ed3nspring Posted March 24, 2014 ID:807441 Share Posted March 24, 2014 Hi, For almost a month I've had a problem that many people seem to have: my GPU would go to 99% activity in Idle. Uninstalling and installing drivers doesn't change anything. I've "solved" this by disabling and re-enabling my graphic card from the "device management" every time I start my PC, but I know it's not a solution. I've run Malwarebytes Anti-Malware and it found 5 miner that were quarantined, including svchost, but after the restart it started like nothing had happened and again 99% activity. I've run the DDS and this is what I've got:attach.txtdds.txt Thanks for any reply, I really don't want to format and re-install everything, so any help will be really appreciated. Pietro Link to post Share on other sites More sharing options...
Psychotic Posted March 25, 2014 ID:807852 Share Posted March 25, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
ed3nspring Posted March 25, 2014 Author ID:807915 Share Posted March 25, 2014 Hi Marius, I really appreciate your help.This is the log of TDSSKiller, no malicious file found. TDSSKiller.3.0.0.26_25.03.2014_17.21.11_log.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 25, 2014 ID:807923 Share Posted March 25, 2014 Going over your logs I noticed that you have uTorrent installed.Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned. Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Link to post Share on other sites More sharing options...
ed3nspring Posted March 25, 2014 Author ID:807931 Share Posted March 25, 2014 Yes, I use uTorrent to exchange big files with work colleagues (I do hd and 4k video editing) when FTP is not a viable option.I won't hide that I've downloaded a couple of films, but I try to avoid it cause I want to reduce as much as possible the possibility of an infection. This are the logs of FRST:Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808407 Share Posted March 26, 2014 The Problem with Torrent is that your computer is connected to a worldwide network consisting of billions of computers. Even when you download only files from trusted sources, there is always the possibility of a malicious connection.Think about it. Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes AntimalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. fixlist.txt Link to post Share on other sites More sharing options...
ed3nspring Posted March 26, 2014 Author ID:808463 Share Posted March 26, 2014 antimalware log.txtFixlog.txt These are the two files I got. Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808464 Share Posted March 26, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
ed3nspring Posted March 26, 2014 Author ID:808509 Share Posted March 26, 2014 esetlog.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808511 Share Posted March 26, 2014 Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machineHaving said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 2, 2014 Root Admin ID:812162 Share Posted April 2, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts