Jump to content

Recommended Posts

Dear Malwarebytes Team,

My 2y old Laptop is totally overheating for no easy to discover reason. (I carefully opened, cleaned and reassembled my laptop to make sure ventilator and heatsink are in 100% clean condition.)

I believe i have a nasty malware on my system. My Laptop HP Pavillion Corei5 4200 ULT bought in Oct. 2015 with preinstalled Windows 8 upgraded to 10, 1709, mechanical drive swapped to SSD with 555MB/s R+W.

Using Core Temp v1.1 to analyze my system in idle and under heavy load I could find the temperature of both cores rising up to 100°C  as soon as I start any application. The CPU maximum load was capped at 50% and dropping to 30-45% by breaching TPoint 100C every couple of seconds.

I used the rootkit scanner GMER and could see my hard drive showing an unknown Master boot record entry. (No fixes done)

I found another post here which recommended to use RogueKiller which could help me to detect and delete some Malware.

RogueKiller found 1 folder and three executable files of an already uninstalled Bitcoin Mining Software. (Minergate, classified as Malware) I used RogueKillers function to disinfect me system. Odd seems to me that me having a BTC Mining Software trial is already about a month ago and also the creation time stamps of the folder and the .exe showed up dating accordingly about a month ago, yet I actually had no performance issues in that time since - until a couple of days ago the overheating issue came down on me while gaming.

Sadly me laptop still tends to overheat and it seems to be disinfected only partially.

I found "Windows Modules Installer Worker" service causing some 30% load to me CPU in idle and causing it to run 96-97C nearly meeting TPoint (100C) whenever I run any application. Manually ending the Windows Modules Installer Worker via Taskmanager made the core values return to normal.

Another time at the same day after I had already used RogueKiller for disinfecting, I found the "comsurrogate" service running twice by checking on the Taskmanager during gaming "Warcraft III" Manually closing the service improved the games performance - restoring normal conditions to the game operation. Of the two comsurrogate services only one had the signficant CPU load and 50% of memory consumption, the other showed permanent idle and 0% memory consumption.

The initial overheat issue occurred out of nowhere while gaming online.
While gaming online a very old game title "Warcraft 3" (min req. PII-233MHz MMX, 16MB 3D) me laptop unusually started the fans on high speed and the game showed extremely low frame rates. Me laptop got a dedicated grafix card Nvidia GeForce 840M 2GB GDDR5 which I use for hardware acceleration by standard. The game uses TCP and UDP ports 6126 and is known to enable malicious players to somewhat hijack other players systems, usually to manipulate games to their favor. Mostly the aim is to force others to disconnect from the game, or slow the connection of players over the game time (by redirecting their game network packages with some altered addressing) in order to gain an advantage in ingame resource flow. (RTS game, similar to LOL and DOTA) As a player with a huge lack in coding and understanding in depth network technologies I have to live with a certain percentage of manipulated games and frequently rebooting the game, but there has never been such a persisting thermal issue ever so far. Nowadays intentions and motivations may have changed, I just read an article about a Monero Mining Virus and I am now trying to bring things together. Ironically another player told me that he believes that his pc had been hijacked for crypto mining just minutes before my laptop started showing thermal issues and a massive lack of computing performance.

Can someone here please help me and guide me through how to further identify possible threads and clean my Laptop again, like i've seen you were about to help another member called Kevin, having similar problems in another post? I could manage to run FRST64.exe and I am ready to send you the two files it created as scan result (running the app standard settings).

Thank you for your attention and also -
Thank you already in advance for your advice. I do highly appreciate your help.

With best regards from Australia, Thomas

 

 

Edited by Lynxo
Link to post
Share on other sites

  • Root Admin

Hello @Lynxo and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Thank you. Using Malwarebytes 3 had me system disinfected again. Fan and temperatures are back to normal. Cores do 100% load without getting anywhere near Tpoint and all applications run the way they used to be before encountering the initial problem. Thanks for your attention and support.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.