CPU usage question.

Printable View

March 2nd, 2006, 11:41 AM
hmmm

CPU usage question.

Task Manager shows that my System Idle Process is running in 80s and 90s.
As soon as I open a program CPU of that particular program goes sky high. For instance at the moment I am listening some music via WMP and the CPU is running between 10-30. But if I try to open another program CPU will rocket. And obviously it will take long time to open.
This behavior has only started recently. No software were installed apart from windows critical updates.

I have Windows Defender, Spy Bot Search and Destroy, Spywareblaster, Ad-Aware se Personal, Crap Cleaner and Avg 7.1.375. They all are updated and checked. I also run House Doctor (online) last night. Clean bill all around.
What might be the problem please?
Thank you.
March 2nd, 2006, 12:00 PM
dunedin

Hello hmmm :)

Here are a couple of things to check for starters

1. Disconnect all unnecessary peripheral devices and cards (but not the video card) and see if it still happens. If it is better, start replacing things one at a time until you find the culprit
I have known a faulty network card to do this.

2. Turn off everything running in the background such as Automatic Updates

3. Check msconfig for unnecessary entries. The site below will tell you what everything is and whether you should disable it

Start/Run/ msconfig
Startup
Keep the page open then go to link below.

http://www.sysinfo.org/startupinfo.html

Read the Key at foot of page, then click on "Here" at top. Use the Search box to check all your entries

Elaine
March 7th, 2006, 03:06 AM
hmmm

Dunedin,
Thank you for your answer and please accept my apologies that I could not answer you quicker but I was away.
I did follow your instructions yesterday but unfortunately no luck. MY CPU still going so high every time I open a program.
As I said in my original message I have Windows Defender, Spy Bot Search and Destroy, Spywareblaster, Ad-Aware se Personal, Crap Cleaner and Avg 7.1.375. They CAN NOT find any intruder.
BUT last night I downloaded "AdwareAlert" and run it. It found attached intruders and asking me to pay $19.95 to buy the product.
For the life of me I CAN NOT understand why all the other reputable products can not find anything but AdwareAlert can?
Advise more than appreciated.
Thank you.
https://discussions.virtualdr.com/im...2006/03/11.jpg
March 7th, 2006, 07:32 AM
dunedin

There are so many different kinds of nasties around that one particular program is not programmed to find them all.

You have run a wide range of cleaners but AdwareAlert thinks it has found others. Now, this can be true, or it can be a "false positive" identification, so I`m afraid you will have to run some more scans to double check its findings.

AdwareAlert found
Adaware
Limewire (are you using this program)
Browser Helper
Trojandownloader.

Run these free online scans
Panda http://www.pandasoftware.com/actives..._principal.htm

Trojan Scan http://www.windowsecurity.com/trojanscan/

Download SpySweeper
http://www.webroot.com/consumer/products/spysweeper/

I like this program. It is not free but you get a free trial for 2 weeks. Remember to update it before running.

Take a note of anything all of them find and let them fix everything.
We can compare what they find with what AdwareAlert reported.

When you have finished cleaning up I`d advise you to uninstall AdwareAlert. Programs which offer free downloads, scan your system and then ask for money before removing anything, are just not to be encouraged. (in my opinion)

We`ll see what is happening with the CPU once we are sure your system is clean

Elaine
March 7th, 2006, 08:01 AM
hmmm

Thank you for your prompt reply Elaine,
Yes, I do use Limewire from time to time but I have not used it for about 2 months.
At the moment I am running HouseCall (online) by Trend Micro. I'll see what the results will be.
Following your advice I shall run Panda and Trojan Scan online. I will also download and run SpySweeper.
I will let you know the results.
Thank you again.
Ergin
March 7th, 2006, 10:05 AM
dunedin

I`m happy to help :)

One thing to look out for, AdwareAlert says you have

Win32 Swizzor w (This Downloader is also known as Adware/Lop)

If the scans don`t find it, SpySweeper will, if it is there

Happy hunting :)
Elaine
March 7th, 2006, 10:48 AM
hmmm

Thank you Elaine,
Online TrojanScan DID NOT find anything.

HouseCall(online)MicroTend found below and removed it.
https://discussions.virtualdr.com/im...2006/03/14.jpg

Downloaded SpySweeper, run it and found below. But unless you buy it it will not remove them
https://discussions.virtualdr.com/im...2006/03/12.jpg

I will run Panda now.

Thank you
March 7th, 2006, 11:27 AM
dunedin

Well, that`s very strange about SpySweeper.
I was using the trial version last month and it removed everything it found.

It found “ukvideo”, another Trojan horse with a very high risk rating. You must now try to find that and remove it. It could be what is hijacking your CPU. The rest were just cookies.

This scan says it removes “ukvideo” and I think it might also find “Swizzor”
Pest Patrol Anti-Spyware
http://www.pestpatrol.com/prescan.htm

Then search your system for “ukvideo2.exe” and “Swizzor” Delete them if still there

Elaine
March 7th, 2006, 01:40 PM
hmmm

Hi Elaine,
Here is what Panda says. It will not remove it unless you buy it.

Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\twh8rmwy.default\cookies.txt[]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt[82763522]
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\system32\UKVideo2-uninstall.exe

PestPetrol only found "limewire" and "Adware.sqwire". This program will not remove anything either unless it is purchased.

In my hard driveI found ukvideo2-unistall.exe. I am totally amazed that it was created on 18/08/2002??????

Can I go anywhere from here?

Thank you.
March 7th, 2006, 03:14 PM
dunedin

I can`t understand what is happening to you with these scans/programs. :confused: They should remove the malware they find.

Panda is an online scan, you can`t buy it. It is a free service to disinfect your machine.
Maybe you have clicked on their products on the left hand side and downloaded their program which is not free.

If you go to the link I provided and click the “Scan Your PC” option (middle of page with little green bar running along it), you will have to download activeX controls for the scan to run. Watch out for this under the title bar of the window which opens.
Then you are asked what to scan, so chose “My Computer” and off it goes.

Is this what you did? It should give you the option to remove this trojan at the end of the scan.

Then check again if it is gone from your machine.
You can uninstall it yourself, but there will be registry entries to clean out, so please try Panda again :)

Elaine
March 8th, 2006, 04:01 AM
hmmm

Good Morning Elaine,
I did exactly what you recommended. After downloading ActiveX, on the small window (top right hand side) with a small block letters it says.....
"ActiveScan only disinfects viruses. To disinfect all threats, buy or try a recommended security product."
I feel rather guilty to take so much of your time.
I suppose I ought to buy one of these products, don't you think?
Thank you.
March 8th, 2006, 08:45 AM
dunedin

And a good morning to you too :)

Please don`t feel guilty. I don`t mind at all. I would not come here to help if I minded. :)

I don`t think you need to buy anything yet. It is always possible to clean up without having to purchase anything. You just seem to be having a few more problems than normal. :)

Now, this one removes all the junk it finds,for sure
It is a fully functioning 14 day trial of the program. After 14 days some of the options disappear, but I hope we will have you sorted by then. :D

Ewido anti-malware.
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.
Run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

You might have noticed that there is a forum here called "HijackThis Logfiles". This forum is dedicated to removing malware which resists all removal tools. So, if we cannot get these nasties cleaned up with Ewido, I will tell you how to submit your problems there. The people there are experts and have other tools/instructions which will definitely fix this for you.

Uninstall all these programs which have not been of use, install and run Ewido and let me know how that goes. If it is not successful I`ll kick you over to the HijackThis forum :D

Elaine
March 8th, 2006, 12:32 PM
hmmm

Hi Elaine,
I downloaded, updated Ewido and did a full scan.
Here is the full result.
Thank you.

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:24:42, 08/03/2006
+ Report-Checksum: F8028C8B

+ Scan result:

:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\twh8rmwy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\twh8rmwy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\083ybjjh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

::Report End
March 8th, 2006, 01:06 PM
dunedin

Well, that`s not much good as it has only found tracking cookies. :( It is good that it has found and removed them, but you know what I mean.

There are a lot of instructions to read before running HijackThis, but with all you have done lately, you more than meet their criteria.
You have already run the programs/scans necessary so just follow exactly the instructions on how to download and run HijackThis

Instructions
http://discussions.virtualdr.com/sho...d.php?t=167915

HijackThis forum. Post the log here
http://discussions.virtualdr.com/for...aysprune=&f=71

Start off with a couple of lines about your high CPU usage and that AdwareAlert identified a Trojan downloader but would not clean it.
Then paste your log underneath.

I am sorry this has taken so long, but I thought one of the programs or scans we used would have fixed it.

The people there are very good, so just follow all their advice and they will fix it for you.

Good luck
Elaine
March 8th, 2006, 01:40 PM
hmmm

Thank you so much Elaine, you have been marvellous.
I shall take your advice and try HijackThis.
Take care please.
March 8th, 2006, 03:45 PM
dunedin

It was a pleasure :)

I hope the queue is not too long just now in that forum.
It is always very busy......a sad reflection on the state of the Internet :(

Don`t worry, they will fix it for you.

Elaine