Explorer.exe high CPU usage, probably not malware

Joaquim

Joaquim

Posts: 12   +0
Hi!

Recently I realized that explorer.exe was using too much cpu, floating between 30% to even 70% of CPU's overall usage, even if nothing but explorer is open. Even if I close the explorer's windows themselves, explorer.exe runs in high percentages in background, even though I do absolutelly nothing.

explorer.png

(sorry, I'm brazilian so my windows it's in portuguese - also, sorry, English isn't my first language, feel free to correct me.)

So I scanned my pc with MalwareBytes, SuperAntiSpyware and even Avast Free. No malwares was found.
Then I ran a system check inside SuperAntiSpyware and looked for potencially harmful programs, registry, rootkits, whatever. Also, I checked system's integrity with sfc /scannow, all was right.
Finally, I thought that it may be due to junk files, temp and so on, so I cleaned up with ccleaner, and although it deleted like 8gb, nothing changed in explorer's performance. All was right, except explorer's performance.

So I downloaded microsoft's Process Explorer to explore what the heck was using it, and found that the highest cpu's consuming threads, like 99% of the high cpu usage we see in explorer's cpu's usage, it's this Audioses.DLL+0x1141b0.

2.png


I scanned audioses.dll in virustotal, nothing was found. Also scanned my explorer.exe in virustotal and nothing still.

Now I don't know what to do. Searched online for solutions and couldn't find any, strange, I thought, given that so many people seems to be with the same problem.

I also created a minidump file of explorer.exe, thought it may be useful.

Don't know when this started, but it's been a while already, like several days.

So... anyone please help?
 
Sounds like you might want to uninstall your old sound card drivers and codecs and reinstall it with newer drivers.
http://www.techsupportforum.com/forums/f338/audioses-dll-high-cpu-issue-1209145.html
Go to your control panel, go hardware&sound, then into the sound properties windows.
Tell us what your main sound component is, could be realtekhd, soundblaster, or any other lead sound card maker.
A screenshot would do better so we can see what you got and we can point you to the right drivers.
 
  • Like
Reactions: Cycloid Torus
Cycloid Torus said:
Rerun sfc /scannow as an administrator. File is part of Windows.

If no improvement, look for recently installed/updated program which is using this dll ( https://en.wikipedia.org/wiki/Process_Explorer ) Could be corrupted.
Click to expand...

I did it as an administrator the first time, but did it again now and it can't find any problem, says it's intact, no integrity problems.

I went to look which program was using audioses.dll and found something rather odd. It was listed two times in process explorer...

8RraYTH.png

In resources monitor I found this AudioSes.dll.mui associated with chrome.exe PID 8672.
AITOyXY.png


So I went to look what else was associated with this chrome.exe PID 8672, and about a hundred dll's are associated with it. Is this normal?
3PqFLQi.png



Hope this is normal...


____________


As for my main sound component, I believe it's this:
lSnU7v8.png



(again, sorry for the system's language. Feel free to ask if you can't understand anything, I'll try to translate it)
 
No problem even though spanish isn't my native tounge I can somewhat understand it.
Go into control panel, click on programs, uninstall a program, look for realtek hd audio, click uninstall.
Reboot it once so it will take effect, go by here and download the ones for windows 8.1/10.
http://www.realtek.com.tw/downloads...evel=4&Conn=3&DownTypeID=3&GetDown=false#High Definition Audio Codecs
Vista, Windows7, Windows8, Windows8.1, Windows10 Driver (32/64bits) Driver only (Executable file) R2.82
That version came out less than 3 months ago, if you didn't update your sound card drivers since then that maybe the whole problem.
Install the software once its done do a reboot to reflect the changes, check task manager again, the problem should be gone.
http://filehippo.com/download_klite_codec_pack/ use this codec pack for whatever music or videos you watch.
 
Thanks for the reply and sorry for my delay.
I installed the latest update to my sound driver, but nothing changed. AUDIOSES.DLL keeps sucking my cpu power.
rS0p934.png



When I double-click audioses.dll, it appears this list of threads:

AUDIOSES.DLL+0x2a0cd
AUDIOSES.DLL+0x2a507
AUDIOSES.DLL+0xad1b
AUDIOSES.DLL+0xa766b
AUDIOSES.DLL+0x114538
AUDIOSES.DLL+0x114241
KERNEL32.DLL!BaseThreadInitThunk+0x14
ntdll.dll!RtlUserThreadStart+0x21
 
Something I find rather odd about this high cpu usage specifically is that it actually behaves like a leak.
Whenever I'm using cpu power for whatever I'm using it, Explorer drops down its cpu usage instead of adding up.
So it always keeps the total cpu usage at average 60%.
 
Sadly I am out of ideas about your problem, however there is someone else here that maybe able to fix it.
http://www.techist.com/forums/f9/
Make a thread there a person named carnage x should reply to it, if needed link him back here so he can what is wrong.
 
Look into Search Index settings. When there are NO other user tasks running, the Search Indexer scans files to create the search ability on folders.
 
jobeard said:
Look into Search Index settings. When there are NO other user tasks running, the Search Indexer scans files to create the search ability on folders.
Click to expand...

I'm sorry, but I couldn't understand.
It would be very nice if you could give me a more detailed reply.

Sorry!
 
Open any directory. Very top, Upper left is a SEARCH BOX. Enter anything of interest and the system search of find it.

To make that work, there's a system service (Index Service: CISVC.EXE) that creates the database for such searches.
 
Alright, thank you.

But I still can't see the point here. I'm supposed to search for anything of interest, and then what?

I'm sorry but I'm pretty amateur on this matter.
 
Didn't ask you to search - - but explained how MS Search gets seeded with the contents of your system. This takes time and CPU.
You have found however, that it's related to other than search indexing, so just continue with your quest.
 
I just tried to boot in safe mode, and cpu's usage levels was regular:

1DYcqUp.png


But when I go back to normal mode, the problem returns.

2kDrD8u.png


--

Holdum323, do you think I should do a clean install already?

I got advice to check for coin miners, makes sense, I'll try some scanning.
 
Hi. A clean boot is different then safe mode. Please read the link I attached about performing a clean boot. The process is quite long. A clean install would be the last thing, but would probably solve your problem. If you don't have the problem in safe mode, then doing a clean boot should help you find the problem if it's software related.
Let us know how things go.
I have no idea what coin miners is? You could scan with Adwcleaner if you haven't done that. What all have you used to scan for malware?
https://www.malwarebytes.com/adwcleaner/
Read this about a clean boot!
A clean boot is performed to start Windows by using a minimal set of drivers and startup programs. This helps eliminate software conflicts that occur when you install a program or an update or when you run a program in Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. You may also troubleshoot or determine what conflict is causing the problem by performing a clean boot.
 
Sweet I don't know if the moderators will approve but go ahead and start a request thread here.
https://www.techspot.com/community/forums/virus-and-malware-removal.28/
Hopefully one of those guys will look at this and trouble shoot further to see what the problem is.
Do what joec mentions and use a adblock for the moment.
http://www.techist.com/forums/f9/ex...robably-not-malware-cant-find-problem-280023/

https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en-US
You use this version not adblock plus.

You might want to grab a free trial of eset antivirus, if malware bytes doesn't kill it first.
Eset will get to it faster if they have the right definitions for it.
https://www.eset.com/us/home/free-trial/
 
Last edited:
Hi. Are we sure this problem is being caused by malware. I think we need to slow down, and wait for the OP to respond.
If you do have the coin miner malware, here's link by Malwarebytes. https://malwaretips.com/blogs/remove-coinhive-miner-virus/
This was first mentioned by the OP, and I agree that it sounds like it could be the problem.
I'm going to bow out now and wait for the OP to respond.
 
Last edited:
MaikuTech said:
If you know its a malware problem why don't you help us sort through it all ?
Click to expand...
Hi @MaikuTech As I have stated,"I'm not 100% sure it's a malware problem". The OP was the one that suggested "coin minor". I just added some suggestions about it. I have posted my suggestions about this if it is malware, and what to do to get rid of it.
I'm not a trained malware fighter, but I have removed a ton of it in my years of working on PCs.
 
If it is believed that this is a malware problem, the OP should post in the appropriate forum, namely: The Virus & Malware Removal forum, not here.
 
  • Like
Reactions: holdum323
mailpup said:
If it is believed that this is a malware problem, the OP should post in the appropriate forum, namely: The Virus & Malware Removal forum, not here.
Click to expand...
Hi. Yes sir. I agree with you 100%.(y) When the OP first posted, they didn't think it was malware. I think the OP is very PC savvy, and I'm sure if they can't solve their issue, they will start a new thread and let our malware fighter help them with their issue.
All I'm saying is "Let's wait for the OP to respond". The OP stated they aren't having this problem in the safe mode. That's why I suggested a clean boot. Yes it sounds like the coin minor, but it could be other things.;)
 
Hi!

Thank you all for the replies.

I was going to do a clean boot, but there was a service that refused to disable, so I had to use ubuntu cd boot and uninstall it, it was some very annoying internet banking 'protection', at least its what they say, brazillian banks.
So I uninstall it and, given that I was already there, decided to ran a scan. I had already tried 3 full scans from different antivirus, and thought it was clean...
Surprisingly, it found 5 infected items so far, all of them wasn't recognized by Malwarebytes and Superantispyware with OS running.

All of them seems infected (in the sense that it doesn't seem false-positive)... Avast was infected, qBittorrent, couple emails, and audioses.dll...

I'm waiting for scan to complete, take some action and I'll see if the problem is gone.

If the problem was actually malware all along, should I ask someone to move thread to malwares forum?


Also I think that if the case is coin mining, a simple ad-block wouldn't be enough. I'd try anti-miner extensions... what do you think?


As soon as it gets done I'll post results here.
 
You must log in or register to reply here.

Similar threads

A
Monitor "Overdrive" response time damage or reduced lifespan ?
Replies
0
Views
378
Aug44
A
I
Are my benchmark scores normal for my PC ?
Replies
1
Views
614
neeyik
neeyik
A
My GPU usage and CPU usage are both too low
Replies
0
Views
943
ArdaM
A

Latest posts

Back