Today I’m helping someone on a forum with an interesting problem. The following is his original post, edited for (som) grammar and spelling mistakes.
Two days ago I turned on the computer and everything looked normal and I go eat some breakfast. When I came back a BHO warning came up and the only program that could open was the task manager. On the bottom of the task manager it said CPU usage:100%. So I restarted the computer in safe mode and went to msconfig and shut down some of the unnecessary startup programs. When I rebooted normally the same thing happened. How do I stop this?
Things to explain in this post: BHO’s, 100% CPU usage, safe mode, msconfig, and the evilness that ties it together.First, let me get some definitions out of the way:
- BHO: Browser Helper Object. The Google tool bar is a BHO and so is the Yahoo! tool bar. Unfortunately, so are a number of spyware and adware programs that like to steal and publicize your private data. They’re installed as a BHO so that they can continually collect data of your browsing habits, or take advantage of security holes inside of your internet browser.
- CPU: Central Processing Unit. The brain of your computer. 100% usage is fine when you’re doing something on the computer. 100% usage when you’re off eating breakfast and not doing anything can be indicative of a problem.
- Safe Mode: A very limited session of windows. When a PC is turned on, you can press F8 as soon as the very first windows logo pops up. A menu then pops up and allows you to choose a few boot options. Safe mode limits what programs actually start-up automatically. This allows you to diagnose or correct problems without the malware stopping you from doing it.
- msconfig: a built in program that lets you select and customize some advanced options in Windows. It’s useful, as shown here, for limiting exactly which programs will run automatically when you start your computer normally.
Step 1: run an anti-virus scan on the computer. AVG is free and low impact. It’s easy to install, scans once a day (default) or whenever you schedule it. They now offer a free anti-spyware program too.
Step 2: run an anti-spyware program or two or three. I use two. One is never good enough. I use the free Ad-Aware and a program called Hijack-This. Hijack-This is meant for advanced users because it relies on the user to know what’s good and what’s bad. If you don’t think you’re up to the task of Hijack-This, try using Ad-Aware, AVG, and Windows Defender. Windows Defender is only available on XP and Server 2003 at this time.
Step 3: Go to the Process Library and search for all of the running processes in the task manager. To do this, press alt-ctrl-del. This takes a while, but it can really help. For example, after this guy ran his multiple scans, he still had a process called
Step 4: Reboot and rescan with the anti-spyware tools. If you find the same or different malware programs, reboot into safe mode as outlined above and rerun the anti-spyware tools. Again, reboot into normal mode and re-scan. If you find something again, seek help on message boards or by contacting me. I can help either directly or by referring you to people that can.
As for my friend: currently he has no internet connectivity, Windows is not displaying folders correctly, and he’s still running fairly slowly. We’re working the issues, but without the ability to connect to the internet, I can’t view what programs are running or view a hijack this log. It’s a pretty nasty bug that he got.
UPDATE: It’s looking like a version of the Sasser worm. He has a dll file that is named with a random assortment of letters. When he deletes it and reboots, another file with a different random arrangement of letters takes its place. I may just make a new post on this.
0 Responses to “UPDATED: The damaging effects of Spyware, Malware, Worms, Virii, and all programs evil.”