Jump to content
Frowsy

CPU usage extremely high because of SoundModule virus

Recommended Posts

Hello,

I recently noticed my computer was beginning to run unusually slow, I also noticed that my search bar on my task bar ceased to work, whenever I clicked it, it would disappear. CMD ceased to work also. After checking task manager, which refused to work multiple times, I noticed something called SoundModule using up a ton of my CPU and GPU. After some research I learned this was a cryptomining virus. I deleted the .exe and followed a tutorial to edit a certain thing in my registry and delete another.

My search bar and CMD started working again however whenever I opened task manager my CPU would be near 100% usage for a split second but then drop to normal levels. It happens everytime. I've scanned with malwarebytes which brought up a few threats, which I removed but still no fix to my issue. The fans of my computer run full speed and the CPU for a split second still shows extremely high usage. I think I still have the cryptominer somehow installed on my computer. 

I've attached the logs from Farbar, I'm not sure what everything means but they might help.

Thanks,

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hey,

I applied the fix and here is the fixlog, I still see high usage in my CPU but I see that it is from something called "System Interupts" which disappears right when I open task manager. However from a google search this seems legit. I'm not entirely sure if the virus has been wiped away. Is there anything else I could do to try and better sure that I rid myself of it? I also ran Windows' system file checker and it concluded that I have some corrupt/missing files that could not be restored. Is this a reason for concern? 

Thanks,

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

As suggested in this article did you execute this command before you run the SFC?
DISM.exe /Online /Cleanup-image /Restorehealth
If not please do it.
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system

I suggest you run the SFC again and post the sfcdetails.txt that you will get running the command in bold.
How to view details of the System File Checker process
To view the details that included in the CBS.Log file, you can copy the information to the Sfcdetails.txt file by using the Findstr command, and then view the details in the Sfcdetails.txt. To do this, follow these steps:
Open an elevated command prompt as described in the previous step 1.
At the command prompt, type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Read the article for the rest of the information.

===

Post the sfcdetails.txt 

After a restart of the computer does the problem persists?
 

Share this post


Link to post
Share on other sites

Hi,

I followed the article and Command Prompt said it successfully worked to repair what was corrupted/missing, however, the bold command to copy the information to the Sfcdetails.txt onto my desktop failed to do anything at all. I would type/paste the command, press enter and then it would create a blank line and then start back from C:\Windows\system32> on the next line. Nothing appears on my desktop.

I don't think I still have the problem, when I open task manager it still shows that system interrupts its using a large percentage of my CPU for a split second only and I'm not sure why. But my PC seems to be working normally without the unusual slow down.

Share this post


Link to post
Share on other sites

Hi,

Read about the System Interrupts.
https://www.howtogeek.com/271400/what-is-the-system-interrupts-process-and-why-is-it-running-on-my-pc/

It may be caused by a hardware program or a driver.

Just to make sure that you are not dealing with a bitcoin miner.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Run the Sophos Virus Removal Tool
It may take sometime so do it when you know you will not need the computer.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Hope that helps.

Share this post


Link to post
Share on other sites

Hi,

There is no malware in your logs.

Stay safe.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.