GeekPolice Tech TutorialsLog in

 

explorer.exe using 100% cpu

Share

descriptionRe: explorer.exe using 100% cpu

more_horiz
So SuperDave, 4 days and 15 cleaner programs later and I don't see an end in sight. I am shopping around for a good Linux OS. It will be sad to lose my wife's Office suite because she is learning how to use it from one of my school books, but to not have to go through this it's worth it. I sure do appreciate your time and effort, and have much respect for someone that can deal with this garbage day in and day out. It sure makes me wonder why people use Microsoft at all. 8 years using a Mac and never having anti anything, but 4 years with MS with antivirus and here I am. The first one I removed myself, but this one is way beyond my knowledge. I guess if the market was different the ignorant creators of these things would find a way, but I don't think they would ever be as bad as they are on a Gates machine. And my professor asked me why I don't want to learn .Net, because I don't want to use windows silly professor.

So my question is, IF I can get this virus off my windows machine, will it ever run the same again. It just took me 11 hours to save my pictures and videos, way too long, but from what I have read about these viruses it seems like there are going to be many side effects even after removal. I don't know if I have a restore disc anymore, I lost a lot of stuff in a tornado in 2011, so I don't think I can just wipe it and reinstall vista.

My other question is the stuff that I am putting on my external drive, is it going to bring the virus with it?

descriptionRe: explorer.exe using 100% cpu

more_horiz
IF I can get this virus off my windows machine, will it ever run the same again. It just took me 11 hours to save my pictures and videos, way too long, but from what I have read about these viruses it seems like there are going to be many side effects even after removal.

Yes, if we can get it cleaned it should be the same with no side effects.
My other question is the stuff that I am putting on my external drive, is it going to bring the virus with it?.

Not likely but they should be scanned your your AV and MBAM before putting them back on the computer.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

Last edited by Superdave on 27th March 2014, 7:33 pm; edited 1 time in total

descriptionheres the report

more_horiz
Here is the report

descriptionRe: explorer.exe using 100% cpu

more_horiz
P2P - I see you have P2P software installed on your machine. (Ares) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
This is how your computer was most likely infected.
When I opened the task manager there were 8 explorer.exe with 100% CPU and 97% of the memory taken.

The next time this happens try closing all but one of them, one at a time and let me know what's happening.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

descriptionRe: explorer.exe using 100% cpu

more_horiz
I appreciate you pointing this out to me. I don't know if this came installed on my computer or if one of us installed it. As far as I know no one uses it, at least we don't do any file sharing, just streaming sometimes. I will get rid of it, and run bitdefender. The only way I have been able to get any of these to run not in safe mode is to sit in front of the computer and close the explorer.exe as they appear. Once I let more than 3 or 4 run the computer just freezes and the scanner fights to get 1% of the cpu. That was what happened last night with the online scanner. It wouldn't let me keep the task manager opened, and then the whole thing just stopped working. I believe that this virus multiplies itself. The first time I ran the malewarebytes it removed 150 files running in normal mode and the scan took 3 hours. So the next time I ran it in safe mode and it took 23 minutes and removed 109. The next day was when I realized that it was still there and contacted you.

descriptionRe: explorer.exe using 100% cpu

more_horiz
So, I ran bitdefender and my computer is CLEAN. How can that be? I did have the task manager open to watch and nothing happened.

Riddle me this, I burned a copy of Xubuntu and ran the tryme version that boots from the disk to see if my wife would be ok with it. When I rebooted the computer to do this scan it booted into something I've never seen and asked me if I want to resume booting from some point for boot or delete restore and go back to system restore. I picked the second hoping I didn't guess wrong and it seems to be fine now. That is very strange.

Also, I can't find what you were talking about Ares, my computer is an Asus and there are a bunch of Asus programs.

Do you have any free antivirus programs that you recommend. We had Norton when we bought this thing but it made the whole system run slow, and then the last 3 months of our subscription it would send a popup every 5 minutes to tell us to renew, so we didn't. We had Avira on here when this happened, and it seemed ok, but not good enough to stop this.


OH YEAH, And thank you sooooo MUCH!!! You really are SUPER.

descriptionRe: explorer.exe using 100% cpu

more_horiz
Never mind, bit defender just doesn't see it, it is happening right now and I reran bitdefender and it still says it's clean.

descriptionRe: explorer.exe using 100% cpu

more_horiz
Can you please update and run MBAM in Normal mode, if possible?

Do you have any external storage devices plugged into that computer?
Are there any accounts on this computer?


Download Windows Repair (all in one) from this site
Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:



Go to Step 4 and under "System Restore" click on Create button:



Go to Start Repairs tab and click Start button.



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.
*********************************************
Please try clean boot to see if that makes any difference.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

descriptionRe: explorer.exe using 100% cpu

more_horiz
So I ran mbam in normal mode but it froze up so I opened the task manager and when it finally opened there were 7 explorer.exe's running and 100% cpu and 99% of the memory. After getting a few of them deleted the scan finished and the computer was CLEAN?! according to them. I then ran the other tool which took a few hours and it says it fixed several things but also said there are things that it couldn't fix and it is in the log that I haven't looked at yet. I have not tried the clean boot yet because I was running the others until 1am and had to go to work today. Do you want me to attach the log from the last tool I ran?

No accounts on the computer, and no storage devices. I had one attached just to back up some of my photos in case I lose windows and have to get some linux distro.

Last edited by ripper1028 on 29th March 2014, 9:26 pm; edited 1 time in total (Reason for editing : forgot to answer questions.)

descriptionRe: explorer.exe using 100% cpu

more_horiz
Yes, I would like to see that log.

descriptionRe: explorer.exe using 100% cpu

more_horiz
I am sorry Dave, I have been trying to find the log for an hour and I have no Idea where it was saved. If you have any idea that would be helpful.

descriptionFound Logs

more_horiz
I opened the program again and found where to look in the settings. There are several files though, so I am going to attach a zip folder with all the .txt files from last night.

I went through some of it, and I also found a windows log while searching. The windows log had warnings starting on the 23rd about a proxy, but most of the rest I didn't understand. These logs from last night showed a bunch of registry key warnings but that was all i really got out of it.

descriptionRe: explorer.exe using 100% cpu

more_horiz
Download this file: ZbotKiller.zip

Save it to your Desktop. Right-click on it, and click Extract All...

Follow the prompts to get it saved to your Desktop.

There should be a new folder called ZBOTKiller on your Desktop that is not zipped.

Then, open Notepad and enter in the following:

Code:

zbotkiller.exe -y -l report.txt -v


Then, click File > Save as...

In the file name box, enter in zbotkiller.bat

Choose Save as type... All Files.

The location will be the new ZBOTKiller folder located on your Desktop.

Once you have it saved correctly, exit Notepad.

Go to the new ZBOTKiller folder and double-click on ZBOTKiller.bat

It will create a log. Please post the log in your next reply.

descriptionlog is too long

more_horiz
I tried to break it up in half and then quarters and then thought maybe I will just attach it.

descriptionRe: explorer.exe using 100% cpu

more_horiz
Any change?
Permissions in this forum:
You cannot reply to topics in this forum