Jump to content

High level of data usage in uninstalled processes on PC (1tb)

Clang

By Clang
in Resolved Malware Removal Logs

 Share
Go to solution Solved by Clang,

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Unless it was from Steam and Windows Updates I don't see a lot of reason for that much data.

Please run the following @Clang

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started. 
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

  • Like 1
Link to post
Share on other sites
Clang

Clang

Posted
  • Author
Posted (edited)

Thank you , running eset scan now and will post the results later.

We have xfinity as our provider and we used 1.2tb total on 7/30/23 which is our monthly cap . we normaly never use that much.

Received a warning that we used 75% of the data on 7/20/23

  "Unless it was from Steam and Windows Updates I don't see a lot of reason for that much data."

There were 3 windows updates this month.

Capture2.PNG.b131f81a687691031c44a1dbf49bbc8a.PNG

It looks like steam updated at least once this month on 7/10/23.

Steam Version:  1689034492
Steam Client Build Date:  Mon, Jul 10 8:02 PM UTC -08:00
Steam Web Build Date:  Mon, Jul 10 12:48 PM UTC -08:00
Steam API Version:  SteamClient020

 

Edited by Clang
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Here is an entire month for my App history - I don't  even have an entry for Uninstalled Processes on my system.

image.png

 

Here is a post from 7 years ago and modified 5 years ago, but speaks of exactly what you're seeing.

https://superuser.com/questions/1104455/mysterious-uninstalled-processes-using-network-every-time-i-turn-on-my-compute

 

However, I knew there was a way to look at this data but it's been a while since I looked at. Just found the tool that makes it easy to do. I had to use some command line tools before. This makes it very easy.

 

NetworkUsageView v1.30 - Displays network usage information stored in the SRUDB.dat database of Windows 10/8
https://www.nirsoft.net/utils/network_usage_view.html

 

 

  • Thanks 1
Link to post
Share on other sites
Clang

Clang

Posted
  • Author
Posted (edited)

Capture4.PNG.9decddb8ddefa1ac8b18bb64d6228200.PNG

This is what Gw Shows so far.

 

I installed NetworkUsageView v1.30 and will keep that running overnight.

Capture5.thumb.PNG.335e8e922ff5cabb42160dcd9525db29.PNG

 

Looking at that 7 year old post it could be a uninstalled program.

 

Uninstalled processes are programs that are no longer installed on your computer but still appear in the Task Manager or the startup items list. To remove uninstalled processes, you can use one of the following methods

Download and run Autoruns from Microsoft Official website and uncheck the uninstalled programs from the Logon tab13.

Run procexp.exe and choose Options -> Replace Task Manager and then Options -> Restore Task Manager2.

Rebuild the index of your computer by opening the Indexing options in the Control Panel and choosing Rebuild Index4.

Uninstall any unwanted programs from the Programs and Features in the Control Panel5.

 

 

But can we still please continue to be sure there is not a virus on my pc?

 

Thanks for your time on this.

Edited by Clang
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool 

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

  • Like 1
Link to post
Share on other sites
Clang

Clang

Posted
  • Author
Posted

Hi A.S.

Below is the scan report ,nothing was found.

<Report>
    <Metadata Version="1" PCID="{8A1461C6-7D17-945B-6718-EF9F97133880}" LastModification="2023.07.31 22:24:36.856" />
    <EventBlocks>
        <Block0 Type="Scan" Processed="615671" Found="0" Neutralized="0">
            <Event0 Action="Scan" Time="133353254141643225" Object="" Info="Started" />
            <Event1 Action="Scan" Time="133353338762471754" Object="" Info="Finished" />
        </Block0>
    </EventBlocks>
</Report>
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Edited by AdvancedSetup
Updated information
  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.