Computer help needed, possible virus, trojan or other malware...

Nathan_F · 09-23-2006, 12:59 PM

I am having a problem with my home machine where the process called "System" in task manager is suddenly using 20% (occasionally 50%) of the CPU. This is causing hiccups during gaming. I assumed this was a virus of some sort, but have not had luck detecting it. I use AVG for anti-virus, and run an update and scan every day. I use Sygate for firewall, and Adaware and Spybot as the final pieces of my "security" suite. Reading some other posts here, I have also run/done the following:

Microsoft Malware Removal Tool: nothing found
Ewido: 2 viruses found and removed
SpywareBlaster: nothing
Microsoft Defender: 1 item found and deleted
Jave Runtime Engine: latest build installed and old items in the cache were deleted

I have also posted my Hijack this logs to the tomcoyote forums, but have not heard anything back yet. Seems there is a bit of a backlog over there.

Any thoughts?

Thanks,
Nathan

Harold Wazzu · 09-23-2006, 02:26 PM

Here's something else you can try: http://housecall.trendmicro.com/

Keith Plucker · 09-23-2006, 10:11 PM

You seem to have all the standard bases covered. You might try using the programs you mentioned in safe mode to run their scans if they allow for that.

You could also try some of the other virus companies' products. Such as Panda, Kaspersky and Nod32. They all allow you to download and use their programs for 30 days so you can easily try out their products.

Of course, there is always the dreaded OS reinstall.

-Keith

Paul_Sjordal · 09-23-2006, 10:27 PM

It might not be a virus. There are lots of legitimate processes that might list as "system" in your process list. You could have a driver flaking out or need to reinstall an application.

PS -- when was the last time you did the old tabula rasa routine on your hard drive?

Nathan_F · 09-24-2006, 09:13 AM

I didn't mention above, but all scans above were in safe mode.

I have tried housecall, but it just closes IE at some point.

I have not ever reimaged.. don't want to have to, I can't imagine the carnage.

Any idea "why" some legitimate process would kick off every 4 seconds and consume 20% of the CPU?

**HTF Ads**

Paul_Sjordal · 09-24-2006, 10:27 AM

Nope, but if that's the case, tabula rasa (wiping the HD and reinstalling everything) might clear it up.

Mike Fassler · 09-24-2006, 01:30 PM

Quote:

Originally Posted by Nathan_F

Any idea "why" some legitimate process would kick off every 4 seconds and consume 20% of the CPU?

I guess I have to ask how long you've been using the pc with this install of windows? It is totaly possible if its been a while that something may have gotten corrupted or something, Id also recommend that if you really must use IE
install SpywareBlaster and or since you have adaware installed use the adwatch function that will prevent if not totally stop any spyware etc from being installed in the first place. Also when those programs you used removed the virii you said it found it could have removed something legit too or maybe something in the registery is messed.

Nathan_F · 09-24-2006, 08:31 PM

I've been running this install of Windows for 2 years now, since the computer was new. I have never had to re-install an OS, and the prospect scares me to death. Digging up all the disks for software and/or downloading other tools... trying to match up id keys... latest drivers for everything... it took me 2 months to get this machine running after I received because of the botched job that the vendor performed putting it together. Then if I do all that, and reinstall Windows... I still run the risk that the data that I will be restoring is part of the corruption, and have to just lose that data.

Mike Fassler · 09-25-2006, 10:35 AM

well you could always put your windows disk in there and try running a repair on the installation,just incase something did get borked you would be back up in no time.

read this awesome article on how to non-destructively repair windows xp

http://www.informationweek.com/share...leID=189400897

Kimmo Jaskari · 09-25-2006, 02:04 PM

You could also burn a bootable CD (preferrably on some other machine) and use that to run the virus and malware scans. Safe mode is better than nothing, but to be truly sure that no nasty bug manages to hide one should always boot from some other medium. A CD is good because it's easy and because once burned, nothing else can infect it.

Making a boot CD isn't hard and it is something every windows user might benefit from having laying around in case of troubles. http://www.ubcd4win.com/ is one option (one must also have a Windows XP disc, preferrably with SP2 integrated.)

Nathan_F · 09-25-2006, 02:20 PM

Mike-- If my disk version is SP1, and I have SP2, can I still do the repair option?

Kimmo-- same question.. except change repair to boot disk... unfortunately I do not have another machine with XP Home installed either. If I were to create a boot disk, it would have to be from the (possibly) corrupt machine.

I'm still hoping someone over at tomcoyote sees something in my Hijack log that miraculously cures the problem. I also have several other tools that I have downloaded (see Keith's post above), that I am trying to get installed and run to maybe catch the issue.

Thanks again for everyone's help!

Kimmo Jaskari · 09-25-2006, 02:28 PM

You can copy the contents from the XP CD to the hard drive and then do a process called slipstreaming of the SP2. Essentially, you add SP2 to the XP files on the hard drive and then have an XP with SP2 integrated. That can then be burned back to a CD (with some tinkering to make it bootable) or used to create the boot cd I mention above. The process is described on the web page.

Creating the boot cd on the possibly infected machine is not the best idea. You might conceivably wind up with a CD that can infect any machine you boot it from.

You might be better off downloading the Linux-based Ultimate Boot Cd from http://www.ultimatebootcd.com and burning that iso file directly. It includes among other things several virus scanners.