Hi, first off thanks for any help and i appreciate you guys taking the time to read this.
Amd Phenom II x4 B55 BE, 4gb ram, 2 1tb hdd, 1 250gb external, win7 prof. 64-bit, running kaspersky now. Was using avast prior to problem.
Ok to the problem: Unusual or perhaps just new memory usage being high (cpu usage just fine)
Direct cause: svchost.exe (system, pid 888) to be exact
Possible Indirect Cause: Virus (most notably the fakeAV trojan)
Ok, so i got the fakeAV trojan last night late. I have i believe cleaned it completely, still running a few last scans to check, then rerunning a few in safe mode, but so far everything has come back clean lately. (at least each program once clean, usually multiple).
So what this virus does is install a fake av pop up, which of course didn't click and a program called arc.exe (which runs in task manager as microsoft 8 direct blah blah bull) and downloads trojans.
So I manually deleted (end process tree, file location, delete, it was in a temp folder) the arc.exe (which was the fake anti-virus pop up blocking me from accessing anything on my computer), but it damaged the registry and I could no longer execute any .exe files, open any programs, or install anything. I did the manual delete etc etc in safe mode with networking.
So out of necessity I restored the computer to a week ago to fix the registry/file access issue to be able to get av software etc etc.
(I also deleted all the temp folders, prefetch (it had a lot of download instances of the trojan for the arc.exe file) and a few spot files i knew were bad (i keep close tabs on what I've put on my computer when, and using search modified and looking at date created, deleted a few folders and such that were no good).
Then started to run the scans:
So I ran:
AVG (caught alot, twice clean)
AVIRA (caught some, twice clean)
Ad-Adware (caught some cookies and other things, thrice clean)
Malwarebytes (caught alot/most of it, thrice clean)
spybot s&d (ran clean)
CC Cleaner (clean, some stuff cleaned up, currently wiping free space to be extra careful)
Uninstalled all above besides malwarebytes and CC Cleaner.
Installed Kaspersky Internet Suite (full legimate copy i had, was saving it for a build later, but thought might as well) after all the clean scans besides CC Cleaner, found one more instance of the fakeAV. Then ran 3 full clean scans.
So onto the issue at hand. Ever since I got the virus under control, well seemingly under control (still making sure) my ram usage has become abnormally high (about 30-35 % when computer is 'idle'), when it was about maybe....12 or less before that. Now at first i assumed this was avg, cause i have had issues with it hogging system resources before. But the problem persists even after uninstalling AVG and installing Kaspersky instead.
So the process using the memory (or the abnormal amount) is one of the svchost.exe, more specifically the one with superfetch in it, pid 888.
Now, I did delete the prefetch folder and a whole lot of temp files (from almost every temp folder in win7) which I know means alot of programs have to be reset to load quickly etc etc using more system resources. However, I just want to double check that everything running under that svchost is legit.
Here's a pic of the process tree, and whats running.
Uploaded with ImageShack.us
you'll probably have to go to imageshack and then click on the image to be able to read it, thank you tho.
Amd Phenom II x4 B55 BE, 4gb ram, 2 1tb hdd, 1 250gb external, win7 prof. 64-bit, running kaspersky now. Was using avast prior to problem.
Ok to the problem: Unusual or perhaps just new memory usage being high (cpu usage just fine)
Direct cause: svchost.exe (system, pid 888) to be exact
Possible Indirect Cause: Virus (most notably the fakeAV trojan)
Ok, so i got the fakeAV trojan last night late. I have i believe cleaned it completely, still running a few last scans to check, then rerunning a few in safe mode, but so far everything has come back clean lately. (at least each program once clean, usually multiple).
So what this virus does is install a fake av pop up, which of course didn't click and a program called arc.exe (which runs in task manager as microsoft 8 direct blah blah bull) and downloads trojans.
So I manually deleted (end process tree, file location, delete, it was in a temp folder) the arc.exe (which was the fake anti-virus pop up blocking me from accessing anything on my computer), but it damaged the registry and I could no longer execute any .exe files, open any programs, or install anything. I did the manual delete etc etc in safe mode with networking.
So out of necessity I restored the computer to a week ago to fix the registry/file access issue to be able to get av software etc etc.
(I also deleted all the temp folders, prefetch (it had a lot of download instances of the trojan for the arc.exe file) and a few spot files i knew were bad (i keep close tabs on what I've put on my computer when, and using search modified and looking at date created, deleted a few folders and such that were no good).
Then started to run the scans:
So I ran:
AVG (caught alot, twice clean)
AVIRA (caught some, twice clean)
Ad-Adware (caught some cookies and other things, thrice clean)
Malwarebytes (caught alot/most of it, thrice clean)
spybot s&d (ran clean)
CC Cleaner (clean, some stuff cleaned up, currently wiping free space to be extra careful)
Uninstalled all above besides malwarebytes and CC Cleaner.
Installed Kaspersky Internet Suite (full legimate copy i had, was saving it for a build later, but thought might as well) after all the clean scans besides CC Cleaner, found one more instance of the fakeAV. Then ran 3 full clean scans.
So onto the issue at hand. Ever since I got the virus under control, well seemingly under control (still making sure) my ram usage has become abnormally high (about 30-35 % when computer is 'idle'), when it was about maybe....12 or less before that. Now at first i assumed this was avg, cause i have had issues with it hogging system resources before. But the problem persists even after uninstalling AVG and installing Kaspersky instead.
So the process using the memory (or the abnormal amount) is one of the svchost.exe, more specifically the one with superfetch in it, pid 888.
Now, I did delete the prefetch folder and a whole lot of temp files (from almost every temp folder in win7) which I know means alot of programs have to be reset to load quickly etc etc using more system resources. However, I just want to double check that everything running under that svchost is legit.
Here's a pic of the process tree, and whats running.
Uploaded with ImageShack.us
you'll probably have to go to imageshack and then click on the image to be able to read it, thank you tho.