Jump to content

Random process using 30% of CPU

Wano97
By Wano97
in Troubleshooting
 Share
Posted

I was wondering what this "Microsoft (32 bits)" process actually does? As far as I'm aware, I've never encountered this until recently. It runs when I start up my PC, and doesn't show up anymore after I close the process until next restart. It constantly uses 25-30% of my CPU until I close it.

 

xZcLx22.png

Link to comment
https://linustechtips.com/topic/392193-random-process-using-30-of-cpu/
Share on other sites
Link to post
Share on other sites
Posted

I was wondering what this "Microsoft (32 bits)" process actually does? As far as I'm aware, I've never encountered this until recently. It runs when I start up my PC, and doesn't show up anymore after I close the process until next restart. It constantly uses 25-30% of my CPU until I close it.

 

 

I don't have that process, could it be a virus?

"We're all in this together, might as well be friends" Tom, Toonami.

 

mini eLiXiVy: my open source 65% mechanical PCB, a build log, PCB anatomy and discussing open source licenses: https://linustechtips.com/topic/1366493-elixivy-a-65-mechanical-keyboard-build-log-pcb-anatomy-and-how-i-open-sourced-this-project/

 

mini_cardboard: a 4% keyboard build log and how keyboards workhttps://linustechtips.com/topic/1328547-mini_cardboard-a-4-keyboard-build-log-and-how-keyboards-work/

Link to post
Share on other sites
Posted

Probably a miner virus, Otherwise it would not be that heavy.

My Gaming PC

|| CPU: Intel i5 4690@4.3Ghz || GPU: Dual ASUS gtx 1080 Strix. || RAM: 16gb (4x4gb) Kingston HyperX Genesis 1600Mhz. || Motherboard: MSI Z97S Krait edition. || OS: Win10 Pro
________________________________________________________________

Trust me, Im an Engineer

Link to post
Share on other sites
Posted

reinstall windows

You've been compromised. Or just use the Malwarebytes rootkit scanner

Nude Fist 1: i5-4590-ASRock h97 Anniversary-16gb Samsung 1333mhz-MSI GTX 970-Corsair 300r-Seagate HDD(s)-EVGA SuperNOVA 750b2

Name comes from anagramed sticker for "TUF Inside" (A sticker that came with my original ASUS motherboard)

Link to post
Share on other sites
Posted

That's what I was wondering, but avast or malwarebytes didn't seem to find any.

With "I've never encountered this until recently." do you mean that you saw it today first or since this week or so?

"We're all in this together, might as well be friends" Tom, Toonami.

 

mini eLiXiVy: my open source 65% mechanical PCB, a build log, PCB anatomy and discussing open source licenses: https://linustechtips.com/topic/1366493-elixivy-a-65-mechanical-keyboard-build-log-pcb-anatomy-and-how-i-open-sourced-this-project/

 

mini_cardboard: a 4% keyboard build log and how keyboards workhttps://linustechtips.com/topic/1328547-mini_cardboard-a-4-keyboard-build-log-and-how-keyboards-work/

Link to post
Share on other sites
Posted
  • Author

reinstall windows

You've been compromised. Or just use the Malwarebytes rootkit scanner

 

 

Probably a miner virus, Otherwise it would not be that heavy.

 

 

i dont either virus confirmed

 

 

1 - I don't have it, either.

2 - That's the icon a lot of encrypters use.

Probably a virus.

Looking through my startup processes:

lfQ0Q5k.png

 

Checking where it's located:

DPrz1hI.png

Isn't it possible to delete this?

 

@Minibois Like 1-2 weeks ago

 

Edit: Malwarebytes seems to find those files once again, but with different paths.

 

wAu7GCj.png

Link to post
Share on other sites
Posted

looks like it's time for a clean install of Windows

Please spend as much time writing your question, as you want me to spend responding to it.  Take some time, and explain your issue, please!

Spoiler

If you need to learn how to install Windows, check here:  http://linustechtips.com/main/topic/324871-guide-how-to-install-windows-the-right-way/

Event Viewer 101: https://youtu.be/GiF9N3fJbnE

 

Link to post
Share on other sites
Posted
  • Author

Lol, downloading dodgy software?

 

TBH, Windows 8.1 is so quick to install now that I would just do a format/install of the OS.

 

I don't download dodgy software but I've recently accepted some random file from a guy on skype, that might be it.

looks like it's time for a clean install of Windows

Looks like it... I just did one 3-4 weeks ago though

Link to post
Share on other sites
Posted
  • Author

Out of pure curiosity, what is in the cdkeys.txt file? (if it's what I think it is, whoever made this isn't the best)

Do you recognise anything in the file?

It shows random games and software, so yes:

Need for Speed Carbon :
Need For Speed Hot Pursuit 2 :
Need for Speed Most Wanted :
Need for Speed ProStreet :
Need For Speed Underground :
Need for Speed Underground 2 :
Medieval II Total War : 
Adobe Goolive : 
Nero 7 : Splinter Cell Pandora Tomorrow : 
Splinter Cell Chaos Theory : 
Call of Duty : 
Call of Duty United Offensive : 
Call of Duty 2 : 
Call of Duty 4 : 
Call of Duty WAW : 
Dawn of War : 
Dawn of War - Dark Crusade : 
Dawn of War - Dark Crusade : 
Dawn of War - Dark Crusade : 
ACDSystems PicAView : 
Act of War : 
Adobe Photoshop 7 :
Advanced PDF Password Recovery :
Advanced PDF Password Recovery Pro :
Advanced ZIP Password Recovery :
Battlefield Vietnam
Black and White
Black and White 2 :
Boulder Dash Rocks :
Burnout Paradise :
Anno 1701 :
Ashamopp WinOptimizer Platinum :
AV Voice Changer :
Battlefield(1942) :
Battlefield 1942 Secret Weapons of WWII :
Battlefield 1942 The Road to Rome :
Battlefield 2 :
Battlefield(2142) :
Camtasia Studio 6(Name) :
Camtasia Studio 6(Key) :
Chrome :
Codec Tweak Tool :
Command and Conquer Generals :
Command and Conquer Generals Zero Hour :
Red Alert 2 :
Red Alert :
Command and Conquer Tiberian Sun :
Command and Conquer 3 :
Command and Conquer 3 :
Company of Heroes :
Company of Heroes :
Counter-Strike :
Crysis :
PowerDVD :
PowerBar :
CyberLink PowerProducer :
Day of Defeat :
The Battle for Middle-earth II :
The Sims 2 :
The Sims 2 University :
The Sims 2 Nightlife :
The Sims 2 Open For Business :
The Sims 2 Pets :
The Sims 2 Seasons :
The Sims 2 Glamour Life Stuff :
The Sims 2 Celebration Stuff :
The Sims 2 H M Fashion Stuff :
The Sims 2 Family Fun Stuff :
DVD Audio Extractor (Name) :
DVD Audio Extractor (Serial) :
Empire Earth II :
F.E.A.R :
F-Secure :
FARCRY :
FARCRY 2 : 
FIFA 2002 :
FIFA 2003 :
FIFA 2004 :
FIFA 2005 :
FIFA 07 :
FIFA 08 :
Freedom Force :
Frontlines: Fuel of War Beta :
Frontlines: Fuel of War :
GetRight :
Global Operations :
Gunman :
Half-Life :
Hellgate: London :
Hidden & Dangerous 2 :
IGI 2 Retail :
InCD Serial :
InCD Username :
IG2 :
iPod Converter (Registration Code) :
iPod Converter (User Name) :
James Bond 007 Nightfire :
Status Legends of Might and Magic :
Macromedia Flash 7 :
Macromedia Fireworks 7 :
Macromedia Dreamweaver 7 :
Madden NFL 07 :
Matrix Screensave :
Medal of Honor Airborne :
Medal of Honor: Airborne :
Medal of Honor: Allied Assault :
Medal of Honor: Allied Assault: Breakthrough :
Medal of Honor: Allied Assault: Spearhead :
Medal of Honor: Heroes 2 :
mIRC :
Nascar Racing 2002 :
Nascar Racing 2003 :
NHL 2002 :
NBA LIVE 2003 :
NBA LIVE 2004 :
NBA LIVE 07 :
NBA Live 08 :
Nero - Burning Rom :
Nero 7 :
Nero 8 :
NHL 2002 :
NHL 2003 :
NHL 2004 :
NHL 2005 :
NOX :
Numega SmartCheck :
OnlineTVPlayer (Name) :
OnlineTVPlayer (Serial) :
O&O Defrag 8.0 (Username) :
O&O Defrag 8.0 (Company) :
O&O Defrag 8.0 (Serial) :
Partition Magic 8.0 :
Passware Encryption Analyzer (Name) :
Passware Encryption Analyzer (License) :
Passware Encryption Analyzer (Serial) :
Passware Windows Key (License) :
Passware Windows Key (Name) :
Passware Windows Key (Serial) :
PowerDvD :
PowerStrip :
Pro Evolution Soccer 2008 :
Rainbow Six III RavenShield :
Shogun Total War Warlord Edition :
Sid(Meier) 's Pirates! :
Sid(Meier) 's Pirates! :
Sim City 4 Deluxe :
Sim City 4 :
Sniffer Pro 4.5 :
Soldiers Of Anarchy :
Soldiers Of Anarchy :
Stalker - Shadow of Chernobyl :
Star Wars Battlefront II (v1.0) :
Star Wars Battlefront II (v1.1) :
Steganos Internet Anonym VPN :
Splinter Cell Pandora Tomorrow :
Surpreme Commander :
S.W.A.T 2 :
S.W.A.T 3 :
S.W.A.T 4 :
TechSmith SnagIt (Name) :
TechSmith SnagIt (Name) :
TechSmith SnagIt (Serial) :
Texas Calculatem 4 (Owner) :
Texas Calculatem 4 (Owner) :
The Battle for Middle-earth :
The Orange Box :
The Orange Box :
TMPGEnc DVD Author :
TuneUp 2007 (Name) :
TuneUp 2007 (Key) :
TuneUp 2007 (Company) :
TuneUp 2008 (Name) :
TuneUp 2008 (Key) :
TuneUp 2008 (Company) :
TuneUp 2009 (Name) :
TuneUp 2009 (Key) :
TuneUp 2009 (Company) :
Winamp (Username) :
Winamp (Serial) :Orange Box :
Pes 2008 :
Mirc Username :Mirc Serial :
Fifa 2002 :
Fifa 2003 :
Fifa 2004 :
Fifa 2005 :
Fifa 2007 :
Fifa 2008 :
Far Cry :
Far Cry 2 :
F.E.A.R :
Cyberlink PowerBAR :
Cyberlink PowerDVD :
Camtasia Username :Password :
The Sims 3 :
The Sims 2 :
The Sims Fun Family Stuff :
Battlefield 2 - Special Forces :
The Sims Glamour Life Stuff :
The Sims NightLife :
Nero 5 & 6 :
Nero 7 :
Nero 8 :
Nero 9 :
The Sims 2 Open For Bussines :
Bully Scholarship Edition Bully Scholarship Edition :
Transformers 2 - Revenge of the Fallen :
The Sims 2 Univeristy :
MirrorsEdge™ :
DeadSpace :
Spore :
FIFA 09 :
PES 2009 :
Call of Duty :
Call of Duty 2 :
Call of Duty 4 :
Call of Duty 5 :
Half Life 1 :
Halo :
Counter Strike 1.6 :
Serial Key of Microsoft Windows 8.1 :
GTA IV Serial Key :
CamTasia7 UserName :
CamTasia7 Serial:
FIFA10 :
TuneUp2010(UserName) :
TuneUp2010(Key) :

 

what they said, a clean install really does not take much time anymore, so do it! especcially seeing it taking a lot of boot time!

Yeah I might do that

Link to post
Share on other sites
Posted

Snip

Yup, trying to get your CD keys from the registry. No idea why it is using 30% of the CPU.

 

TBH judging by the fact they called the file cdkeys (not even obvious) and they used a standard write (writing in binary would of made it non-human readable), I'm guessing this was some guys attempt at a virus. Also I hate explaining viruses but you can also catch SIGINT and do nothing which would mean you would be unable to close it.

Link to post
Share on other sites
Posted
  • Author

Yup, trying to get your CD keys from the registry. No idea why it is using 30% of the CPU.

 

TBH judging by the fact they called the file cdkeys (not even obvious) and they used a standard write (writing in binary would of made it non-human readable), I'm guessing this was some guys attempt at a virus. Also I hate explaining viruses but you can also catch SIGINT and do nothing which would mean you would be unable to close it.

Won't a simple malwarebytes rootscan etc be enough? Is a full reinstall of the OS necessary?

Link to post
Share on other sites
Posted
  • Author

If you delete the files, do they come back?

If so, check %programdata% for anything unusual, I've seen quite a few virus try hide there.

I ran malwarebytes over it and the file is gone now from task manager and nothing odd seems to appear on startup.

Link to post
Share on other sites
Posted

I don't download dodgy software but I've recently accepted some random file from a guy on skype, that might be it.

Looks like it... I just did one 3-4 weeks ago though

http://linustechtips.com/main/topic/324871-guide-how-to-install-windows-the-right-way/ follow this guide, it will help

Please spend as much time writing your question, as you want me to spend responding to it.  Take some time, and explain your issue, please!

Spoiler

If you need to learn how to install Windows, check here:  http://linustechtips.com/main/topic/324871-guide-how-to-install-windows-the-right-way/

Event Viewer 101: https://youtu.be/GiF9N3fJbnE

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×