Jump to content
chris_nol

CPU usage often at 100% until I open Task manager

Recommended Posts

Hi there, 

I have noticed that my laptop sometimes runs really loudly even if I am not really doing anything CPU intensive. When I open task manager to investigate I see that the CPU is running at near 100%, but when I want to see what is drawing so much power it suddenly drops to 18%. 

I saw another post where someone discovered a bitcoin miner on their system, but I am not sure if is that and if it is then it is hidden very well. I have run the Malwarebytes Threat scan, which found nothing. I am currently running a custom scan that includes both hard drives but it is taking very long. I also ran the AdwCleaner, which found two PUPs. I have yet to discover if that worked. 

I also ran the Farbar recovery scan. 

All the log files are attached. 

Could you help me out please?

My specs are: i7-8750H Processor, 12Gb ram, GTX 1050

 

Addition.txt FRST.txt AdwCleaner[C03].txt Malwarebytes threat scan 1.txt

Share this post


Link to post
Share on other sites

Hi,  @chris_nol     :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

Thanks for the reports you have sent.   Have you by  chance done a scan with Avast antivirus ?

.

The mention of Task Manager in the subject line and at top of 1st post is something that is not ultimately helpful to you or anyone.  That Task Manager initial display is not correct.

You have to wait for at least 30 seconds for it to hopefully be more accurate.  I simply wish people would stop making that mention.

That is for the benefit of all other prospective readers.

.

Now onward to focusing on more relevant things.   Malwarebytes Premium has full protections against harmful coin-mining exploits !

you have done a couple of different scans and no coin mining pest is reported to be present.

After you finish any on going scan, do what follows below.

[   1   ]

    Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

    Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

    and save it to your desktop.

    Doubleclick on the MBAR file and allow it to run.

    •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

    •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

    •After reading the Introduction, click 'Next' if you agree.

    •On the Update Database screen, click on the 'Update' button.

    •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

    With some infections, you may see two messages boxes:

    1.'Could not load protection driver'. Click 'OK'.
    2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

    •If malware is found, press the Cleanup button when the scan completes. .

    Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
      
 

[   2    ]

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 
In Windows Settings  >>> click on Windows Security from the left side list.
Next, In Windows Security section:  Click on the grey button Open Windows Security
next click on the blue Scan options
Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.

and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.
 

Share this post


Link to post
Share on other sites

Hi Maurice, 

Thank you for your reply.

Apologies for the mention of the task manager. I just found it curious that my laptops fans would be running loudly even if I am not doing anything computationally intensive. As soon as I would open task manager to see what is up the fans would quiet down and everything seemed normal in terms of processes. 

I have run a full Avast scan and it came up with nothing. 

I did run the mbar scan, but it came up with nothing. The log file is attached. 

I tried running the offline scan but my PC would restart and then go into recovery mode and not actually run the scan. 

I have now uninstalled Avast and Malwarebytes to allow Windows Defender to be the primary antivirus on my system. 

I ran a full scan with Windows Defender just now and it found a "Trojan:XML/Phish.J!eml" located in "AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\2220\Attachments\Amazon-Service-Center[4596].docx->docProps/app.xml". This might potentially solve my problem?

I will run another full scan now. 

Kind regards, 

Christian

mbar-log-2020-01-29 (21-06-13).txt

Share this post


Link to post
Share on other sites

Thanks for the MBAR run log report.   Let me know the result of the scan you mentioned you were doing.

When you next get a chance, do this special scan,

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 

Share this post


Link to post
Share on other sites

So the second windows defender scan came up with nothing. 

I also tried to make a bootable usb with windows defender offline on it, but my laptop would not let me. I then created the bootable usb on another PC where it worked just fine. 

So I tried booting my laptop from the usb, but then it would get stuck on the "Starting Windows" logo with a red bar across the screen (See attached image). So I am not able to run the Windows Defender offline scan. 

I ran the test you mentioned in your previous reply, but it only detected uTorrent as a potentially unwanted application. I have attached the log file., 

thumbnail_IMG_20200131_083901.jpg

Eset_scan.txt

Share this post


Link to post
Share on other sites

Thanks for the ESET scan log.

and I notice you said  

Quote

So the second windows defender scan came up with nothing.

 

I am totally unsure the method you used to make a "bootbale usb",  and in any event, since this Windows 10 is at Build 1909 , there is no need whatever to make a boot media.

Be sure to eject / disconnect that "boot media".

Windows Defender OFFLINE can be started totally from the Windows Security menu. 

.

Lets take a bit and make use of another tool from Microsoft.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


 Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log
Please attach that log with your reply.
 

 

Share this post


Link to post
Share on other sites

Hello Christian.

Just checking up.  How are things ?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.