Jump to content

[SOLVED] 100% CPU load


Spraki

Recommended Posts

Hi guys. 

This is not entirely KSP-related, but I think I need help on this. I'm "quite tech savvy" and I tend to get this every now and then. But this time, I may have been outsmarted. This may have been caused by some magic malware or .exe file that snuck onto the system.

 

 

SOLVED.

Solution: Use CHKDSK's full hdd scan for faulty sectors. Apparently, Window files got pushed around into crappy bytes.

CHKDSK on Win7 (also available in safe mode, if you can't use the normal mode like for me) can be done by rightclicking your HDD in Computer window -> Properties -> Tools and the first option on the top (I have german version of Win7, basically a "Search for Errors on HDD/Fehlerüberprüfung". 

It might say the HDD is in use and will plan the CHKDSK scan as soon as your restart the computer. I did that and left it for a few hours. And, well, it worked. 

No nuking necessary after all :3

 

But gosh dangdagnabbit to hell. This really looked like a virus/malware infection.

 

_____________________

OLD MSG

 

Here are my specs.

Laptop - Samsung RV520

Windows 7 Home edition / SP1

Err, not sure which other specs could actually be viable. I am currently using Win7 safe mode to post. 


Here's what roughly happened and the symptoms. 

Symptom: 

As soon as I start the computer, win7 loads, but it seems  to be immediately affected by something. It seems something is loading the CPU by 100%. However, even if I open the Task Manager + Resource Monitor, I can't see what is using the CPU. But something IS killing the processing speed. It's impossible to do anything else really. Any attempt of opening anything will only slow it down until it wants to restart explorer.exe or anything (A window pops up with "Microsoft Windows is no longer responding". Hitting restart will only cause it to freeze further). 

 

What I did so far:

I used Win7 safemode and used Malwarebytes and Spybot Search&Destroy. It did kill the usual floating stuff, but the lagging is still there. Another problem I have is Free Avira. Now, this is probably my mistake. It hasn't really been updating all this time through. It's been stuck on this 2015 version. And it's always been acting up with blabla, you need admin rights (although I am logged in as admin) and I just stopped caring. 

Now, I wanted to see if I could use freeAvira to do a full scan, but it also won't load either now. And, well, if I let the computer load win7 in normal mode, it will only try to start Avira and just lag to oblivion ,_,

 

This sorta came out of nowhere yesterday. What I actually was doing:

I was drag-dropping some images from pinterest into my reference img folder. Like literally, drag and dropping. Was no big deal until it just simply started to lag/freeze out of nowhere. I know windows tends to act up. Usually, I could always rely on task manager, find the culprit .exe or whatever process and just rename it. However, this time, I can't even see any process really doing anything. And by the time stuff fill the list, it's already "lagging". 

There must be some sort of process/exe that is hidden and not showing up. I hope it is not some registry virus trojan whatever. 

I don't know if HijackThis would help at this point?

Any advice?

Edited by Spraki
Link to comment
Share on other sites

2 hours ago, Spraki said:

As soon as I start the computer, win7 loads, but it seems  to be immediately affected by something. It seems something is loading the CPU by 100%.

It might be a bitcoin miner, it might be some benign bug, or it might be ransomware using all that CPU time to encrypt your stuff.
Or it could just be 30 percent browser toolbars, 30 percent malware and 40 percent virus scanners, all playing a massive game of Last Man Standing.*

In any case, my approach would be to boot a not-Windows livecd to get any important files off, then nuke it from orbit and reinstall.

The very first thing I (used to) do after installing Windows and the required drivers is image the disk, it makes the scorched-earth solution a whole lot less time-consuming.
Windows running slow? Nuke it. Malware? Nuke it. Bad driver or update? Nuke it. Annoyed with Windows in general? Nuke it. This approach has served me well so far. :P

 

2 hours ago, Spraki said:

Another problem I have is Free Avira... It hasn't really been updating all this time

Kill it, kill it now. If it's definitions are out of date it's worse than useless.
IME the only worthwhile free AV is Microsoft Security Essentials. Everything else is scareware, bloatware, adware, or makes as many security problems as it solves.
 

Edited by steve_v
Moar quotes. Eveyone needs moar quotes.
Link to comment
Share on other sites

I second what @steve_v said. If you are unsure of what is causing the problem, salvage as much data as poss, format and reset to factory.

Reinstalling windows is a pain in the B, but its less of a pain than trawling through your entire harddisk multiple times with various software tools that may not work, may make things worse, and will just generally take ages because of said lag. I think MalwareBytes is pretty good, if it doesnt find anything, best to go for the nuclear reformat option.

When recovering your salvaged data, scan it for suspect stuff, naturally. 

However, I wouldn't rule out a hardware failure of some kind, do you get any beeps from the motherboard on startup? Vaguely plausible culprits are a burned out RAM unit or a harddisk close to failure - could explain the lag that comes without anything noticable in TaskManager. How old is your harddisk?

Link to comment
Share on other sites

8 hours ago, p1t1o said:

How old is your harddisk?

It is certanly from around 2011. I am still thinking it is software-related though, as safemode works normal. 

Yeah. I considered nuking as well. However I am studying abroad in costa rica. Hard to get by stuff here. But I will see that I get win7 cd somehow.

Probably the safer solution.

Link to comment
Share on other sites

Some advice:

1. Open add or remove program (windows+type add or remove), sort the list according to date installed. Find any suspicious program that you do not recognize or doesn't seem to be installed with your consent. Uninstall it

2. Remove that free avira. I absolutely insist. The only worthwile AV is Microsoft Security Essential, as mentioned by @steve_v

3. Defrag your harddisk (windows+type disk defragmenter. Analyze first, if the total is more than 10% defrag it)

4. Perform Disk cleanup (windows+type disk cleanup)

5. If all else fail, I say we salvage as much data as possible from harddisk before nuke it from orbit. It’s the only way to be sure

Hope that helps :)

Edited by ARS
Link to comment
Share on other sites

I'm not sure how far you dug into the task manager but I keep a Win7 machine around and a pretty constant issue was the windows updater hammering the CPU. It's been a while since I booted into it but that was an issue, do a search for "Win 7 update CPU" you will get a lot of hits.

Link to comment
Share on other sites

13 hours ago, Spraki said:

It is certanly from around 2011. I am still thinking it is software-related though, as safemode works normal. 

Yeah. I considered nuking as well. However I am studying abroad in costa rica. Hard to get by stuff here. But I will see that I get win7 cd somehow.

Probably the safer solution.

However you handle it, backup your stuff now, while you can. Good luck!

Link to comment
Share on other sites

Hi guys.

Ok. Problem solved. 

Turned out it was actually caused by the C:\ drive having faulty bytes. So the actual winner was doing a full CHKDSK and letting it push away the faulty bytes. I'm gonna assume several system files simply got pushed on those sectors of the HDD, and well, it began to slow everything down.

Thanks for all the suggesstions! 

I did kick away AVIRA as suggested. Microsoft Security Essentials is now active. As is Zonealarm (Which I think is an ok firewall imo). Malwarebytes is around, but not as an active antivirus. Just used more as as an anti-malware. 

I get the fact that avira is crap, but why is spybot Search & Destroy bad? Aside to some of the bits of scareware blabla, it seems to do the job well. Or is "immunizing" and the scans just fake?

Link to comment
Share on other sites

they are bad in the sens they are :port targeted, and you can avoid very simply what there supposed to protect from
(& anyway most nowdays software are update :port targeted ... ... ... whatever the os ... )

anyway most antiviral malware software are :port targeted ... ... ... ... ...

avoid the cause(s), don't have to deal with the consequence mostly that ...

Edited by WinkAllKerb''
Link to comment
Share on other sites

Spybot search and destroy isn't a problem as long as you don't use the stupid real time protection they've recently added.  You just need to do a periodic scan and use it to scan any downloads you fetch.

They really need software that JUST checks if the checksums have changed (use multiple checksums it's exponentially harder to keep multiple ones the same by adding key garbage data), If they haven't there is no reason to scan them.  If the checksums have changed, then it should prompt you to scan the file.

Link to comment
Share on other sites

  • 1 month later...
On 29/4/2017 at 4:01 PM, Spraki said:

Turned out it was actually caused by the C:\ drive having faulty bytes. So the actual winner was doing a full CHKDSK and letting it push away the faulty bytes. I'm gonna assume several system files simply got pushed on those sectors of the HDD, and well, it began to slow everything down.

My advice would be to keep a close eye on this.  Look in your system logs for disk errors, run full chkdsk scans once a week for the next couple of weeks and definitely make sure you have anything important backed up.  There is a not-insignificant chance that your hard disk may be on the way out.

Link to comment
Share on other sites

On 29-4-2017 at 5:01 PM, Spraki said:

Turned out it was actually caused by the C:\ drive having faulty bytes. So the actual winner was doing a full CHKDSK and letting it push away the faulty bytes. I'm gonna assume several system files simply got pushed on those sectors of the HDD, and well, it began to slow everything down.

Be sure to check the SMART values of your hard drive to see whether something funny is going on with it. That is not a guarantee nothing is or will go wrong, but it might give you a heads-up. As always, make sure you have proper backups, which means you have at least two copies of your data on two separate drives. Having your computer break down on you is a whole lot less stressful if you know that you might have to fix some hardware, but that your files will at least be safe.

Having or appearing to have a 100% CPU load is not as rare as you would think, and can occur for a number of reasons other than malware. Checking out what exactly is going on is not a bad idea in any case :)
 

On 26-4-2017 at 6:57 AM, steve_v said:

The very first thing I (used to) do after installing Windows and the required drivers is image the disk, it makes the scorched-earth solution a whole lot less time-consuming.
Windows running slow? Nuke it. Malware? Nuke it. Bad driver or update? Nuke it. Annoyed with Windows in general? Nuke it. This approach has served me well so far. :P

With Windows 8 and higher, this is not as needed as before. They have pretty good options to restore Windows without going through a full installation again. Windows will do its thing and a fresh, restored computer appears. You will find the option in the new fangled configuration screen under Update & security > System recovery > Refresh or something similar to that.

I have walked people through this process a couple of times, since I am a big fan of letting people do it themselves instead of doing it for them, and even complete novices seem fairly comfortable with the process. Microsoft really seems to have made progress when it comes to tools that the layman can use.

Link to comment
Share on other sites

On 26-4-2017 at 6:57 AM, steve_v said:

IME the only worthwhile free AV is Microsoft Security Essentials. Everything else is scareware, bloatware, adware, or makes as many security problems as it solves.

Why would you gather that? Even though Windows Essentials is much better than it used to be and actually does a fairly decent job, there certainly are a few free and many paid options that do fare better than it. You do have to inform yourself about which option to go with - if you download just any ole solution, you might very well be disappointed.

Edited by Camacha
Link to comment
Share on other sites

3 hours ago, Camacha said:

Why would you gather that?

Perhaps I should have said "everything else that I have seen".
My current arch nemesis (and chosen example) is AVG free, which certain people keep reinstalling after I remove it...
Resource hog? Check.
Nagware popups? Check.
Scareware popups? Check.
Browser toolbar: Check.
Doesn't have ads though... Except ads for the paid version of AVG. So, adware: Check.

As for creating security issues, if you keep up with the news on emerging exploits, there have been several nasty issues found in both free and paid AV products recently. Such as unpacking potential malware in kernel space with ring0 privileges, and laughably insecure update mechanisms. Then of course there's the utterly idiotic "feature" of intercepting SSL and messing with certificates.

if you can point me at a free AV product with no nag (upgrade to premium) popups, no scareware (everyone can see what you do on the internet!) "alerts", no "PC tuneup" interruptions, and no browser toolbars - essentially nothing but unobtrusive antivirus, and one that doesn't do moronic things like flog the disk to death scanning a 100G VM image while I'm trying to work... Maybe I'll recommend that instead.

 

AV is the ambulance at the bottom of the cliff anyway. You shouldn't be acquiring infected files to begin with.

Edited by steve_v
break up dem lines
Link to comment
Share on other sites

3 hours ago, Camacha said:

With Windows 8 and higher, this is not as needed as before. They have pretty good options to restore Windows without going through a full installation again. Windows will do its thing and a fresh, restored computer appears.

Does that actually replace all the system files though? I'm not sure I'd trust such a thing to remove e.g. an entrenched malware infection. I do like my destroyer of disks, for its complete obliteration...

Eh? that's odd. This automerge thing is a fickle beast.

Edited by steve_v
Link to comment
Share on other sites

20 minutes ago, steve_v said:

As for creating security issues, if you keep up with the news on emerging exploits, there have been several nasty issues found in both free and paid AV products recently. Such as unpacking potential malware in kernel space with ring0 privileges, and laughably insecure update mechanisms. Then of course there's the utterly idiotic "feature" of intercepting SSL and messing with certificates.[/]

Obviously, more attack surface can create attack vectors and some antivirus products have indeed shown to create issues where there were none before. However, there are some counter arguments to be brought :) Windows Essentials is the most common line of defence to overcome, so virus makers will likely have found a way to deal with it. That this is not just theory, as recent malware made use of a similar unpacking vulnerability in Windows Defender, allowing users to run code on a system without user input.
 

20 minutes ago, steve_v said:

if you can point me at a free AV product with no nag (upgrade to premium) popups, no scareware (everyone can see what you do on the internet!) "alerts", no "PC tuneup" interruptions, and no browser toolbars - essentially nothing but unobtrusive antivirus, and one that doesn't do moronic things like flog the disk to death scanning a 100G VM image while I'm trying to work... Maybe I'll recommend that instead.

AV is the ambulance at the bottom of the cliff anyway. You shouldn't be acquiring infected files to begin with.

If I am to believe people who are in the know, Panda Antivirus Free does a better job than a lot of paid products. I have installed this product with and for people, and they seem to be happy. I agree with you that some products are outright obnoxious. A lot of 'free' versions that come with new computers tend to be fairly horrible in this regard.

The last scentence is true, but as is always the case with security, you are wise to have multiple layers in place. The user is the most important part of the equation, but it helps to have a few safeguards in place if he fails.
 

29 minutes ago, steve_v said:

Does that actually replace all the system files though? I'm not sure I'd trust such a thing to remove e.g. an entrenched malware infection. I do like my destroyer of disks, for its complete obliteration...

It is fairly rigourous for sure. With hashing and other technological tricks, you can be pretty sure you have the original files at hand. Of course, obliterating disks is no guarantee either, since malware could be nesting in firmware, the BIOS and in other places it is almost impossible to detect or get out of. The only way to be absolutely sure is to replace the hardware.

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...