Something devouring my ram?

Discussion in 'Malware Help (A Specialist Will Reply)' started by tpmwr, Jul 9, 2010.

  1. tpmwr

    tpmwr Private E-2

    I am having a extremely curious problem and I am not quite sure what to do. I am usually the guy fixing people's malware problems and I have actually never posted on a forum for help myself, but this is just weird as can be. Even with 3 years of Geek Squad and 25 years of computer experience I can't even begin to touch down on what is going on.

    I am running a system with Windows 7 x64 7600, AMD X4 920 2.8Ghz, 8GB of RAM. I have been using this install since the week 7 was released and this is the first time I have been having problems with my install (started about 2 weeks ago). Upon boot the system is using ~1.73 of RAM. At first during normal use it would stay in the 2~3 range and then go back to about 1.8~2 when I closed any applications. I would leave it alone for the night and come back to it using 7.97GB of ram and the system unstable. Lately it is starting to just eat RAM at about 1GB per hour. If I get lucky it might start to slowdown it's consumption.

    I have currently ran:

    Malwarebytes Anti-Malware
    SUPERAntiSpyware
    AVG
    AntiVir
    Kaspersky Antivirus
    HijackThis
    Trend Micro
    Adaware

    And have come up with little to nothing besides tracking cookies and files that are clearly not viruses (mostly reverse engineered and then recompiled DLL files). Unfortunatally since I am uninstalling all of these after use (to make sure they don't touch any RAM) I did not have the log files (I read the directions after doing all of these). I am attaching the Malwarebyte's log and rerunning SUPERAntiSpyware as we speak. I will run MGTools directly after.

    I have also ran Resource Monitor and Process Explorer. I have yet to find any application consuming unnatural amount of memory. I haven't installed anything unusual in the past months, as a matter of fact I have been on an almost 2 month vacation in which the system ran the whole two months with 0 reboots and 0 ram issues. I also haven't installed any strange media into my computer since returning (CD-Rom, USB, etc), I also have any forms of Auto-Play turned completely off. All of my downloads have come for completely trusted rapidshare communities. I also have all Java disabled through Adobe Reader to prevent browser oriented viruses.

    I am really not sure what to do but with 852GB/1TB in use on my base drive and 0.3TB/8TB free space on my externals this is NOT an oppertune time to try to back things up and install fresh. I am less then thrilled with this issue, any help would be great.

    -Anthony
     

    Attached Files:

    tpmwr, Jul 9, 2010
    #1
  2. tpmwr

    tpmwr Private E-2

    Updating with MGTools and SUPERAntiSpyware logs

    SUPERAntiSpyware claimed traces of Vundo but they were not running and no Vundo tools found anything. Rebooted after all of these, still no such luck.
     

    Attached Files:

    tpmwr, Jul 10, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest that you first stop Utorrent from running at startup. You can use this to control your startup programs:
    Startup_CPL

    I strongly advise you to cleanup your Desktop. Remove everything but links to run programs. Do not download and save programs here and definitely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    Now use windows explorer to find and delete:
    C:\Windows\tasks\Ad-Aware Update (Daily 1).job
    C:\Windows\tasks\Ad-Aware Update (Daily 2).job
    C:\Windows\tasks\Ad-Aware Update (Daily 3).job
    C:\Windows\tasks\Ad-Aware Update (Daily 4).job
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-935934072-855267143-25584741-1001Core.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-935934072-855267143-25584741-1001UA.job

    Also, you need to run CCLeaner and then make sure you have removed everything in this folder:
    C:\Users\Anthony\Local Settings\TEMP\

    The scans appear to have taken care of any malware in your system, so I would suggest that after doing the above, you may wish to post in the software forum concerning your RAM issue.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:

     
    TimW, Jul 11, 2010
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds