Jump to content

Really need help!DCOM service high CPU usage, probably because im infected


Recommended Posts

As stated in the title DCOM server process launcher and a bunch of other services (shows in screenshots) are taking up too much CPU and i think it is because im infected.

I'm going to be very honest, this all started when i tried downloading the premium version of Malwarebytes for free, the tutorial stated to exclude the "hosts" and "etc" files from being scanned, next time i rebooted my laptop the problem started and i tried to scan as fast as possible but the scan gets stuck on scanning startup files, even after reinstalling the free version and running the scan, also no other antivirus finishes installing or runs properly (tried avast, ccleaner, ESET online scanner and all of don't function proprely), i tried system recovery which failed twice, i then followed a Youtube tutorial in which they stated that this could highly be a virus infection issue, they recommended to run RKILL and AdwCleaner which I did and they ran smoothly but i was still stuck on scanning startup files and the service is still spiking up my CPU usage, I've read some posts about this issue and im going to leave the demanded logs files below, i would really appreciate some help and i hope you forgive me for downloading a cracked version of your software, Thank you. 

image.jpg

Addition.txt FRST.txt

Link to post
Share on other sites

Hello.      :welcome:

My name is Maurice.  I will guide you.  Let me know what name you prefer to go by. 

I will guide you along on looking for potential malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Please stick with me until I give you the "all clear".

Your topic will be closed if you haven't replied within 4 days!
If I have not replied to your last post after 36 hours, please then send me a P M.

 

The first thing I need is to get a set of  these reports & logs.

 

That is the first step.  I will then review and use that to guide us along.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 [   2    ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along. 

There will be lots more to do after this. Stick with me.

Link to post
Share on other sites

Looking at the initial reports, one sees that a few trojans have been detected by Windows Defender antivirus. This here is just one. Date: 2022-03-21 14:17:36
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tnega!ml&threatid=2147763770&enterprise=0
Name: Trojan:Win32/Tnega!ml
Severity: Grave
Category: Cheval de Troie
Path: file:_C:\Users\hp\Downloads\Malwarebytes Premium  [Multi]Sensei-Tutorials\Malwarebytes.Premium.v3.4.4.2398.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.377.0, AS: 1.361.377.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19000.8, NIS: 0.0.0.0

Make very sure that this file is deleted C:\Users\hp\Downloads\Malwarebytes Premium  [Multi]Sensei-Tutorials\Malwarebytes.Premium.v3.4.4.2398.exe

plus, go into Control Panel >> Programs & Features and uninstall Malwarebytes  ( if currently installed)

Cracked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.

Link to post
Share on other sites

Everything concerning the cracked files and folders have been deleted, i just want to know if you want me to use the MBST Clean feature to uninstall everything Malwarebyte related or do you just want me to unistall it from the control panel, sorry for the question

Link to post
Share on other sites

I would ask you to use the Malwarebytes Support tool which you already have
to have the tool uninstall & re-install the Malwarebytes for Windows.
Use this support article as a guide  https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-Malwarebytes-using-the-Malwarebytes-Support-Tool

Skip line 1 for download.  Locate where you saved it & use it. mb-support-1.8.7.918.exe is on Downloads folder
Have infinite patience after the Reboot ( restart ) and just wait till the prompt window comes on
Reply YES when prompted to re-install Malwarebytes

Edited by Maurice Naggar
Link to post
Share on other sites

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

  • Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Scroll down and lets be sure the line in SCAN OPTIONs for

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .

  • Now click on the GENERAL tab

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

  • Next, the Malwarebytes scan.
  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

There will be more to do. Stick with me, please.

Link to post
Share on other sites

Simply leave it be, to run as long as it takes.

You can check to see if there are web browsers Open, then see about EXIT out of all web browsers. also, exit Discord if you have it and any other instant messenger app.
Let the program run.

Link to post
Share on other sites

The count may not increment, but anyhow, go ahead and click Cancel. Then Exit the program.
This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed.
get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.
Disregard the title subject of the topic.Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

  • when done, I need the MBAR logs.
  • Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.
  • Both files can be found in the extracted MBAR folder on your Desktop.
  • Please attach both files in your next reply.

 

Link to post
Share on other sites

Hello, Thank you. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites

I have ran the custom scan and it getting close to it's first hour and i know you said be patient but i just want to know if it gets stuck for 50 minutes scanningn the same file ( for me it's the C:\Windows\sysWOW64\userinit.exe ), it that normal or should I do something 

Link to post
Share on other sites

The display output may not be updating as frequently as we expect. Depending on how many files are on the C drive, this scan can take several hours. Have lots of patience. Let it do its run. If any web browsers are open, then please see about Exiting out of all web browsers.

Link to post
Share on other sites

Hello, it's been "scanning" that exact same file for over 3 hours so I looked up some solutions and i ran the program on safe mode (where the DCOM process isn't taking up CPU) and the scan seems to be going great, it has scanned more file in 10 minutes than the previous scan has done in 3 hours, also in safe mode i am able to scan using malwarebyte without it getting stuck on scanning startup files.

Link to post
Share on other sites

This will be a different check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Let's check your system with another ( different ) antivirus scan tool.

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

  • How to run a scan with Kaspersky Virus Removal Tool 2020

          https://support.kaspersky.com/15674

  • How to run Kaspersky Virus Removal Tool 2020 in the advanced mode

          https://support.kaspersky.com/15680

  • How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan

          https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
Thank you
Link to post
Share on other sites

{{ remarks }} For the sake of Windows O.S. security and for being able to have a proper working Windows Update, it is important that a system have the right current local time and Date. That also means have the correct local time zone. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.