This problem started sometime in the last week or two, around when I was browsing some websites that I don't normally use. I may have picked up a virus in the process, though I'm not sure.


    If anyone has advice I would greatly appreciate hearing it.

    Thank you
     

    Attached Files:

    maxplanck735, Dec 23, 2008
    #1
  2. maxplanck735

    maxplanck735 Private E-2

    MGlogs.zip attached
     

    Attached Files:

    maxplanck735, Dec 23, 2008
    #2
  3. maxplanck735

    maxplanck735 Private E-2

    Update: svchost.exe is the process that is hogging the CPU, hogs between 90 and 99% while firefox uses the rest.

    This only happens when I try to access a web page through a browser, all other times computer works perfectly fine, as usual, even for online gaming through Steam (don't notice any more lag than usual), as far as I can tell..
     
    maxplanck735, Dec 25, 2008
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi

    We are currently reviewing your logs. Please be patient and I will get back to you with a plan of action as soon as possible. Thanks for your patience during this time.

    Kestrel13!
     
    Kestrel13!, Dec 26, 2008
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1) Are you setting up to use a proxy in Latvia? if not please include to fix the R1 line in the below HJT fix in step#4

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=217.199.117.106:


    2) Please disable the Guest Account through User Accounts if this hasn't already been done so.

    3) Please go to Add or Remove Programs and uninstall the following old software:

    • Java(TM) 6 Update 6
    4) Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <--- if you did not set this restriction then please include this entry to fix also.
    O20 - AppInit_DLLs: dagnwr.dll

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix exit HJT.


    5) Now we need to use ComboFix to remove a bunch of malware files.

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it
    (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
     
 
KILLALL::
 
 
File::
C:\WINDOWS\system32\dagnwr.dll
C:\WINDOWS\system32\winsys2.exe
 
Folder::
c:\documents and settings\All Users\Application Data\Avg8 
 
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=- 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="" 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe


      http://farm4.static.flickr.com/3014/3035535531_512f04c6a2_o.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    6) Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6



    7) Now Run Ccleaner!

    8) Now delete the older version of MGTools and download the latest version of MGtools.exe and run it

    9) Now attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
    Last edited by a moderator: Dec 29, 2008
    Kestrel13!, Dec 28, 2008
    #5
  6. maxplanck735

    maxplanck735 Private E-2

    IT WORKED!!! Thanks!!!
     

    Attached Files:

    maxplanck735, Dec 29, 2008
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi may I also request the combofix log please?


    Thanks
    Kestrel13!
     
    Kestrel13!, Dec 29, 2008
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    HI there. Everything looks good.

    Please also remember that you must ensure you are running your machine with anti-virus protecting you! If you haven't already done so please use our "How to protect yourself from malware" link in my final steps below to pick an anti-virus from the selection outlined there.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jan 2, 2009
    #8
  9. maxplanck735

    maxplanck735 Private E-2

    Here is combofix log, sorry for the delay.

    When Firefox runs, CPU occasionally gets used more than it should, though not as extremely or as frequently as before (using 30-50% for 15 seconds or more, occasionally pegging @ 100%). However, IE and Google Chrome don't cause this problem now. So this probably has something specific to do with Firefox 3, or maybe my Firefox installation is simply infected with something. So long firefox! :major

    Thanks again for all the help
     

    Attached Files:

    Last edited: Jan 3, 2009
    maxplanck735, Jan 3, 2009
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No problem for the delay...I was able to give you the all clear just by looking at your last MGlogs.zip. :) Your logs are malware free so any other issues you are now having you could post about in the software section.

    Happy New year.
    Kestrel13!
     
    Kestrel13!, Jan 3, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds