explorer.exe using 99% of CPU

Discussion in 'Malware Help (A Specialist Will Reply)' started by Bob2255, Feb 8, 2008.

  1. Bob2255

    Bob2255 Private E-2

    Can anyone help me please. :cry Recently my pc has been very slow. I noticed that explorer.exe process is taking up 99% of my CPU. I ran AVG anti-spy and Spybot but this didn't help. HJT log attached....thank you very much in advance!
     

    Attached Files:

    Last edited: Feb 8, 2008
    Bob2255, Feb 8, 2008
    #1
  2. Lev

    Lev MajorGeek

    Lev, Feb 8, 2008
    #2
  3. Bob2255

    Bob2255 Private E-2

    Hi, I followed all the steps in Read & Run me First and still have the same problem, where CPU usage is 100% all the time due to explorer.exe running at 99%. This problem started last week. I have attached the Combo Fix and MGlogs. I ran AVG and removed 1 trojan virus and 1 cookie tracker, however, no report was produced. Please help.
     

    Attached Files:

    Bob2255, Feb 8, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    After clicking Fix, exit HJT.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    File::
C:\WINDOWS\system32\AppCert\filter.drv
C:\WINDOWS\system32\AppCert\hb13a.dll"
C:\WINDOWS\system32\AppCert\options.dat
C:\WINDOWS\system32\AppCert\prx97w.dll
C:\WINDOWS\system32\AppCert\wsil32.dll
C:\WINDOWS\Temp\JETE8CF.tmp
C:\WINDOWS\Temp\JETEA85.tmp
Folder::
C:\WINDOWS\system32\AppCert
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppCert] 
"Path"=- 
"CurrentState"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls] 
"AppSecDll"=- 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls] 
"AppSecDll"=- 
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls] 
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Administrator\Local Settings\Temp

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Apr 19, 2008
    chaslang, Feb 9, 2008
    #4
  5. Bob2255

    Bob2255 Private E-2

    Thank you very much for your help. I got desperate and did a system recovery just before I got your message. PC working fine now. I will be sure to follow your advice next time if problem re-occurs (hopefully not!). Thanks again!
     
    Bob2255, Feb 10, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Did you mean System Restore or do you mean a System Recovery to go back to how the PC was shipped to you?

    Either way you should see the below:

    How to Protect yourself from malware!
     
    chaslang, Feb 11, 2008
    #6
  7. Bob2255

    Bob2255 Private E-2

    System recovery, so it was just as when I unpacked it....luckily i didnt have to spend too much time backing up data before as i had most of it backed up.....windows update took a while after recovery as i had around 70 updates.....i will read the link provided....thanks again for your help...this is a great site...and the read & run me first helped me get rid of a google link/browser hijacker i had in January
     
    Bob2255, Feb 11, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Feb 12, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds