Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17

28 Oct 2014   #1
geverl

Windows 7 Pro 64 bit
 
 
explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17

After having wasted several days with useless scanner software I've installed an SSD drive and installed Windows 7 on it, which works fine. The disk on which the infected Windows 7 is installed is now used purely for data storage, although I can still boot into the infected Windows if someone likes to explore the problem.
-------------------------------------------------

As soon as I open Windows Explorer, it uses a full core of my 4 core system. I'm running Windows 7 Pro 64 Bit. Process Hacker shows ntdll.dll!RtlValidateHeap+0x170 as start address for the thread that uses the processor resources. I've tried Process Monitor to find out what this thread is doing, but only the thread exit with success (after I've terminated it in Process Hacker) shows up in Process Monitor. A System Restore has brought no change. I can't find anything suspicious in Event Viewer. I've run full scans with Microsoft Security Essentials, Anti-Malware, Hitman Pro and most other programs listed at http://www.bleepingcomputer.com/download/windows/security, to no avail.

The problem also occurs with other programs, e.g. Notepad, as soon as the Windows file dialog is opened, although in that case it is not always ntdll.dll that seems to use the processor resources.
When I boot in safe mode with pretty much everything disabled, Windows Explorer works fine.

DDS.txt and Attach.txt are attached (couldn't post DDS.txt as too long).




Attached Files
File Type: txt attach.txt (26.5 KB, 1 views)
File Type: txt dds.txt (23.9 KB, 1 views)
My System SpecsSystem Spec
.
28 Oct 2014   #2
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Hello Geverl mate I see you have been waiting for a while now for an answer and that you have tried a fair bit of stuff already but just as a suggestion try this
Download Kaspersky Rescue Disk 10 it will as you probably know run from power up and scan without "involving" Windows.
It is usually pretty good at digging out stuff that is missed on the other scanners. I see you know re bleepingcomputer site I refer to it all the time top site eh?

by the by have you run a rootkit scan> as I cannot see a mention of it there in your post. You will of course be aware that the TDSS Killer in this link is probably as good as any. But which one you use is up to you, I have used about three of those linked and find them all good but the TDSS is my pick
Best Free Rootkit Scanner and Remover
My System SpecsSystem Spec
29 Oct 2014   #3
geverl

Windows 7 Pro 64 bit
 
 

Thanks for the suggestion. Kaspersky Rescue Disk 10 has taken some 9 hours to find nothing noteworthy.
I had already run TDSS a few days ago, with the same result.
My System SpecsSystem Spec
.

29 Oct 2014   #4
Tookeri

Windows 7 Pro 32
 
 

Have you tried Autoruns?

Safe Mode doesn't process the Run and RunOnce registry keys. One additional startup method is the Winlogon Shell, but that is also skipped if you choose Safe Mode with Command Prompt.

Also it's better to not immediately kill a malicious process. You should try to identify if there's more than one process and suspend them first. Or they can restart each other.

Here's a great guide that uses Sysinternals tools: Microsoft SIR - Advanced Techniques - Malware Cleaning

Here's basically the same thing but explained in a video: Malware Hunting with the Sysinternals Tools | TechEd North America 2012 | Channel 9
My System SpecsSystem Spec
29 Oct 2014   #5
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Quote   Quote: Originally Posted by geverl View Post
Thanks for the suggestion. Kaspersky Rescue Disk 10 has taken some 9 hours to find nothing noteworthy.
I had already run TDSS a few days ago, with the same result.
Ok Rev that is an inordinate amount of time for that to run but at least it rules anything "lurking" or anything like that just about.

Now Tookeri has come up with some good suggestions follow T with those links
My System SpecsSystem Spec
30 Oct 2014   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

My System SpecsSystem Spec
02 Nov 2014   #7
geverl

Windows 7 Pro 64 bit
 
 

I did, I don't have an Igfxupdate.exe.
My System SpecsSystem Spec
04 Nov 2014   #8
3StoneBlue

Windows 7 Home Premium 64 Bit
 
 

Could you back up the data from the infected drive, then do a factory reset of the drive?
My System SpecsSystem Spec
04 Nov 2014   #9
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Shame Laybacks suggestions could not be run but if you want to back up data see this

BOOTABLE UBUNTU

Make a bootable Ubuntu disk http://www.ubuntu.com/download

Set the BIOS to boot from theoptical when the machine boots it will show you a screen with TRY or INSTALL> select TRYnot INSTALL

When it is finished - it takes verylittle time you will get a screen like in the pic .

Open the drive you want > Userand dig down until you get to the data / settings you may be able to copy /paste the material you want to an external source or other installed drive doingthis.

I am not sure if it will but I haverecovered tons of data etc using this method both on "dead" or justplain drives that you cannot get data from using Windows.


PS you will need a DVD a cd is not big enough anymore


Attached Thumbnails
explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17-ubuntu-screen-x2.png  
My System SpecsSystem Spec
05 Nov 2014   #10
geverl

Windows 7 Pro 64 bit
 
 

I could backup and format the infected disk and then just copy the data that I need back to it. In that case I'd also have a backup of the infected Windows partition files, but would not be able to boot into the infected partition anymore.
My System SpecsSystem Spec
Reply

 explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
explorer.exe uses full core pemanently, ntdll.dll!RtlValidateHeap+0x17
As soon as I open Windows Explorer, it uses a full core of my 4 core system. I'm running Windows 7 Pro 64 Bit. Process Hacker shows ntdll.dll!RtlValidateHeap+0x170 as start address for the thread that uses the processor resources. I've tried Process Monitor to find out what this thread is doing,...
General Discussion
Explorer.exe stops responding ntdll.dll
(First Post) Other people here have the same problem, and I got the info on how to create a dump file. The system has 20GB so I had to manually change memory settings for the create regular dump (instead of minidump) to show up. The system never created one however, I think because it never...
BSOD Help and Support
Explorer.exe crash || Faulting module:ntdll.dll file
Its been months that my explorer.exe is crashing at least once a day. I used event viewer to get this detail Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception...
General Discussion
explorer.exe has stopped working, ntdll.dll causes it
Problem: http://img696.imageshack.us/img696/6910/apperror.jpg Faulting application name: explorer.exe Faulting module name: ntdll.dll Any solutions? I've formatted my windows 7 and still goes for the same problem. I've used google and there are lot of people who have this same kind of problem...
BSOD Help and Support
Intermittent explorer.exe crashes (ntdll.dll)
Hi guys. This problem has been frustrating me for months. Explorer.exe keeps crashing at irregular intervals, the crash report denotes ntdll.dll as the culprit. I have uploaded a dump file. I hope someone can point me to the source of the problem. Your help is highly appreciated. Thanks. :)
BSOD Help and Support
Explorer Crashes ntdll.dll
I am joining the wonderful and whacky world of explorer crashes. Several a day depending what I am doing. I have Norton 2010 installed with 4 GBDRAM on a Windows 7 Pro machine and an NVIDIA 9800GT card. Here's the log: Explorer.EXE 6.1.7600.16404 4a765076
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:53.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App