[SOLVED] I think I have a malware and I don't know to remove it.

[VedantLohia123]

So I recently installed a program from a dodgy site and found that a new program called qemu machine control was running on task manager. I realised that this was a malware and removed it by going to regedit and ctrl + f finding and deleting all of its files. I then realised that this didnt do anything because my computer fan was still firing up while idle so I got malwarebytes and did a scan. It came back clean. I then did an offline scan with avast and found the trojans and put them into the chest. I did yet another scan afterwards with hitman and ESET and they came back clean. However, I still notice that whenever I open my task manager it shoots to 100 and then drops back down to around 10 percent. Is this normal? I run an acer predator laptop and the average cpu temp is roughly 90 degrees celsisus. I've had it for around 3 years now and I am sort of inclined to say it is a thermal paste issue but I'm now very paranoid.

 

[mangaman]

Download Kaspersky's one time scan tool and see if anything pops up. The one time scan tool is not a real time anti-virus, but instead it just scans for remnants left behind from malware programs and stuff not detected by ant-viruses. If you are still having problems, you can always go back to a restore point before installing the software.

Also, the task manager shooting up to 100% then back down is normal. I highly recommend you download ProcessExplorer from Microsoft's official website. It will tell you all of the processes currently running on your system. It will also send a hash of the running processes to VirusTotal, and determines if the signer is verified. Running it with admin rights is recommended, so it can scan all running processes.

Regarding your temps, you need to clean the old thermal paste and install new thermal paste, if the temps are that high. If those temps are under 100% load, then you can probably get away with not installing the new thermal paste for awhile. If those Temps are under idle or around 50%, then you need to install the new paste right away.

Hope this helps you out!

 

[VedantLohia123]

Download Kaspersky's one time scan tool and see if anything pops up. The one time scan tool is not a real time anti-virus, but instead it just scans for remnants left behind from malware programs and stuff not detected by ant-viruses. If you are still having problems, you can always go back to a restore point before installing the software.

Also, the task manager shooting up to 100% then back down is normal. I highly recommend you download ProcessExplorer from Microsoft's official website. It will tell you all of the processes currently running on your system. It will also send a hash of the running processes to VirusTotal, and determines if the signer is verified. Running it with admin rights is recommended, so it can scan all running processes.

Regarding your temps, you need to clean the old thermal paste and install new thermal paste, if the temps are that high. If those temps are under 100% load, then you can probably get away with not installing the new thermal paste for awhile. If those Temps are under idle or around 50%, then you need to install the new paste right away.

Hope this helps you out!

Thanks very much for the reply. I'm fairly certain I don't have malware or a virus becuase I've run an offline scan, run MalwareBytes, HitmanPro, ESET and now Kaspersky. The only issue that I'm confused about now is that my fan is in general very loud even on very low CPU usage like 5% and 10%. I'm not sure if this is because I haven't replaced the thermal paste in 3 years or that I haven't got my fan cleaned in about 8 months. This is what's making me paranoid as it may be because of a miner but the CPU percentage is always normal from what I see. It's never really high on idle or even on playing games. What's bugging me even more is that ever since I got that malware and "removed it" it's either the case that my fan has become very loud or it always has been and I just haven't realised it until now. What do you think is the most likely scenario? Again, thank you so much for your reply.

 

[mangaman]

If it was a miner, then the virus programs would have picked it up. Can you confirm your temps with a program such as RealTemp or MSI afterburner? Your CPU is probably thermal throttling.

Also, you probably just noticed the high fan spin after you got the malware. I don't know the exact physiological term for it, but you've became more aware of your surroundings after the malware incident. It's best just to stay claim and not get too worked up over it.

 

[VedantLohia123]

If it was a miner, then the virus programs would have picked it up. Can you confirm your temps with a program such as RealTemp or MSI afterburner? Your CPU is probably thermal throttling.

Also, you probably just noticed the high fan spin after you got the malware. I don't know the exact physiological term for it, but you've became more aware of your surroundings after the malware incident. It's best just to stay claim and not get too worked up over it.

So it averages around 70-80 degrees celsius on idle and it can go up to temperatures of 90 degrees when under load and sometimes even on idle. Predator Sense is saying my CPU temp is 77 to 91 whereas Real Temp is saying values a bit lower in the 69-72 range.

 

[mangaman]

So it averages around 70-80 degrees celsius on idle and it can go up to temperatures of 90 degrees when under load and sometimes even on idle. Predator Sense is saying my CPU temp is 77 to 91 whereas Real Temp is saying values a bit lower in the 69-72 range.

Ya, you need to change that paste ASAP! Normal idle temps should be between 20-40c with 10% or lower CPU usage. That is why your CPU fans are spinning up. You CPU is also thermal throttling itself to prevent damage to the die. Also clean for any dust that is in your case and on any heat-sinks.

Do that and your temps should be around 20-40c.

 

[mdd1963]

Many crytpominers instantly suspend themselves when task manager is opened; if the usage, fan speed and temps drop whenever task manager is opened, I'd be very concerned of a hidden miner.....

Leave task manager closed, and look at processes running via process explorer...
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

[VedantLohia123]

Ya, you need to change that paste ASAP! Normal idle temps should be between 20-40c with 10% or lower CPU usage. That is why your CPU fans are spinning up. You CPU is also thermal throttling itself to prevent damage to the die. Also clean for any dust that is in your case and on any heat-sinks.

Do that and your temps should be around 20-40c.

Thank you for your reply seriously. I'll make sure to do that ASAP. For now I'm just putting my laptop into power save mode with the maximum processor thing at 70%. That seems to be a temporary fix until I can it cleaned.

 

[VedantLohia123]

Many crytpominers instantly suspend themselves when task manager is opened; if the usage, fan speed and temps drop whenever task manager is opened, I'd be very concerned of a hidden miner.....

Leave task manager closed, and look at processes running via process explorer...
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Process Explorer didn't really show anything and I've already ran my computer through 2 offline scans, Hitman Pro, Rogue Killer, Avast, Kaspersky and ESET along with Windows Defender. I also went to regedit and deleted all the files from the malware initially. It could still be there but I think that it's highly unlikely. It was a virus from a music production VST plugin so I doubt it would be that advanced to dodge all of that.