Solved cmd.exe high CPU

Occasionally it happens that Cmd.exe is causing high CPU of 100%
The file exists in the correct folder.
With the task-manager I dropped it off and CPU returned to normal.

Now I disabled cmd.exe with Start/ cmd/ gpedit.msc / local policy / system etc.

Lets see what happens.

Is there a way to trace which application starts this annoying problem with cmd.exe ?

My Pc runs on Windows 7 64 bits.
It seems to be a more frequent problem on the internet.
Any solutions are welcome.

Take a read through this from Microsoft.

Igfxupdate.exe forces cpu to load @ 100% - Microsoft Community

Thank you for your reply Layback Bear.

I really found three key's in the registry with reg seeker which contained that particular filename. igfxupdate.exe
However it seems to belong to an Intel Update service?
What is igfxupdate.exe ? | System Explorer

File details of most used file with name "igfxupdate.exe"

Product:
Intel Graphics Properties
Company:
Intel Corporation
Description:
Updater Service
Version:
8.15.10.2622
MD5:
4c2b0369b42a7e4b0e1e3077956da98b
SHA1:
20360c1e7d0a1f3e283124f87a1536793b85db1e
SHA256:
7c558047df7337a545abc1fabb6d845447f5608d3eaddbe9a61077e1a028a020
Size:
269824
Directory:
C:\Windows\SysWOW64
Operating System:
Windows 7
Discovered:
November 23, 2012
- See more at: What is igfxupdate.exe ? | System Explorer

How can I find out that's a troyan or trusted file?
I'm using AVG internet-security.


One other thing is that cmd.exe has a permission on trusted installer?
Normally cmd.exe should not start unless I want it to.

Bernardus said:

How can I find out that's a troyan or trusted file?

Click to expand...

You can upload files to VirusTotal for analysis.
https://www.virustotal.com/

This has helped other members.
http://www.sevenforums.com/performa...5-cpu-stuck-100-unless-task-manager-open.html

Did you go to the Microsoft site and posted in my post #2 and read this? Please let us know what you have done and what has worked.


Ishurean replied on

Here's the step by step if you're not into computers.


1/ Open the Task Manager (and let if open)
2/ Go in C:\Windows\System32 and delete "igfxupdate.exe"
3/ Go in C:\Windows\SysWOW64 and check if "igfxupdate.exe" is also here, if yes delete it
4/ Open the windows services management console
Start > Execute > services.msc or Start > type "services.msc" in the search bar (Windows 7)
5/ Look for "Search Indexer" -> Right click -> Properties and change the "Automatic" into "Disabled"
6/ Reboot
7/ Open the Windows CMD as an Administrator
Start > type "cmd" in the search bar (Windows 7) -> Right click -> Run as an Administrator
8-> Type "sc delete SearchIndexer" then hit Enter


And you're done !

After scanning the pc with several Malware or Adware software no result for cmd.exe.
It appeared this morning again.
Followed off course your advice which I have found earlier on the net.

Windows search has been disabled now. (indexing)

However I can't find a file igfxupdate.exe as you mentioned not even with unhiding mapoptions
In the registry I found three entries. If I can safely delete them??? I backed them up just in case.
Have to read your further links.

Thank you so far for your reply.

Thanks to your help I may have found something nasty.
A Keygenerator was causing intermitted cmd.exe.
It was continuously active in the Temp File?
Even hard to remove while running.
But with ASC. I scrambled the whole file to piece's.
Something like an activation of which no further file could be found?
That was correct, that software was not installed on my PC.
I'm not even using that version.

Hope that is solves the matter.

Advanced System Care in my opinion is a NO NO. It causes more problems than it helps. Many won't use AVG either. I would recommend MSE for your antivirus.
Microsoft Security Essentials - Microsoft Windows

I would also run these to check if anything else is hiding in your system. Many times infections like this let their buddy infection in the backdoor.
Malwarebytes

Free Online Virus Scanner | ESET

Let us know how thing go and what is found if any.

All I found was that particular generator itself.
This morning it started again wit a find.exe *32, a script.exe and cscript.exe 110%CPU
Trying to change a non existent file.
I could locate it thanks to your explorer program.
Removed all the entries out of the register en deleted the gen. file afterwards.
Hope this will be the end of the trouble.
At least I'm on trail of something particular.

This might be of some help. Please read.

Encyclopedia entry: Worm:Win32/Bofra.E@mm - Learn more about malware - Microsoft Malware Protection Center
---------------------------------------------------------
How to get rid of the .exe*32 file that infects programs | PC Help Forum

Win32.Bofra.E

Not to be mistaken for a critical System 32 file, the 32.exe file is actually a worm which has become notorious for its widespread infection via email. The file preys on our instinct not to touch important looking files, and it also comes with a generator function that will place a random set of characters before the 32.exe. This is to dissuade people from searching the file by name and finding a fix for the problem.
The 32.exe virus is officially referred to as a Win32.Bofra.E. It copies itself to the System directory but you will need to look closely to find it as there’s no easy way of telling what the prefix to the file will be.
The nature of the Win32.Bofra.E is that it is designed to re-spawn when you boot from scratch. If you don’t remove the registry entries that trigger the virus in to life, you will be simply removing it temporarily until the next start up.
----------------------------------------
This could also help. Win32.Bofra.E has been around for a while so the scans I suggested should find it.
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

You can also use Windows Defender Offline and see what (if anything) it finds.
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html
This tool must be created on a known malware free computer.

Ran Combofix which produced, removed or changed a long list.
To my surprise everything seems to be functioning afterwards.
Registercleaners like this or any are extremely risky.
The restore option failed for unknown reasons, perhaps I forgot something?
No problem, because I always keep some real complete backups with Acronis,
I never rely on system-restore since it's to vulnerable for viruses who may remove or disable the backup.
Besides it won't restore everything and screws itself in time.
Switched it also off since it builds up a massive rather useless file.

It's to early to cry Eureka, but until now the high CPU didn't appear again.
Keeping thumbs up

Leave this thread open for about a week to make sure things stay okay and report back and let us know if you can.

Of course I will do that.
It's still Ok.

The problem didn't appear for several days now, so I think it's solved.
Thanks for your help.