Jump to content

Vbc.exe + svchost.exe using almost all RAM / CPU / Disk in Processes...

Recommended Posts

I'm a Lifetime license holder of Malwarebytes, and have used and loved your software for long over a decade at this point.  Usually, MBAM finds anything and everything that somehow ends up on my system that shouldn't be.  But since around 3 weeks ago, I've somehow become infected with a crypto-currency mining virus (as far as I can tell from researching the issue) that I cannot seem to remove.  This virus is using almost all of my system resources including RAM, CPU, and Disk up to 100% at times, and as far as I can tell the causes seem to be related to vbc.exe and svchost.exe.  I've tried using RKill, TDSSKiller, ADWGuard, CCleaner, MacAfee Stinger, and Process Killer in different orders over the past almost month, with Process Killer really being the only programs that's helped do anything to combat this at all (even though it's not able to fully get rid of the problem itself).  I've tried manually deleting specific files as well, and the issue still persists.  MacAfee Stinger, TDSSKiller, and MBAM are all coming up clean when scanning with them.  Is there anything else that might be able to be done about this?  I'm hoping to avoid a full wipe-Windows 10 Enterprise (which is what I'm using OS-wise) if at all possible; I recently lost two 4tb hdds from failure, and really don't have what I need to back up the data I still have saved hardware-wise at the moment.  Any help would be greatly appreciated; thank you!!!

Link to post
Share on other sites

Hello @zeroone33 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file in your next reply to this topic.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

  • Root Admin

Thank you for the log, but it looks like something blocked the Farbar portion of the scanner download and running.

Please do the following @zeroone33



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you



Link to post
Share on other sites

  • Root Admin

I'm sorry but we need time off as well, we don't work 24/7

Please review the following.

Where did you get this operating system? It is not for sale anywhere to the general public. It can only be purchased by a business that runs it's own licensing server. Any other method of obtaining it is illegal.
We'll work with you to try to clean it up, but formatting the drive and installing a clean fresh version of Windows 10 or 11 would be the best choice.

Microsoft Windows 10 Enterprise Version 1809 17763.1577 (X64) Language: English (United States)



Please uninstall the following program. Computer experts no longer recommend it.




Are you really still using a file from 2009 ? That is 14 years ago.

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)


This file is from 2007 which is 16 year ago. I'm sorry but I seriously doubt the need for any file that old being run on Windows 10 in 2023

HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.) [File not signed]


This is appears to be from the SoundBlaster from years ago. Again, unlikely to be needed on Windows 10

HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL (No File)


Are you really using this tool from 2014? If you are that's okay but there are probably better tools designed for Windows 10 today

HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\Gigabyte\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [File not signed]


It is extremely unlikely that Gigabyte is still updating the BIOS or software on this system years later. Personally I would disable it from running.

HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )


Possibly you may need this but unlikely. You make up your own mind but running it on demand as needed would probably be better than running it every time Windows starts.

HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )





Please run the following fix


Farbar proram location:  C:\Users\Mark\Downloads\FRSTEnglish.exe


Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply


Please download the attached fixlist.txt file and save it to C:\Users\Mark\Downloads\
NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run the Farbar program with Admin rights. Then click on the FIX and let the process run. It may take up to 60 minutes to complete.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named (Fixlog.txt) in the C:\Users\Mark\Downloads  folder. Please attach that file on your next reply


NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.




Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.