TechSpot

cpu 100% because of notepad.exe?

By bobathon
Mar 22, 2007
  1. notepad.exe is useing all of my CPU and slowing down my sytem. another forum suggested that is might be a trojan virus when i did more research all of the symptoms were there but none of the solutions. any extra insite wouldbe greatly apreciated
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    Please go and read this and then post a HijackThis log as an attachment into this thread.

    Any malware can be named anything, so it could be another notepad.exe which is actually a trojan or something, just running from a different location. The HJT log should help us find out.

    Regards :)
     
  3. bobathon

    bobathon TS Rookie Topic Starter

    I think i did that right
     
  4. mr. sparkle

    mr. sparkle TS Rookie

    This process could be what is causing your problem, if you take a look it is not actually notepad running,
    1.You will need to kill the process via process manager.
    2.Locate the executable, most likely in the Windows\System32 folder.
    3.Search the registry for the reg key, usually run once....
    4.Remove from system startup, start>run>cmd>msconfig>startup>
    5.Restart

    Hope this is of some help to you.
     
  5. bobathon

    bobathon TS Rookie Topic Starter

    Ummm... I think you're gonna need to dumb that down a little bit. What am I looking for in the windows/system32 folder? And what am I searching the registry for. I'm not computer illiterate I just need a little more direction.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved this thread to our security and the web forum.

    Your system is infected with a variety of nasties, not just the n?tepad.exe file.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. bobathon

    bobathon TS Rookie Topic Starter

    Here is the combofix log
    The AVG antirootkit didn't find anything
    It wouldn/t let me upload the AVG anti-spyware log because it was too big
     

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, run the Ccleaner programme as per the instructions in step9 of this thread HERE.

    Then, run a fresh AVG Antispyware scan and post the log file as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. bobathon

    bobathon TS Rookie Topic Starter

    here is the HJT log file but I can't upload the AVG anti-spyware file because it is 899Kb and hte limit is 100Kb
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I guess Howard won't care if I answer this because he's offline right now.

    You might want to copy and paste these instructions into a text file and save it to your desktop for easy access later. Now,

    Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Run HijackThis with no other programs open (except Notepad). Have it fix these entries, by placing a tick in the box next to them:

    O2 - BHO: (no name) - {14F11853-D092-AB43-C12E-8BCD5C1983C3} - C:\WINDOWS\system32\pfso.dll (file missing)

    O2 - BHO: (no name) - {67C1F840-34F6-6D7A-AB41-6DE337E9FB97} - C:\WINDOWS\system32\oavskw.dll

    O4 - HKCU\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan

    4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv

    O4 - HKCU\..\Run: [Ikxbn] C:\WINDOWS\s?curity\n?tepad.exe

    O8 - Extra context menu item: &Search - [http]edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    Go into Add/Remove Programs in your Control Panel and uninstall anything having to do with the following:

    MyWebSearch
    SystemDoctor 2006 Free

    Now delete the following bold files/folders (if there):

    C:\WINDOWS\system32\ftns~1<delete the entire folder
    C:\WINDOWS\s?curity<where ? is a random letter/number
    C:\Program Files\mywebsearch
    C:\Program Files\SystemDoctor 2006 Free

    Now reboot into normal mode and rehide your protected files.

    Post a fresh HJT and Combofix log.

    Regards :)

    This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  11. bobathon

    bobathon TS Rookie Topic Starter

    ok here is a fresh combofix and HJT log. everything seems to be working fine on my computer now. thanks for all the help, you guys are awsome. I've tryed alot of other tech forums but got very little help. youguys are great.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Thanks kitty500cat.

    bobathon: You`re running an outdated version of HijackThis. Please update it to the latest version as per this thread HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    logonui.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\FNTS~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Run the Ccleaner programme as per setp9 of the instructions in this thread HERE.

    Then, run an AVG Antispyware scan as per the instructions HERE.

    Post an AVG Antispyware log as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...