New
#11
Hello All,
The GPU pegged to 100% again.
I was premature in my assessment that all was well. In Fact it is possible the deleting my user profile may not have been required in the remediation process.
I found that AMD released a new Beta Driver (amd_catalyst_13.10_beta.exe) so I thought perhaps that would not hurt to download that new driver and begin to prepare for a new OS install after a drive wipe.
I downloaded the driver saved it and also installed it.
During the install (with the GPU screaming) I got an error message about timeserver.exe crashed.
That was very suspicious so I began to research that.
Found this site:: http://forums.malwarebytes.org/index.php?showtopic=128536
I followed the guided instructions very carefully, mindful that this was a very exact remedy for a specific problem.Hi everybody,
A few days ago my PC began running very slow. To try and find a solution I began to run my trusted group of virus scanner and male ware scanners, Malwarebytes Anti-Malware of course included. However my attempts of finding the solution seem to bring zero results. After poking around in the task manager is seem to find a process called TimeServer.exe that was eating a lot of CPU power. In my shock I hastily ended the process, a bit drastic but it seems to stop harassing my CPU and everything seems to be calming down.
So now that I found my evil doer my job was to identify it, however here I also found some problems in identifying the culprit. In my search I found two things http://processchecke...Server.exe.html saying it might be a bitcoin miner and the 2nd item was http://forums.malwar...howtopic=125666
I knew I needed help getting rid of it even if I found the monster.
I followed the "I'm infected - What do i do now?" and read some posts and the guide lines. After i did the preparations for the files in my post, I did some more digging and found the culprit located in C:\ProgramData\Microsoft\Windows\Time also I highlighted some interesting things I already found in the DDS.txt below. My apologies if I did something wrong but i try to give a much information to help you, help me . Also English is my second language so sorry for any spelling and grammar mistakes.
Any advice would be a great help in getting rid of this monster. Also my thanks and appreciation for any help in advance.
I ran the RogueKillerX64.exe and found a rogue script and deleted it::
Rogue ST Task 4458 wscript.exe c:\users\%USERNAME%\APPDATA\LOCAL\TEMP\Launchie.vbs //B
I then ran the combofix.exe scan first
Found the same results as listed on the website, so I ran the script file with combofix.exe
It killed the bad folder and all of its contents.
Followed up with the remaining steps suggested on the site.
I am pretty sure that I have it killed off this time. But I will monitor it closely and post in a few days if it stays clear.
Although the Malwarebytes application did not catch this custom rogue code in a scan the website and its members and expert assistance is very top notch as are the members of this great sevenforums board.
Take Care,
Del (Carefully optimistic)
Last edited by Delscorcho; 05 Sep 2013 at 20:09. Reason: format