svchost CPU usage at 55%


  1. Posts : 4
    windows 10
       #1

    svchost CPU usage at 55%


    not sure since when and how ( must have been recently ), but my windows 10 got probably infected, whenever i start pc, my cpu usage jumps to 55% . After I open task manager, i can see this ( attachment ) :
    the PID of "faulty" service is always different and if I stop the process, i am ok until next reboot. Windows defender detected nothing after full scan, I have never downloaded any exe files or opened some bad web page, only .mp4, .avi files and games from Steam.
    Should I format and reinstall windows, just to be sure or is there some other tool to find out what happens / fix my problem ? I have no important data or work on my pc, so format is ok, I just dont want to spend several hours reinstalling everything
    Attached Thumbnails Attached Thumbnails svchost CPU usage at 55%-fsdgf.jpg   svchost CPU usage at 55%-gdghfg.jpg  
      My Computer


  2. Posts : 16,278
    W10Prox64
       #2

    buxanto said:
    not sure since when and how ( must have been recently ), but my windows 10 got probably infected, whenever i start pc, my cpu usage jumps to 55% . After I open task manager, i can see this ( attachment ) :
    the PID of "faulty" service is always different and if I stop the process, i am ok until next reboot. Windows defender detected nothing after full scan, I have never downloaded any exe files or opened some bad web page, only .mp4, .avi files and games from Steam.
    Should I format and reinstall windows, just to be sure or is there some other tool to find out what happens / fix my problem ? I have no important data or work on my pc, so format is ok, I just dont want to spend several hours reinstalling everything
    Hi buxanto and welcome to Tenforums.

    I wouldn't go reinstalling just yet, there are a few things you can do:

    Let's check for infection
    -download and run RKILL
    This is a little program that will stop any malicious running processes temporarily until next boot. After running, it places a text file on your desktop - paste that info here.

    - download, install and run Malwarebytes Antimalware Free
    Update the definitions and go into settings and select the box to scan for Rootkits as well as everything else that is already checked. Do a custom scan and select your entire C: drive.

    Let us know if it finds anything. Reboot if asked to. If you do reboot, run RKILL again.

    Depending on your response, I'll give you next steps.
      My Computer


  3. Posts : 4
    windows 10
    Thread Starter
       #3

    well thank you man, seems like my pc was indeed sick, unfortunatelly, i did run rkill again and it overwrote the previous report, which said that I had 1 bad process running ( svchost.exe ) and some wvsvcv ( some windows protection service ) not running. after running malwarekiller software from ur post, it detected 17 items, i deleted them all and after reboot, no more cpu running at 55-60%, no uknown random svchost.exe service running in the background. so again, thank you very much, although i would love to know, how that shiet got into my pc, because as I wrote above, i dont download .exe files, i must have clicked on some bad web page or something wtf
    Attached Thumbnails Attached Thumbnails svchost CPU usage at 55%-gdd.jpg  
    svchost CPU usage at 55% Attached Files
      My Computer


  4. Posts : 16,278
    W10Prox64
       #4

    buxanto said:
    well thank you man, seems like my pc was indeed sick, unfortunatelly, i did run rkill again and it overwrote the previous report, which said that I had 1 bad process running ( svchost.exe ) and some wvsvcv ( some windows protection service ) not running. after running malwarekiller software from ur post, it detected 17 items, i deleted them all and after reboot, no more cpu running at 55-60%, no uknown random svchost.exe service running in the background. so again, thank you very much, although i would love to know, how that shiet got into my pc, because as I wrote above, i dont download .exe files, i must have clicked on some bad web page or something wtf
    Bitcoin Miner is NOT good. Not good at all. I am going to guess that you have some outdated Java or Flash or Silverlight, of which an infected web page took advantage when you visited it.

    Please download Ccleaner and go to the uninstall tab on the left - this gives a list of all programs installed on your computer. There is a link at the bottom right to save to text file. Please do that, and paste the text in here for me to evaluate.

    Additionally, Zeusbot is a very bad bitcoin mining program, as it also steals data & logins from your system. It may be prudent to start changing your passwords from a clean system, while we finish up with your infected one. Not sure yet if this is what you had, but it's a good possibility.

    Next I would like you to run an ESET Online Scan. You should be able to save to text file anything it finds.
    Last edited by simrick; 14 Jan 2016 at 14:44.
      My Computer


  5. Posts : 4
    windows 10
    Thread Starter
       #5

    eset found 1 item, i suppose i should format asap, my system is infected badly
    svchost CPU usage at 55% Attached Files
      My Computer


  6. Posts : 16,278
    W10Prox64
       #6

    buxanto said:
    eset found 1 item, i suppose i should format asap, my system is infected badly
    Have you noticed any encrypted files in your documents?

    EDIT:
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe VBS/Kryptik.DC trojan cleaned by deleting

    These Kryptik trojans are password stealers. They grab your passwords and then open a backdoor to bitcoin miners, clikfraud malware or DDoS botnets.

    If you are willing then yes, I would completely wipe/format and reinstall.
    Then I would setup a password manager like LastPass. Please change all your passwords from a CLEAN system, and I mean EVERY PASSWORD.

    Still evaluating your installed programs, will report back.

    EDIT#2:
    Not seeing any glaring problems in your installed programs list. No idea how this malware got in, sorry.
    Last edited by simrick; 14 Jan 2016 at 14:34.
      My Computer


  7. Posts : 4
    windows 10
    Thread Starter
       #7

    it is ok, thank you, tommorow or on saturday i will do big undusting and formating + password changes
      My Computer


  8. Posts : 16,278
    W10Prox64
       #8

    buxanto said:
    it is ok, thank you, tommorow or on saturday i will do big undusting and formating + password changes
    Cheers! :)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:36.
Find Us




Windows 10 Forums