PDA

View Full Version : Increased CPU usage and blocking things w/ errors



Rokimi
2009-04-29, 02:50
So, all of a sudden my mozilla tabs became new windows and mozilla crashed. This led to my computer auto turning off. I tried to run malwarebytes but when I clicked the remove selected button I got an error message and could not reopen malwarebytes (already running). After restarting my computer and rerunning malwarebytes, I can not update.

My CPU usage is at 60%+ with only malwarebytes and mozilla running.
I have a process called "System Idle Process" and and the CPU number is sitting at around 40. I feel that this is part of the problem but do not want to terminate it.

A lot of things have stopped working. For example, to switch windows I have to use the Windows Task Manager "Bring to Front" option.

I cannot get HJT to run and just made the dumb mistake of clicking a button on malwarebytes after it scanned my computer so that froze up.

Rokimi
2009-04-29, 03:07
I know it is against policy to respond to your own post but since I could not edit it and i reran malwarebytes (quick scan this time).

Because it will not let me copy and paste I will summarize what it found.

Trojan.FakeAlert (value:brastia)
Rootkit.Agent.H
Trojan.Agent
Fake.Beep.Sys

I'm sorry that I do not have more info.

pskelley
2009-05-01, 17:36
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You likely have malware the hackers are writing so it will block any help you can get removing it. They are hoping they can steal something from you. We must get something to run and combofix is likely the best so follow the directions carefully.

Since I can not see the malware yet, you may wish to view this information for safety:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Rokimi
2009-05-02, 15:34
My computer refuses to let me run either .exe
HiJackThis will not open and ComboFix opens a window and the computer freezes

I have tried another .exe and it is affecting all the files and not just anti malware.

However, I have both of the programs downloaded and have the Recovery Console.

pskelley
2009-05-02, 15:40
My computer refuses to let me run either .exe
The hackers are trying to block you from getting help, the tools have to be run if you want to kick them off your computer, the options otherwise are few, including a reformat.

Try deleting combofix and download it again, like this:

You must rename it before saving it, save it to your Desktop.

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

Rokimi
2009-05-02, 15:58
The computer froze again. Now when i log on I get an error that Id08.exe has stopped and Dell Network Assistant pops up. I also used to get erros for brastia.exe.

pskelley
2009-05-02, 16:16
My friend, the computer is infected with bad stuuf that you or another user has allowed on the computer. It is not going to work right until you remove it.

Make sure combofix is downloaded to the Desktop, then boot to safe mode:
http://spyware-free.us/tutorials/safemode/

Once in safe mode, see if combofix will run.

pskelley
2009-05-07, 12:59
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.