Search the Community
Showing results for tags 'executable'.
Hi Guys, I am recentky starting to see my CPU usage spiking to 70 80% for no reasing I have the latest malwarebytes premium 3.8.3 and ran a full system scan and everything seems to be fine however, when I checked in the task manager there is this elevation_service.exe sometimes comes up as chrome elevation service hammering my cpu and slowing it to the point where it takes a good 30 seconds to open a folder only. I have googled and found out that it has to do something with Google Chrome update service. But, after following a tutorial I that I will include here for reference it does go away however, after reboot it comes back? ** It does actually drive me crazy But I cannot figure out what it is, I have located the file and it is in my Chrome folder which freaked me out as I have a lot of saved passwords in Chrome and history synced any chance this is a virus or just my Window is going mad? I am running Windows 10 Pro. I have tried going into safe mode and deleting it from there too, BUT when I boot normally it is there again and it only comes backup as soon as I fire up chrome again, please do excuse my English grammar. Any help is appreciated, thank you.
8:30am PST. After spending a couple of days on a client's Zbot Cryptolocker removal and file restoration - the blocking of executables running from XP's %username%\Application Data\ folders and sub-folders was implemented through Group Policy. As a test I just now copied notepad.exe from c:\windows into the \application data\ folder. But, Malwarebytes blocked this and called Zbot Crypto on notepad.exe - and Quarantined. Next, Right Click notepad.exe and 'scan with malwarebytes' - no malware found? Next, Delete notepad.exe from windows\ and windows\system32\ and replace with known good copy. Next, copy good notepad.exe into %username%\application data\ again. Again, Malwarebytes calls Zbot Cryptolocker on the copy and quarantines. Next, copy thunk??.exe into %username%\application data\ folder & run. Group Policy blocks the execution! Whassup with copying notepad.exe from \windows into %username\application data\ ? Thanks.