Frequent Internet Access, CPU to 100%

Discussion in 'Malware Help (A Specialist Will Reply)' started by BanjomanCO, Nov 24, 2009.

  1. BanjomanCO

    BanjomanCO Private E-2

    Sir:

    Task Manager shows 100% CPU activity spikes at intervals, coupled with bidrectional network traffic. They are enough to interrupt the mouse. When I reboot, they go away, but sometimes come back as much smaller CPU spikes at the same intervals, with the same network activity. (See Attached Screen grab.)

    I have run the entire MajorGeeks sequence, step by step. SuperAntiSpyware came up clean, as did Malwarebytes. Rootrepeal came up with no hidden or locked files showing at all.

    I have attached the Rootrepeal, Combofix, MGlogs.zip, and a screen grab.

    I currently run Antivir, Ad-Aware and Spyware Blaster.

    I use Firefox and Outlook 2007 on Win XP Pro.

    Should I be suspicious?

    Thanks, guys & gals.

    Chris
     

    Attached Files:

    BanjomanCO, Nov 24, 2009
    #1
  2. BanjomanCO

    BanjomanCO Private E-2

    One more item: Occasionally, my keyboard will take off and duplicate a letter maybe 20 times. I replaced the keyboard, and the new one does the same thing. Makes me wonder about a keystroke logger...
     
    BanjomanCO, Nov 24, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are not really showing any malware problems.
    Are any processes showing using lots of CPU time?

    What do you have installed from PC Tools? Is it just a trial version of Spyware Doctor? If so, uninstall it and reboot immediately after. Did you also install Threatfire?

    You always need to attach the logs anyway as requested so we can be sure proper versions are being run.
     
    chaslang, Nov 25, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I just noticed you have Smart Defrag installed and have a task setup for it. You may want to look into disabling this and see if it has any effect.
     
    chaslang, Nov 25, 2009
    #4
  5. BanjomanCO

    BanjomanCO Private E-2

    While waiting, I ran some other root kit hunting software, and have now uninstalled it along with Smart Defrag and PC Doctor (full version). Never used Threatfire. Sorry about the missing logs. I attached them on a post last month and you guys seemed OK with those. I used the same versions again. If we go further, I will redo the entire sequence and attach all. :-o

    When the pattern showed up, it was listed in applications with one of those generic-sounding names, maybe svchost.exe. When I deleted it, the cyclic peaks disappeared. I also lost Internet access until a reboot.

    Right now, the cyclical pattern is not showing up. It has faded away before. Let's hope this time its for good. :confused
     
    BanjomanCO, Nov 25, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but the programs versions and databases change everyday and we need to know what you are running which is why it stated to attach all logs. If you used the same versions as last time without updating then you are out of date.

    NO! We specifically tell you not to do this too. You just need to attach the logs we asked for and then we will tell you what you need to do.

    svchost.exe is a valid process when running from the system32 folder. There are many reasons ( even non-malware ) that cause it to eat up CPU time.

    Let me know in your next post.
     
    chaslang, Nov 28, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds