Stupid Malware...

markmarc

At this point I'd vote for a nuke and repave job on the hard drive. I do it 2x a year on my two Windows machines. Amazing what kind of crapola worms its way inside those machines, even with all the protection programs.

Serendipity

sucks2beme wrote: »

Sounds more like a program that didn't like something already on your machine. Uninstall the latest programs, and then roll back your system to a restore point back a month or so ago.

I don't have System Restore enabled on this computer, but I definitely think you're onto something.

Which program do you think is the problem?

nms

System restore is mostly for correcting hardware configuration errors, like if you install a new piece of hardware and the computer refuses to boot.

There's a lot of repetitive advice in this thread. IF, and that's a big if, explorer.exe is the only program that pegs your CPU at 100%, it's most likely infected with something. Depending on what version of windows you are running and if you have a installation disk, it may be possible to boot off the disk and use the repair console to replace explorer.exe with a fresh copy. If you're not familiar with DOS this might be impossible for you (even with my experience, I'm not sure I could convince the repair console to do this).

However, this may not be possible, and it may not solve your problem. The easiest and most sure-fire solution is to wipe the drive. Make sure you've got all your drivers and vital programs on CDs before you do this.

Serendipity

What's strange is that the system shows NO symptoms of spyware - none of the usual pop-up ads, browser hijacking, spam emails or anything like that.

The only thing is the CPU usage is pegged at 100% and the HDD light is solid once the system gets past the Windows "Welcome" screen. It's definitely doing something in the background, it feels that way.

nguyendot

Try sophos anti-rootkit. Sounds like you have a rootkit, which may not show up on the normal scanners such as malwarebytes.

Systems

appadv wrote: »

What's strange is that the system shows NO symptoms of spyware - none of the usual pop-up ads, browser hijacking, spam emails or anything like that.

The only thing is the CPU usage is pegged at 100% and the HDD light is solid once the system gets past the Windows "Welcome" screen. It's definitely doing something in the background, it feels that way.

And does it stay that way? Have you ever just left it alone and see if eventually stops?

bigaudiofanatic

markmarc wrote: »

At this point I'd vote for a nuke and repave job on the hard drive. I do it 2x a year on my two Windows machines. Amazing what kind of crapola worms its way inside those machines, even with all the protection programs.

One reason why I am 5 year mac user. Say what you want but I do not worry about crap like this lol. I agree nuke the hard drive. Also once a year will suffice.

WilliamM2

Run msconfig, and take a screenshot shot of your startup programs.

WilliamM2

bigaudiofanatic wrote: »

Honestly if you are still having trouble and have nothing you need on the drive. Wipe it out and start fresh that is what my teacher recommends for my computer class.

Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

Fongolio

I'm going to ask the question not yet asked. How much RAM do you have? It appears as though you only have 1 gig. If you are running Vista or XP on less than 2 gigs of RAM the OS, video and networking could be using all available resources and then going to the hard drive for virtual memory and thus making the CPU run nearly all the time. Two gigs of RAM is pretty much essential for smooth operation. A 1 gig stick is cheap and whether or not it fixes this problem, you need it if you are only running with 1 gig now.

nms

Fongolio wrote: »

I'm going to ask the question not yet asked. How much RAM do you have? It appears as though you only have 1 gig. If you are running Vista or XP on less than 2 gigs of RAM the OS, video and networking could be using all available resources and then going to the hard drive for virtual memory and thus making the CPU run nearly all the time. Two gigs of RAM is pretty much essential for smooth operation. A 1 gig stick is cheap and whether or not it fixes this problem, you need it if you are only running with 1 gig now.

I've run XP on less than 256 MB of RAM. Having more than 1 GB of RAM is NOT essential. Where have you seen 2 GB as a recommended minimum for XP?

nguyendot

It sure doesn't hurt to have 2gig with the 12353234 updates currently out for xp.

bobman1235

He barely has any programs installed or running based on his screenshots, he certainly doesn't need more than a gig of RAM just to run the OS.

inspiredsports

In some cases I've it is helpful to unplug your internet connection when your CPU is running at 100% as most malware is trying to "phone home" via TCP/IP.

If the CPU settles down soon after disconnecting, it's a good indication a reinstall is in order.

Serendipity

inspiredsports wrote: »

In some cases I've it is helpful to unplug your internet connection when your CPU is running at 100% as most malware is trying to "phone home" via TCP/IP.

If the CPU settles down soon after disconnecting, it's a good indication a reinstall is in order.

Yes, the CPU settles down after I unplug the ethernet cable. Same for the HDD activity too!!

sucks2beme

WilliamM2 wrote: »

Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

Because that's what 90% of IS departments are doing. They build a standard
image for their desktops and laptops. You come in, they swap drives to
one on the "standard" image, and set up your email and pc login. Sorry about your data.
They then reimage the old drive if good, or trash it if it
isn't.

Doing backups and restore points (no it's not just for drivers) gives
you the ability to get going again fast. Or at a bare minimum, get a usb
drive and copy over your personal files. How many out there have the
Windows disks, drivers, other programs, or keycodes to put them back in?

I'd start with backing up your files, then run disk utilities to make sure it's not
on the edge of a major failure. At that point, gather up your programs and
documents to make sure you can even re-install your software.

sucks2beme

nms wrote: »

I've run XP on less than 256 MB of RAM. Having more than 1 GB of RAM is NOT essential. Where have you seen 2 GB as a recommended minimum for XP?

At 256 you're just about crawling. 1g is just about minimum for running XP and
some protection programs without killing your hard drive with all the diskswapping that will occur.

Serendipity

WilliamM2 wrote: »

Run msconfig, and take a screenshot shot of your startup programs.

Here you go:

This is what I had before switching antivirus programs... basically without Kaspersky installed yet.

Face

I couldn't imagine XP with less than 3 gigs.

Serendipity

Face wrote: »

I couldn't imagine XP with less than 3 gigs.

You've used this computer before. Remember how I thought it used the same charger as yours?

bigaudiofanatic

WilliamM2 wrote: »

Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

Because SOME malware is such a pain and gets so deep into the system that it is almost impossible to remove. Plus it would be much easier. Also considering he might not want to go into the registery and start playing around in there I say whipe it and I agree with my teacher. My sister had one that I messed with for literally 4 days straight never got it fully removed so I wiped it clean and started fresh. Her BF removed all the ant malware and all that I had on it one reason she probably got it all the stuff she downloads. Malware is that powerful that it can rebuild files that you remove and so on. Once it gets to a certain point it is not worth trying to remove.

Serendipity

What's making me feel uncomfortable is that when you unplug the ethernet cable, the 100% CPU activity and constant disk activity stops. It doesn't stop immediately, but eventually it stops.

Is this a sign of something bad running in the background?

dee1949

....you might be part of a botnet. ....

http://en.wikipedia.org/wiki/Botnet

"It has been estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet.[4]"

http://www.networkworld.com/news/2009/072209-botnets.html

Serendipity

Is there a reason software such as Kaspersky antivirus and Malwarebytes can't detect this?

I also tried AVG Free and it was useless.

dee1949

...antibot software

http://pcworld.about.com/od/securitysoftware/Symantec-Releases-Beta-of-Nort.htm

...read #5

http://blogs.techrepublic.com.com/10things/?p=448

bigaudiofanatic

appadv wrote: »

What's making me feel uncomfortable is that when you unplug the ethernet cable, the 100% CPU activity and constant disk activity stops. It doesn't stop immediately, but eventually it stops.

Is this a sign of something bad running in the background?

In a word yes

John30_30

appadv wrote: »

Is there a reason software such as Kaspersky antivirus and Malwarebytes can't detect this?

I also tried AVG Free and it was useless.

I saw you had Instant Messenger installed. Try uninstalling that, it's not malware per se, just very **** software. AOL, capeesh?

If that was the issue, look around for an older version to install.

bobman1235

There are plenty of third-party IM clients that handle the AIM protocol; I've had good luck with both Digsby and Pidgin.

BUT, if those were the problem I would think they would be hogging the system resources, NOT explorer.exe.

Jstas

WilliamM2 wrote: »

Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

Because you can staff an "IT department" with reload monkeys cheaper than you can with engineers that actually know what they are doing. This mentality is the classrooms is why it's so difficult effectively staff an IT Department anymore.

I haven't reloaded a machine due to malware, viruses, spyware or trojans since Windows '95, when I didn't know any better.

Jstas

Oh and:

Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows Shell, or simply “Explorer”.

Killing explorer.exe stops traffic because you are killing the root process behind the Windows OS GUI. When you kill it, it forces a dump of memory and then Windows scrambles to restart every process associated with the GUI because they all just lost their connection to explorer.exe. Since it is the shell for Windows, it's a critical component to process management on a Windows system. Losing explorer.exe can cause other programs to crash out as well.