Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Amd sapphire 7770 high activity while idle

20 Aug 2013   #1
bala2289

windows 7 ultimate x32
 
 
Amd sapphire 7770 high activity while idle

Hi All,

My graphic card is having activity 97% even while its in idle. Had CCC 13.4 tried re installing, didnt help.
Currently installed 13.8 beta still same issue.

Card was overclocked before but had set everything to default settings. Should be a software issue is guess

Thanks in advance..




Attached Thumbnails
-img_20130820_122607.jpg  
My System SpecsSystem Spec
.

20 Aug 2013   #2
Stephanie

Linux Zorin OS x64, Win 7 Pro x64, Chalet OS x64, Linux Light x86
 
 

My System SpecsSystem Spec
20 Aug 2013   #3
Das Rha

Windows 7 Ultimate x64
 
 

^^^ Same. I bet money it's the new malware everyone's been seeing that mines bitcoins on Gpu's. Horrible thing but easy to repair. If MWB can't fix it, PM me I have an exe file that someone created that is very versatile and can remove most cases of this Malware; pretty confident you got it.
My System SpecsSystem Spec
.


20 Aug 2013   #4
bala2289

windows 7 ultimate x32
 
 

Hi,

Thanks to Stephanie and Das. I thought Avast would be enough to protect my system. Check the Malware bytes log.

Memory Processes Detected: 2
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> 2816 -> Delete on reboot.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{845D66F9-A5B9-A0AF-466D-DB802E6066E5} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: mysearchdial Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 8
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
C:\Users\\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> Delete on reboot.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\balakarthi\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Thanks again. Will recommend MB along with Avast from now on.
My System SpecsSystem Spec
21 Aug 2013   #5
archer

Windows 7 ultimate x64
 
 

Hi bala, did running the Malwarebytes helped?
My System SpecsSystem Spec
21 Aug 2013   #6
bala2289

windows 7 ultimate x32
 
 

Quote   Quote: Originally Posted by archer View Post
Hi bala, did running the Malwarebytes helped?
Yes archer no issues now.
My System SpecsSystem Spec
22 Aug 2013   #7
archer

Windows 7 ultimate x64
 
 

Perfect, congrats!
My System SpecsSystem Spec
22 Aug 2013   #8
Faladu

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
 
 

I was a paying Avast! customer myself and fired them after the subscription ended, twice things got by it.

Scan with malwarebytes' at least weekly if you use ANY free a/v is what I recommend, I may have to switch to that myself.

Or just pay for malwarebyte's product and let it be your real time monitoring solution. 8)
My System SpecsSystem Spec
24 Aug 2013   #9
HoneycombAG

Microsoft Windows 7 Home Premium 64-bit Service Pack 1
 
 

Try running Malwarebytes Chameleon next, and see how much more malware you can slay at once.

To run: Start > All Programs > Malwarebytes' Anti-Malware > Tools > Malwarebytes Chameleon

Follow the directions.

Note   Note
This tool will attempt to launch Malwarebytes in an attempt to update the definitions, especially if malware has taken over and prevented any other AV/AS tool from working. Even if it fails, it will then try to slay the malicious processes before trying to run Malwarebytes in Quick Scan mode.
Chameleon may not work if Malwarebytes itself needs an update, or if you're running the Windows 8.1 release preview.
My System SpecsSystem Spec
05 Sep 2013   #10
Delscorcho

Windows 7 Ultimate X64 & Windows 8 X64
 
 

Hello All,

I am running a different Video Card but still an AMD. (doubt that the video HW has anything to do with issue) My Card-->XFX Radeon HD 7970 GHz Edition 3GB FX-797G-TDFC


I had the exact problem and the replies on this topic helped me key into the problem and eradicate it.


I had never heard of bitcoin mining botnets or anything of the sort and was very disturbed that Malwarebytes did not have even the slightest clue that my system was boarded and my GPU was being baked by a foreign program.


Neither my MS Defender nor Malwarebytes' Anti-Malware full scan even with chameleon found anything that could have been causing the issue with my runaway GPU processes and associate heat and loud fan noise.
It found some stuff and I removed it all, but it was just adware stuff and nothing that helped when it was removed. Several post scans revealed they were gone and found nothing new.


After further browsing of the Internet for possible help I came across some folks that identified the iehighutil.exe as being a part of the \"0Access\" or \"ZeroAccess\" bitcoin mining botnet and found that file in my system startup and its associated file location in c:\temporary.


Quote:
Another Virus found spreading quickly. This virus installs malwares on your system silently and exploits your GPU leading to a messed up one. Unfortunately, Antivirus Software’s don't detect this one. These viruses probably pass down to your computer via Torrents and some other sources.

How to check if I have the Virus?
Check your task manager for processes with these names -
ieutil.exe
iehighutil.exe

How to remove the virus?
1. If you've the virus you'll have a folder named Temporary in your System Drive. For eg:- C:\Temporary. You'll see the virus there. So delete that folder.
2. Block the programs - ieutil.exe and iehighutil.exe with an Antivirus Program.
3. Run msconfig and delete iehighutil.exe from startup programs.
4. Run regedit search and find(Ctrl +F) iehighutil and delete the whole folder.

Even after deleting the files and the folder and removing any reference to it in my registry and several reboots, I was still plagued with this menace of what sure seemed like a GPU hijack for bitcoin mining. I was almost ready to wipe and reload My OS and in preparation I logged in with a secondary Admin account to back up my docs and profile. That is when I noticed that the GPU was calm and unaffected.

So I backed up the suspect user profile then deleted it completely and then logged into the old account and widows rebuild my profile and that killed whatever was present on my system.

It must have had some nasty files running (that were undetected by MB and MS defender Mind you) somewhere in my app data or elsewhere in my User Profile.

I am so happy to be rid of this menace and to have a calm, cool and noise free PC again.

I wish I could have used a smaller hammer than wiping out the user profile, but I was glad I got rid of the menace and did not have to reload the OS and all my APPS and non-steam games again.

Not so fast.. See the next post to see the ongoing saga..

Thanks for the advice and steering me in the right direction all.

Take Care,
Del
My System SpecsSystem Spec
Reply

 Amd sapphire 7770 high activity while idle




Thread Tools





Similar help and support threads
Thread Forum
High GPU Activity while on idle.
So the usage and temperature of my video card suddenly goes up while my PC was idle. The usage increased about 90% and the temp around about 50-55 degrees. At first, I thought it was some kind of malware causing all this but I did a full scan on my PC and there didn't seem to be anything out of the...
Graphic Cards
Eyefinity in sapphire 7770 1Gb
Hi, I currently have a 19 inch monitor of 1360x768 resolution. Maxing out all games(AA x2 or off) with my sapphire 7770 1 gb. So have saved some 200$. Should i get one 21 inch 1080p monitor or get two 19 inch and set up eyefinity(portrait mode). Can the graphic card handle it? Please...
Graphic Cards
Very high CPU usage, causing very high laptop CPU temps (90c idle)
This problem began yesterday. I noticed my CPU was at 90C constantly with very high CPU usage (>50%). I had no major programs running. I rebooted several times and the program persisted. 1. I went into safe mode and everything was normal. So this rules out hardware issues. 2. I reformatted and...
Performance & Maintenance
Sapphire HD5770 Viper-X: high GPU utilization watching HDTV
Just a question... I recently upgraded my hardware because of a replacement for my old 21" CRT 1280x960 monitor with a new 24" LCD 1920x1200 monitor, being used as Monitor #2 in a 2-monitor setup. Monitor #1 is also a 24" LCD 1920x1200 monitor and remains unchanged. To properly support the...
Graphic Cards
Win 7 64 bit slowdowns high disk activity
Hi Everyone, I had previously started a thread: http://www.sevenforums.com/performance-maintenance/91406-win-7-64bit-clean-install-then-massive-slowdown.html#post787820 in the performance section, which discussed my issues, from which we concluded was hardware related. I am not sure...
Hardware & Devices
High Disk Activity! Help!
Hey! I have windows 7 64bit running on my desktop PC. I have Intel Core 2 Quad Q8200 @2.34GHZ Processor, 4 GB Ram, Asus P5QPL-AM motherboard and WDC WD32000AAKS-00L9A0 ATA device 320GB HDD. I am using this system since last one year or so, first i had Windows XP installed on it, and after...
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App