Jump to content

Recommended Posts

I have been instructed to open my topic in this forum.  I have noticed that the MBAM service is using a minimum of 12% of my CPU( a single core) upto 30% when I'm logged in as a non-administrative user.

Logging in as an administrator and CPU usage is pretty much nil after things settle down, but non-admin it stays high for as long as I'm on.  Other than the CPU usage there is no unusual events. Last month I monitored all Internet activity for 20 minutes using Wireshark and saw no unusual addresses being accessed.

 

This is also happening on another computer (4 core).  Same symptoms which is very strange. The other computer is my wife's.  I don't surf the web other than about 8 trusted websites for news.  No downloads of porn or programs unless they are utility from trusted sources, even though trusted in the past doesn't necessarily mean that they are safe today. :(

 

I am attaching the Farbar files but they don't show anything as far as my quick glance shows. No fixes, no registry settings.

 

Re-running an entire scan using Mbam premium. The only results were expected as I have two packages that have come up as suspect in the past but I have not installed and since removed. ( IE. CD crack, Opencandy from shareware.

 

OOPs.  One was installed.  Free and legal Daemon tool downloads.  But only one one of the two computers.

 

Being a Lead Systems Analyst with 40 years of experience from 8-bit 8080 processors to present I'm very knowledgable and careful but as we all know that websites and zero-day attacks can't be prevented.

 

I'm re-monitoring my internet access at present as I'm now seeing some strange access to RIPE network IP addresses.  I'll post my findings shortly.

 

This is my original post.

https://forums.malwarebytes.org/index.php?/topic/175157-high-cpu-usage-for-non-administrative-account/?hl=%2Busage+%2Bnon-administrative

 

(copy of link)

Been a premium customer for a few years and most of the time I've been foolishly running as a super user.  But of late I've broken my bad habits and have started using a standard user account.

 

My problem is that the MBAM service sucks up a single core ( 12% on my 8-core AMD 8370) or 25% on my quad core PC when running as non-administrator.  Switching to my super user acccount I have no problem.  Switching back to the original user via logging off and the cpu usage is there again. 

 

This has been a problem since I started running non-admin about 3 months ago.

 

Any help is appreciated.

 

I'm running the lastest version with updates with:

Windows 8.1 ( all updates)

ASROCK Fatality 1 970

AMD 8370 octo-core

8 GB memory

Samsung 256 GB SSD  850Pro

Nvidia GeForce 970

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


You must run FRST from Administrator account.


Link to post
Share on other sites

Thank you for the quick response.  I acknowlegde and respect you and your help. :)

 

I re-read the instructions before posting and it didn't mention running the Farbar tool as admin. :( Here it is now run as an admin as soon as I can find where the attach files button is. :)

 

Also, the RIPE network appears to be my new motherboard (ASROCK Fatal1ty 970).  I've been re-running Wireshark and it appears to be an app ( asrrd.exe) (Fast LAN network trafficking) that is showing me the unusual IP addresses.  I'm shutting it down just to see if it helps.

 

I've also cleaned up/removed/disabled any firewall entry that I didn't like (old games or apps, remote desktop assistance since I never use it either direction and NVideo streaming stuff that I don't care about at the moment at least.

 

There are no pirated software nor P2P apps installed.  The CD Crack that I referred to was a very old game that I own legally and have just kept in the event I wanted to play it without the CD running all of the time.

Thank you again.

 

Addition.txt

FRST.txt

Link to post
Share on other sites

I've re-logged on as non-admin and no differences after shutting down the firewall, removing a few non-used apps that I didn't know were there, and killing the ASROCK processes.

The mbam.exe is just sucking up CPU. There is no disk activtiy nor network activity according to taskmanage, just 12-13% CPU usage.

 

Thanks again.

Doug.

Link to post
Share on other sites

Additional:  I think that I forgot to mention that I shut down a few services as well as the other.  I'll probably regret it a year down the line when I try to develop or use an app and can't figure out what is wrong. lol.  Been there. Done that as I don't use DHCP client and forgot when I took a laptop out into the real world for the one and only time it left my network. :)

 

I also created another non-admin user just for a silly but stupid test. Same results as other non-admin.  Checked Scheduled tasks for unusual tasks but nothing new that I noticed since the last time I checked about 6 months ago.

 

Sorry if I post too much information but I try to error on the side of too much than too little.  Don't feel that because I'm posting a lot that I expect the same in return as I'm not overly concerned about this being a virus.  Only that to resolve the issue I was instructed to post it as if I had one.  I don't do any financial transactions from either of these PCs as I'm very strict on separating gaming/fun from business.  I use to do development work on this PC but I haven't done any in over a year.

Link to post
Share on other sites

Your PC isn't infected. We can try to reinstall MalwareBytes:
 
mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that download & install the latest MBAM version.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.