Stupid Malware...

2456

Comments

  • markmarc
    markmarc Posts: 2,309
    edited October 2009
    At this point I'd vote for a nuke and repave job on the hard drive. I do it 2x a year on my two Windows machines. Amazing what kind of crapola worms its way inside those machines, even with all the protection programs.
    Review Site_ (((AudioPursuit)))
    Founder/Publisher Affordable$$Audio 2006-13.
    Former Staff Member TONEAudio
    2 Ch. System
    Amplifiers: Parasound Halo P6 pre, Vista Audio i34, Peachtree amp500, Adcom GFP-565 GFA-535ii, 545ii, 555ii
    Digital: SimAudio HAD230 DAC, iMac 20in/Amarra,
    Speakers: Paradigm Performa F75, Magnepan .7, Totem Model 1's, ACI Emerald XL, Celestion Si Stands. Totem Dreamcatcher sub
    Analog: Technics SL-J2 w/Pickering 3000D, SimAudio LP5.3 phono pre
    Cable/Wires: Cardas, AudioArt, Shunyata Venom 3
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    sucks2beme wrote: »
    Sounds more like a program that didn't like something already on your machine. Uninstall the latest programs, and then roll back your system to a restore point back a month or so ago.

    I don't have System Restore enabled on this computer, but I definitely think you're onto something.

    Which program do you think is the problem?
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • nms
    nms Posts: 671
    edited October 2009
    System restore is mostly for correcting hardware configuration errors, like if you install a new piece of hardware and the computer refuses to boot.

    There's a lot of repetitive advice in this thread. IF, and that's a big if, explorer.exe is the only program that pegs your CPU at 100%, it's most likely infected with something. Depending on what version of windows you are running and if you have a installation disk, it may be possible to boot off the disk and use the repair console to replace explorer.exe with a fresh copy. If you're not familiar with DOS this might be impossible for you (even with my experience, I'm not sure I could convince the repair console to do this).

    However, this may not be possible, and it may not solve your problem. The easiest and most sure-fire solution is to wipe the drive. Make sure you've got all your drivers and vital programs on CDs before you do this.
    My system

    "The world is an ever evolving clusterf*ck." --treitz3
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    What's strange is that the system shows NO symptoms of spyware - none of the usual pop-up ads, browser hijacking, spam emails or anything like that.

    The only thing is the CPU usage is pegged at 100% and the HDD light is solid once the system gets past the Windows "Welcome" screen. It's definitely doing something in the background, it feels that way.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • nguyendot
    nguyendot Posts: 3,594
    edited October 2009
    Try sophos anti-rootkit. Sounds like you have a rootkit, which may not show up on the normal scanners such as malwarebytes.
    Main Surround -
    Epson 8350 Projector/ Elite Screens 120" / Pioneer Elite SC-35 / Sunfire Signature / Focal Chorus 716s / Focal Chorus CC / Polk MC80 / Polk PSW150 sub

    Bedroom - Sharp Aquos 70" 650 / Pioneer SC-1222k / Polk RT-55 / Polk CS-250

    Den - Rotel RSP-1068 / Threshold CAS-2 / Boston VR-M60 / BDP-05FD
  • Systems
    Systems Posts: 14,873
    edited October 2009
    appadv wrote: »
    What's strange is that the system shows NO symptoms of spyware - none of the usual pop-up ads, browser hijacking, spam emails or anything like that.

    The only thing is the CPU usage is pegged at 100% and the HDD light is solid once the system gets past the Windows "Welcome" screen. It's definitely doing something in the background, it feels that way.

    And does it stay that way? Have you ever just left it alone and see if eventually stops?
    Testing
    Testing
    Testing
  • bigaudiofanatic
    bigaudiofanatic Posts: 4,415
    edited October 2009
    markmarc wrote: »
    At this point I'd vote for a nuke and repave job on the hard drive. I do it 2x a year on my two Windows machines. Amazing what kind of crapola worms its way inside those machines, even with all the protection programs.

    One reason why I am 5 year mac user. Say what you want but I do not worry about crap like this lol. I agree nuke the hard drive. Also once a year will suffice.
    HT setup
    Panasonic 50" TH-50PZ80U
    Denon DBP-1610
    Monster HTS 1650
    Carver A400X :cool:
    MIT Exp 3 Speaker Wire
    Kef 104/2
    URC MX-780 Remote
    Sonos Play 1

    Living Room
    63 inch Samsung PN63C800YF
    Polk Surroundbar 3000
    Samsung BD-C7900
  • WilliamM2
    WilliamM2 Posts: 4,780
    edited October 2009
    Run msconfig, and take a screenshot shot of your startup programs.
  • WilliamM2
    WilliamM2 Posts: 4,780
    edited October 2009
    Honestly if you are still having trouble and have nothing you need on the drive. Wipe it out and start fresh that is what my teacher recommends for my computer class.

    Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.
  • Fongolio
    Fongolio Posts: 3,516
    edited October 2009
    I'm going to ask the question not yet asked. How much RAM do you have? It appears as though you only have 1 gig. If you are running Vista or XP on less than 2 gigs of RAM the OS, video and networking could be using all available resources and then going to the hard drive for virtual memory and thus making the CPU run nearly all the time. Two gigs of RAM is pretty much essential for smooth operation. A 1 gig stick is cheap and whether or not it fixes this problem, you need it if you are only running with 1 gig now.
    SDA-1C (full mods)
    Carver TFM-55
    NAD 1130 Pre-amp
    Rega Planar 3 TT/Shelter 501 MkII
    The Clamp
    Revox A77 Mk IV Dolby reel to reel
    Thorens TD160/Mission 774 arm/Stanton 881S Shibata
    Nakamichi CR7 Cassette Deck
    Rotel RCD-855 with modified tube output stage
    Cambridge Audio DACmagic Plus
    ADC Soundshaper 3 EQ
    Ben's IC's
    Nitty Gritty 1.5FI RCM
  • nms
    nms Posts: 671
    edited October 2009
    Fongolio wrote: »
    I'm going to ask the question not yet asked. How much RAM do you have? It appears as though you only have 1 gig. If you are running Vista or XP on less than 2 gigs of RAM the OS, video and networking could be using all available resources and then going to the hard drive for virtual memory and thus making the CPU run nearly all the time. Two gigs of RAM is pretty much essential for smooth operation. A 1 gig stick is cheap and whether or not it fixes this problem, you need it if you are only running with 1 gig now.

    I've run XP on less than 256 MB of RAM. Having more than 1 GB of RAM is NOT essential. Where have you seen 2 GB as a recommended minimum for XP?
    My system

    "The world is an ever evolving clusterf*ck." --treitz3
  • nguyendot
    nguyendot Posts: 3,594
    edited October 2009
    It sure doesn't hurt to have 2gig with the 12353234 updates currently out for xp.
    Main Surround -
    Epson 8350 Projector/ Elite Screens 120" / Pioneer Elite SC-35 / Sunfire Signature / Focal Chorus 716s / Focal Chorus CC / Polk MC80 / Polk PSW150 sub

    Bedroom - Sharp Aquos 70" 650 / Pioneer SC-1222k / Polk RT-55 / Polk CS-250

    Den - Rotel RSP-1068 / Threshold CAS-2 / Boston VR-M60 / BDP-05FD
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    He barely has any programs installed or running based on his screenshots, he certainly doesn't need more than a gig of RAM just to run the OS.
    If you will it, dude, it is no dream.
  • inspiredsports
    inspiredsports Posts: 5,501
    edited October 2009
    In some cases I've it is helpful to unplug your internet connection when your CPU is running at 100% as most malware is trying to "phone home" via TCP/IP.

    If the CPU settles down soon after disconnecting, it's a good indication a reinstall is in order.
    VTL ST50 w/mods / RCA6L6GC / TlfnknECC801S
    Conrad Johnson PV-5 w/mods
    TT Conrad Johnson Sonographe SG3 Oak / Sumiko LMT / Grado Woodbody Platinum / Sumiko PIB2 / The Clamp
    Musical Fidelity A1 CDPro/ Bada DD-22 Tube CDP / Conrad Johnson SD-22 CDP
    Tuners w/mods Kenwood KT5020 / Fisher KM60
    MF x-DAC V8, HAInfo NG27
    Herbies Ti-9 / Vibrapods / MIT Shotgun AC1 IEC's / MIT Shotgun 2 IC's / MIT Shotgun 2 Speaker Cables
    PS Audio Cryo / PowerPort Premium Outlets / Exact Power EP15A Conditioner
    Walnut SDA 2B TL /Oak SDA SRS II TL (Sonicaps/Mills/Cardas/Custom SDA ICs / Dynamat Extreme / Larry's Rings/ FSB-2 Spikes
    NAD SS rigs w/mods
    GIK panels
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    In some cases I've it is helpful to unplug your internet connection when your CPU is running at 100% as most malware is trying to "phone home" via TCP/IP.

    If the CPU settles down soon after disconnecting, it's a good indication a reinstall is in order.

    Yes, the CPU settles down after I unplug the ethernet cable. Same for the HDD activity too!!
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • sucks2beme
    sucks2beme Posts: 5,602
    edited October 2009
    WilliamM2 wrote: »
    Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

    Because that's what 90% of IS departments are doing. They build a standard
    image for their desktops and laptops. You come in, they swap drives to
    one on the "standard" image, and set up your email and pc login. Sorry about your data.
    They then reimage the old drive if good, or trash it if it
    isn't.

    Doing backups and restore points (no it's not just for drivers) gives
    you the ability to get going again fast. Or at a bare minimum, get a usb
    drive and copy over your personal files. How many out there have the
    Windows disks, drivers, other programs, or keycodes to put them back in?

    I'd start with backing up your files, then run disk utilities to make sure it's not
    on the edge of a major failure. At that point, gather up your programs and
    documents to make sure you can even re-install your software.
    "The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson
  • sucks2beme
    sucks2beme Posts: 5,602
    edited October 2009
    nms wrote: »
    I've run XP on less than 256 MB of RAM. Having more than 1 GB of RAM is NOT essential. Where have you seen 2 GB as a recommended minimum for XP?

    At 256 you're just about crawling. 1g is just about minimum for running XP and
    some protection programs without killing your hard drive with all the diskswapping that will occur.
    "The legitimate powers of government extend to such acts only as are injurious to others. But it does me no injury for my neighbour to say there are twenty gods, or no god. It neither picks my pocket nor breaks my leg." --Thomas Jefferson
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    WilliamM2 wrote: »
    Run msconfig, and take a screenshot shot of your startup programs.

    Here you go:

    This is what I had before switching antivirus programs... basically without Kaspersky installed yet.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Face
    Face Posts: 14,340
    edited October 2009
    I couldn't imagine XP with less than 3 gigs.
    "He who fights with monsters should look to it that he himself does not become a monster. And when you gaze long into an abyss the abyss also gazes into you." Friedrich Nietzsche
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Face wrote: »
    I couldn't imagine XP with less than 3 gigs.

    You've used this computer before. Remember how I thought it used the same charger as yours?
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • bigaudiofanatic
    bigaudiofanatic Posts: 4,415
    edited October 2009
    WilliamM2 wrote: »
    Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

    Because SOME malware is such a pain and gets so deep into the system that it is almost impossible to remove. Plus it would be much easier. Also considering he might not want to go into the registery and start playing around in there I say whipe it and I agree with my teacher. My sister had one that I messed with for literally 4 days straight never got it fully removed so I wiped it clean and started fresh. Her BF removed all the ant malware and all that I had on it one reason she probably got it all the stuff she downloads. Malware is that powerful that it can rebuild files that you remove and so on. Once it gets to a certain point it is not worth trying to remove.
    HT setup
    Panasonic 50" TH-50PZ80U
    Denon DBP-1610
    Monster HTS 1650
    Carver A400X :cool:
    MIT Exp 3 Speaker Wire
    Kef 104/2
    URC MX-780 Remote
    Sonos Play 1

    Living Room
    63 inch Samsung PN63C800YF
    Polk Surroundbar 3000
    Samsung BD-C7900
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    What's making me feel uncomfortable is that when you unplug the ethernet cable, the 100% CPU activity and constant disk activity stops. It doesn't stop immediately, but eventually it stops.

    Is this a sign of something bad running in the background?
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • dee1949
    dee1949 Posts: 1,425
    edited October 2009
    ....you might be part of a botnet. ....

    http://en.wikipedia.org/wiki/Botnet

    "It has been estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet.[4]"

    http://www.networkworld.com/news/2009/072209-botnets.html
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Is there a reason software such as Kaspersky antivirus and Malwarebytes can't detect this?

    I also tried AVG Free and it was useless.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • bigaudiofanatic
    bigaudiofanatic Posts: 4,415
    edited October 2009
    appadv wrote: »
    What's making me feel uncomfortable is that when you unplug the ethernet cable, the 100% CPU activity and constant disk activity stops. It doesn't stop immediately, but eventually it stops.

    Is this a sign of something bad running in the background?

    In a word yes
    HT setup
    Panasonic 50" TH-50PZ80U
    Denon DBP-1610
    Monster HTS 1650
    Carver A400X :cool:
    MIT Exp 3 Speaker Wire
    Kef 104/2
    URC MX-780 Remote
    Sonos Play 1

    Living Room
    63 inch Samsung PN63C800YF
    Polk Surroundbar 3000
    Samsung BD-C7900
  • John30_30
    John30_30 Posts: 1,024
    edited October 2009
    appadv wrote: »
    Is there a reason software such as Kaspersky antivirus and Malwarebytes can't detect this?

    I also tried AVG Free and it was useless.

    I saw you had Instant Messenger installed. Try uninstalling that, it's not malware per se, just very **** software. AOL, capeesh?

    If that was the issue, look around for an older version to install.
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    There are plenty of third-party IM clients that handle the AIM protocol; I've had good luck with both Digsby and Pidgin.

    BUT, if those were the problem I would think they would be hogging the system resources, NOT explorer.exe.
    If you will it, dude, it is no dream.
  • Jstas
    Jstas Posts: 14,842
    edited October 2009
    WilliamM2 wrote: »
    Why wouldn't he teach you how to fix it instead? The average 12 year old can wipe and re-install.

    Because you can staff an "IT department" with reload monkeys cheaper than you can with engineers that actually know what they are doing. This mentality is the classrooms is why it's so difficult effectively staff an IT Department anymore.

    I haven't reloaded a machine due to malware, viruses, spyware or trojans since Windows '95, when I didn't know any better.
    Expert Moron Extraordinaire

    You're just jealous 'cause the voices don't talk to you!
  • Jstas
    Jstas Posts: 14,842
    edited October 2009
    Oh and:
    Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows Shell, or simply “Explorer”.

    Killing explorer.exe stops traffic because you are killing the root process behind the Windows OS GUI. When you kill it, it forces a dump of memory and then Windows scrambles to restart every process associated with the GUI because they all just lost their connection to explorer.exe. Since it is the shell for Windows, it's a critical component to process management on a Windows system. Losing explorer.exe can cause other programs to crash out as well.
    Expert Moron Extraordinaire

    You're just jealous 'cause the voices don't talk to you!