cpu 100% because of notepad.exe?
- Thread starter bobathon
- Start date
- Status
kitty500cat
Posts: 1,391 +6
Hello and welcome to TechSpot.
Please go and read this and then post a HijackThis log as an attachment into this thread.
Any malware can be named anything, so it could be another notepad.exe which is actually a trojan or something, just running from a different location. The HJT log should help us find out.
Regards
Please go and read this and then post a HijackThis log as an attachment into this thread.
Any malware can be named anything, so it could be another notepad.exe which is actually a trojan or something, just running from a different location. The HJT log should help us find out.
Regards
mr. sparkle
Posts: 6 +0
This process could be what is causing your problem, if you take a look it is not actually notepad running,
1.You will need to kill the process via process manager.
2.Locate the executable, most likely in the Windows\System32 folder.
3.Search the registry for the reg key, usually run once....
4.Remove from system startup, start>run>cmd>msconfig>startup>
5.Restart
Hope this is of some help to you.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
I have moved this thread to our security and the web forum.
Your system is infected with a variety of nasties, not just the n?tepad.exe file.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I have moved this thread to our security and the web forum.
Your system is infected with a variety of nasties, not just the n?tepad.exe file.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ok, run the Ccleaner programme as per the instructions in step9 of this thread HERE.
Then, run a fresh AVG Antispyware scan and post the log file as well as a fresh HJT log.
Regards Howard
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Then, run a fresh AVG Antispyware scan and post the log file as well as a fresh HJT log.
Regards Howard
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
kitty500cat
Posts: 1,391 +6
I guess Howard won't care if I answer this because he's offline right now.
You might want to copy and paste these instructions into a text file and save it to your desktop for easy access later. Now,
Boot into safe mode, under your normal user name (not the administrator account). See how HERE.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.
Run HijackThis with no other programs open (except Notepad). Have it fix these entries, by placing a tick in the box next to them:
O2 - BHO: (no name) - {14F11853-D092-AB43-C12E-8BCD5C1983C3} - C:\WINDOWS\system32\pfso.dll (file missing)
O2 - BHO: (no name) - {67C1F840-34F6-6D7A-AB41-6DE337E9FB97} - C:\WINDOWS\system32\oavskw.dll
O4 - HKCU\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Ikxbn] C:\WINDOWS\s?curity\n?tepad.exe
O8 - Extra context menu item: &Search - [http]edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
Go into Add/Remove Programs in your Control Panel and uninstall anything having to do with the following:
MyWebSearch
SystemDoctor 2006 Free
Now delete the following bold files/folders (if there):
C:\WINDOWS\system32\ftns~1<delete the entire folder
C:\WINDOWS\s?curity<where ? is a random letter/number
C:\Program Files\mywebsearch
C:\Program Files\SystemDoctor 2006 Free
Now reboot into normal mode and rehide your protected files.
Post a fresh HJT and Combofix log.
Regards
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
You might want to copy and paste these instructions into a text file and save it to your desktop for easy access later. Now,
Boot into safe mode, under your normal user name (not the administrator account). See how HERE.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.
Run HijackThis with no other programs open (except Notepad). Have it fix these entries, by placing a tick in the box next to them:
O2 - BHO: (no name) - {14F11853-D092-AB43-C12E-8BCD5C1983C3} - C:\WINDOWS\system32\pfso.dll (file missing)
O2 - BHO: (no name) - {67C1F840-34F6-6D7A-AB41-6DE337E9FB97} - C:\WINDOWS\system32\oavskw.dll
O4 - HKCU\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Ikxbn] C:\WINDOWS\s?curity\n?tepad.exe
O8 - Extra context menu item: &Search - [http]edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
Go into Add/Remove Programs in your Control Panel and uninstall anything having to do with the following:
MyWebSearch
SystemDoctor 2006 Free
Now delete the following bold files/folders (if there):
C:\WINDOWS\system32\ftns~1<delete the entire folder
C:\WINDOWS\s?curity<where ? is a random letter/number
C:\Program Files\mywebsearch
C:\Program Files\SystemDoctor 2006 Free
Now reboot into normal mode and rehide your protected files.
Post a fresh HJT and Combofix log.
Regards
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
howard_hopkinso
Posts: 21,238 +17
Thanks kitty500cat.
bobathon: You`re running an outdated version of HijackThis. Please update it to the latest version as per this thread HERE.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
logonui.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\FNTS~1<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Run the Ccleaner programme as per setp9 of the instructions in this thread HERE.
Then, run an AVG Antispyware scan as per the instructions HERE.
Post an AVG Antispyware log as well as a fresh HJT log.
Regards Howard
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
bobathon: You`re running an outdated version of HijackThis. Please update it to the latest version as per this thread HERE.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
logonui.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [Cnii] "C:\WINDOWS\system32\FNTS~1\logonui.exe" -vt ndrv
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\FNTS~1<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Run the Ccleaner programme as per setp9 of the instructions in this thread HERE.
Then, run an AVG Antispyware scan as per the instructions HERE.
Post an AVG Antispyware log as well as a fresh HJT log.
Regards Howard
This thread is for the use of bobathon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
Apple Vision Pro is facing declining interest and sales among consumers- Zsoltblabla replied
-
Bending metal: The changing server business- Arbie replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Q Wales replied
