Windows 8 and 8.1 Forums

svchost.exe causing random CPU 100%

  1. #11

    Posts : 8
    Windows 8.1

    Quote Originally Posted by hydranix View Post
    Quote Originally Posted by bestuck View Post
    Well, thank you very very much, again. It took two scans of malwarebytes and a full scan of avast free to finally remove it. Still, to be safe I'm going to format it soon.

    On a side note: I don't pirate software at all. Nor do I pirate games. I play about three games, and they are all from Steam. I do pirate movies and tv shows, so it must have come from there, which is very strange because I always check that they are only movie files.
    Not meant as an accusation, sorry.

    Like I said, there are numerous ways to be infected by this type of malware.
    Oh I didn't take it as an insult don't worry!

    Just out of curiosity for anyone reading, I think it was an ad-block extension for my browser looking at the report from malwarebytes (which prevented chrome from updating, but since I use firefox I didn't notice).

    Malwarebytes Anti-Malware

    Scan Date: 08/07/2015
    Scan Time: 11:14:16 p.m.
    Logfile: malwarebytes scan.txt
    Administrator: Yes

    Malware Database: v2015.07.08.08
    Rootkit Database: v2015.07.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Emiliano

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 350461
    Time Elapsed: 9 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    Trojan.Agent, C:\Windows\Temp\lsass.exe, 3296, , [5dfb17c838527fb79aef95bc1be91ce4]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 5
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [6cec1dc236540e28acc9d8b4b1538878],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [d58323bc6b1f01358ce9eaa20ef6db25],
    PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, , [98c0736c5c2e81b53129038dc73d14ec],
    PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, , [64f4954af8923303abaf652be222748c],
    PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, , [d3858b544f3b81b5f765d2be36ceac54],

    Registry Values: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [6cec1dc236540e28acc9d8b4b1538878]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [d58323bc6b1f01358ce9eaa20ef6db25]

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m\content, , [12464d926f1bbb7bd02fbfc454b024dc],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m, , [12464d926f1bbb7bd02fbfc454b024dc],
    PUP.Optional.BlockTheAds.A, C:\ProgramData\Block The Ads, , [ce8a8956d0ba6bcb193cb33ec63c21df],

    Files: 13
    PUP.Optional.MultiPlug.Uns, C:\ProgramData\Block The Ads\Block The Ads.exe, , [1741d50afd8d4bebf409db97cf33c23e],
    Trojan.BitcoinMiner, C:\Windows\Temp\svchost.exe, , [e276ffe01c6ecc6ab084257bfb096997],
    PUP.Optional.AppDataFR.A, C:\Users\Emiliano\AppData\Roaming\appdataFr3.bin, , [b7a1f2edacde44f2d78104fac83a718f],
    Trojan.Agent, C:\Windows\Temp\lsass.exe, , [5dfb17c838527fb79aef95bc1be91ce4],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1\lsdb.js, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1\background.html, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1\content.js, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1\icjNfJTA.js, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihnapmdpedhlihabmbcmkjhglphhch\1.1\manifest.json, , [aaae58875b2f979f678ab1d29c68b14f],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m\content\bg.js, , [12464d926f1bbb7bd02fbfc454b024dc],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m\bootstrap.js, , [12464d926f1bbb7bd02fbfc454b024dc],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m\chrome.manifest, , [12464d926f1bbb7bd02fbfc454b024dc],
    PUP.Optional.MultiPlug.A, C:\Users\Emiliano\AppData\Roaming\Mozilla\Firefox\Profiles\z5cv4ozt.default\extensions\ m\install.rdf, , [12464d926f1bbb7bd02fbfc454b024dc],

    Physical Sectors: 0
    (No malicious items detected)


      My System SpecsSystem Spec

  2. #12

    Looks like you downloaded some freeware and agreed to the installation of free adware as well. It installed itself into both browsers.

    However, the PUPs you have there typically aren't related to bitcoin miners, but I wouldn't put it passed them.

    Be very careful what you install on your computer.

    Be even more careful of what you agree to by leaving a programs installation phase at it's defaults.
      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12
svchost.exe causing random CPU 100%
Related Threads
I have an issue that at times my computer gets all laggy(using all the resources) where a single action takes a lot of time to perform. So I opened my Task Manager and under processes I constantly see that this problem originates from the svchost consuming all available memory, that is, if I was...
57780 here is my file-- Hi, I followed the steps on the upload the files section, so that is what I have done above there as that is the zip file it created. I am not sure what is causing this issue, nor do I know how to look for the advanced details request to provide the systems Specs, or...
Is svchost is a malware? in System Security
The free version of AVAST identified svchost.exe in C:\Windows\System32 as a malware, but some articles on internet state it is not a malware. Is svchost.exe in that location really a malware?
Well the title pretty much says it all, after updating to 8.1 from 8, svchost.exe is using a massive amount of my bandwidth. I know svchost.exe is a collection of services, but what I want to know is how I can figure out what specifally is using up all my bandwidth. I did make sure to disable...
random memory errors causing bsod in BSOD Crashes and Debugging
my new machine is bsod at least twice a day, often with the error memory management attached are the zipped files from the diagnostic toll
Help for svchost in User Accounts and Family Safety
Hi, I have a few days one problem with svchost.exe. Can you help me please?
Problem with svchost in Software and Apps
So uh... I'm using my computer for many hours... and finally notice that I am using 4GB of RAM... on idle. 2653 Everything seems to be running as normal... Any ideas at what this could be? Edit: I tried to create a dump but it was taking too long, so I cancelled it, and noticed that the same...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook