Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Amd sapphire 7770 high activity while idle

20 Aug 2013   #1

windows 7 ultimate x32
 
 
Amd sapphire 7770 high activity while idle

Hi All,

My graphic card is having activity 97% even while its in idle. Had CCC 13.4 tried re installing, didnt help.
Currently installed 13.8 beta still same issue.

Card was overclocked before but had set everything to default settings. Should be a software issue is guess

Thanks in advance..



Attached Thumbnails
Amd sapphire 7770 high activity while idle-img_20130820_122607.jpg  
My System SpecsSystem Spec
.

20 Aug 2013   #2

Windows 7 Professional x64 SP1
 
 

My System SpecsSystem Spec
20 Aug 2013   #3

Windows 7 Ultimate x64
 
 

^^^ Same. I bet money it's the new malware everyone's been seeing that mines bitcoins on Gpu's. Horrible thing but easy to repair. If MWB can't fix it, PM me I have an exe file that someone created that is very versatile and can remove most cases of this Malware; pretty confident you got it.
My System SpecsSystem Spec
.


20 Aug 2013   #4

windows 7 ultimate x32
 
 

Hi,

Thanks to Stephanie and Das. I thought Avast would be enough to protect my system. Check the Malware bytes log.

Memory Processes Detected: 2
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> 2816 -> Delete on reboot.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{845D66F9-A5B9-A0AF-466D-DB802E6066E5} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: mysearchdial Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 8
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
C:\Users\\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> Delete on reboot.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\balakarthi\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Thanks again. Will recommend MB along with Avast from now on.
My System SpecsSystem Spec
21 Aug 2013   #5

Windows 7 ultimate x64
 
 

Hi bala, did running the Malwarebytes helped?
My System SpecsSystem Spec
21 Aug 2013   #6

windows 7 ultimate x32
 
 

Quote   Quote: Originally Posted by archer View Post
Hi bala, did running the Malwarebytes helped?
Yes archer no issues now.
My System SpecsSystem Spec
22 Aug 2013   #7

Windows 7 ultimate x64
 
 

Perfect, congrats!
My System SpecsSystem Spec
22 Aug 2013   #8

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
 
 

I was a paying Avast! customer myself and fired them after the subscription ended, twice things got by it.

Scan with malwarebytes' at least weekly if you use ANY free a/v is what I recommend, I may have to switch to that myself.

Or just pay for malwarebyte's product and let it be your real time monitoring solution. 8)
My System SpecsSystem Spec
24 Aug 2013   #9

Microsoft Windows 7 Home Premium 64-bit Service Pack 1
 
 

Try running Malwarebytes Chameleon next, and see how much more malware you can slay at once.

To run: Start > All Programs > Malwarebytes' Anti-Malware > Tools > Malwarebytes Chameleon

Follow the directions.

Note   Note
This tool will attempt to launch Malwarebytes in an attempt to update the definitions, especially if malware has taken over and prevented any other AV/AS tool from working. Even if it fails, it will then try to slay the malicious processes before trying to run Malwarebytes in Quick Scan mode.
Chameleon may not work if Malwarebytes itself needs an update, or if you're running the Windows 8.1 release preview.
My System SpecsSystem Spec
05 Sep 2013   #10

Windows 7 Ultimate X64 & Windows 8 X64
 
 

Hello All,

I am running a different Video Card but still an AMD. (doubt that the video HW has anything to do with issue) My Card-->XFX Radeon HD 7970 GHz Edition 3GB FX-797G-TDFC


I had the exact problem and the replies on this topic helped me key into the problem and eradicate it.


I had never heard of bitcoin mining botnets or anything of the sort and was very disturbed that Malwarebytes did not have even the slightest clue that my system was boarded and my GPU was being baked by a foreign program.


Neither my MS Defender nor Malwarebytes' Anti-Malware full scan even with chameleon found anything that could have been causing the issue with my runaway GPU processes and associate heat and loud fan noise.
It found some stuff and I removed it all, but it was just adware stuff and nothing that helped when it was removed. Several post scans revealed they were gone and found nothing new.


After further browsing of the Internet for possible help I came across some folks that identified the iehighutil.exe as being a part of the \"0Access\" or \"ZeroAccess\" bitcoin mining botnet and found that file in my system startup and its associated file location in c:\temporary.


Quote:
Another Virus found spreading quickly. This virus installs malwares on your system silently and exploits your GPU leading to a messed up one. Unfortunately, Antivirus Software’s don't detect this one. These viruses probably pass down to your computer via Torrents and some other sources.

How to check if I have the Virus?
Check your task manager for processes with these names -
ieutil.exe
iehighutil.exe

How to remove the virus?
1. If you've the virus you'll have a folder named Temporary in your System Drive. For eg:- C:\Temporary. You'll see the virus there. So delete that folder.
2. Block the programs - ieutil.exe and iehighutil.exe with an Antivirus Program.
3. Run msconfig and delete iehighutil.exe from startup programs.
4. Run regedit search and find(Ctrl +F) iehighutil and delete the whole folder.

Even after deleting the files and the folder and removing any reference to it in my registry and several reboots, I was still plagued with this menace of what sure seemed like a GPU hijack for bitcoin mining. I was almost ready to wipe and reload My OS and in preparation I logged in with a secondary Admin account to back up my docs and profile. That is when I noticed that the GPU was calm and unaffected.

So I backed up the suspect user profile then deleted it completely and then logged into the old account and widows rebuild my profile and that killed whatever was present on my system.

It must have had some nasty files running (that were undetected by MB and MS defender Mind you) somewhere in my app data or elsewhere in my User Profile.

I am so happy to be rid of this menace and to have a calm, cool and noise free PC again.

I wish I could have used a smaller hammer than wiping out the user profile, but I was glad I got rid of the menace and did not have to reload the OS and all my APPS and non-steam games again.

Not so fast.. See the next post to see the ongoing saga..

Thanks for the advice and steering me in the right direction all.

Take Care,
Del
My System SpecsSystem Spec
Reply

 Amd sapphire 7770 high activity while idle





Thread Tools



Similar help and support threads for2: Amd sapphire 7770 high activity while idle
Thread Forum
Solved Eyefinity in sapphire 7770 1Gb Graphic Cards
Very high CPU usage, causing very high laptop CPU temps (90c idle) Performance & Maintenance
High disk activity when Windows not used General Discussion
Sapphire HD5770 Viper-X: high GPU utilization watching HDTV Graphic Cards
Solved High activity on HDD after wakeup from hibernation Performance & Maintenance
Win 7 64 bit slowdowns high disk activity Hardware & Devices
High Disk Activity! Help! Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:19 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33