Jump to content

Virus hiding from task manager and resource monitor


Recommended Posts

Good Afternoon,

Recently I have messing with undervolting my laptop (windows 10) in order to reduce noise and increase performance. I have been for the most part successful. However I have noticed that my laptop has been randomly thermal throttling (before and after undervolting) due to high CPU usage (90%+). However when I open task manager or resource monitor it immediately sinks back down to 4%. I have tried using other resource monitoring software's to avail. It seems this virus "knows" when I'm trying to find it. I have tried all sorts of virus sweeps also to no effect. Also the virus doesn't seem to stop just because I have task manager open, it only does so when the task manager (or other monitoring software) is visible on the screen. This is driving me nuts. Please help

Link to post
Share on other sites

Hi,     :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.
Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   

 

Please do the steps outlined ( as much as possible)  on this pinned topic at the top of this forum !

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Thanks in advance.

Sincerely,

Maurice

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Thanks Maurice,

I have attached the malwarebytes scan, the FRST and addition txt files.

The walwarebytes scan found things, but I'm fairly certain its not the virus I'm after. I ran the same scan two days ago, and it did not remove the virus. Let me know if there is anything else I can do. I'll let you know if I catch the virus acting up again.

Also Francisco is fine.

V/R,

Addition.txt FRST.txt malwarebytes_scan.txt

Link to post
Share on other sites

Thanks very much for the reports.   Those help a lot.

I want to caution on the use or "presumption" or "assumption"  of the term "virus".   We at this point do not know what is at the bottom of all here.  "virus" is a specific type of malware & has specific meanings.   See   https://blog.malwarebytes.com/detections/virus/

and   https://blog.malwarebytes.com/cybercrime/2015/05/virus-or-malware/

 

The Malwarebytes for Windows found a few adwares & also PUP.optional  types.

.

Let us do some other checks with some other trusted tools.

[     1     ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download 
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log
Please attach that log with your reply.
 

[     2      ]

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.
If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  

You should click to off the offer for “periodic scanning”.
 

 

 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Thank you for the 2 reports.   The Microsoft Safety Scanner report is normal.   No real actual infection there.

The ESET scan reports no malware / no virus / no P U P.

 

At this point, a different tool to scan the pc for viruses & other malware  ( if any ).

Do not click on the small popup mini-window that shows up.   Look for the green color button that says "Download Dr.Web CureIt"  with the down-arrow icon

image.png.89e510f058b59b38d7abd400ffb3f917.png

 

Download Dr.Web CureIt to the desktop. 
The download is nearly 208  MB in size

 

After the download is completed, then close the browser and all other web browsers too.

Use the Windows File Explorer to go to the Downloads folder.

 

doubleclick on  the download file file to start the tool.     ( drweb will randomize the name of the file when you download it )

 


⦁    You will see a screen similar to this:

drweb-1.jpg.d19c089d11f5b87d91965b11ad62ca17.jpg


 
Click the checkbox to participate, and then click on Continue button.

 


⦁    Next

drweb-2.jpg.d5bdb76dc769a35fe9b643c90dddb7b0.jpg


 
Click on Select objects for scanning
⦁    Next

drweb-3.jpg.2b2fa047cb9a0e7fcbdd5c69a73fa694.jpg
 
Put a checkmark by clicking on all the boxes    EXCEPT for

"Temporary files"

"System restore points"


Do not select Temporary files or System Restore points.


Then click on Start scanning button

⦁    The scan in progress will be shown like this

 

drweb-4.jpg.6f5db8bfbc2db1162e72a626053fe62a.jpg


⦁    IF something is detected, you will see a screen similar to this

 

image.png.75d975285e7cd0b1ea4d39b61fca8f9a.png


 
For each item "detected", click on the Action column down arrow, like this
 

image.png.5c1e515f37a43ca9a954c0ee5f4b0f4c.png

Your options will be Cure or Ignore

IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cure default.

Then click on the Neutralize button.

 

⦁    When the actions are completed, you will see this

image.png.248b34e853c772318a415fb88ef452b4.png


 
⦁    Click on the green Open Report line. It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called Cureit.log
⦁    Close Dr.Web Cureit. 
⦁    Reboot your computer to allow files that were in use to be moved/deleted during reboot. 
⦁    After reboot, attach the log Cureit.log you saved previously in your next reply. 

 

Have patience in all this. 

Link to post
Share on other sites

As regards the initial minute or so when you start the Windows Task Manager ....you must ignore all displays on it  ....until a minute or so has elapsed  !!

The initial displays are not a true reflection.   You must let the app settle down for a minute or so ....before you jump to any conclusion.

Further to that,  if Task Manager displays is the only thing you have observed,  let us not have you fret over it.

I should have made those pointers at the very outset.

.

I am glad to read that Cure-It found no virus / no malware.

We had done 2 different scanners before this.   There is now no reason of any sort to "suspect"  any sort of "infection".

 

You may do a new scan with yet another different scan tool.       TrendMicro's  HouseCall   is a known & trusted antivirus  scan tool.   It is free to use.

TrendMicro HouseCall scan
https://www.trendmicro.com/en_us/forHome/products/housecall.html

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher

Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.
Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

IF you wish a Full scan or a Custom scan, first click on the Settings    I suggest you pick FULL scan.

 


Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.

If you see an item that you know is safe, you can click the Action  , and select Ignore.
When all done & ready, click the Fix now button.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.