Windows 7: Amd sapphire 7770 high activity while idle

20 Aug 2013   #1

windows 7 ultimate x32
Amd sapphire 7770 high activity while idle

Hi All,

My graphic card is having activity 97% even while its in idle. Had CCC 13.4 tried re installing, didnt help.
Currently installed 13.8 beta still same issue.

Card was overclocked before but had set everything to default settings. Should be a software issue is guess

Thanks in advance..

20 Aug 2013   #2

Win 7 Pro x64, Win 10 Pro x64, Linux Light x86

20 Aug 2013   #3
Das Rha

Windows 7 Ultimate x64

^^^ Same. I bet money it's the new malware everyone's been seeing that mines bitcoins on Gpu's. Horrible thing but easy to repair. If MWB can't fix it, PM me I have an exe file that someone created that is very versatile and can remove most cases of this Malware; pretty confident you got it.
20 Aug 2013   #4

windows 7 ultimate x32


Thanks to Stephanie and Das. I thought Avast would be enough to protect my system. Check the Malware bytes log.

Memory Processes Detected: 2
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> 2816 -> Delete on reboot.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{845D66F9-A5B9-A0AF-466D-DB802E6066E5} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Data: mysearchdial Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (Mysearchdial Search) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 8
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
C:\Users\\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Program Files\Java\sidebar.exe (Trojan.BitCoinMiner) -> Delete on reboot.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{25F72E33-523F-4055-A2BE-1A1DFE140CC5}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\balakarthi\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Thanks again. Will recommend MB along with Avast from now on.
21 Aug 2013   #5

Windows 7 ultimate x64

Hi bala, did running the Malwarebytes helped?
21 Aug 2013   #6

windows 7 ultimate x32

Quote   Quote: Originally Posted by archer View Post
Hi bala, did running the Malwarebytes helped?
Yes archer no issues now.
22 Aug 2013   #7

Windows 7 ultimate x64

Perfect, congrats!
22 Aug 2013   #8

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1

I was a paying Avast! customer myself and fired them after the subscription ended, twice things got by it.

Scan with malwarebytes' at least weekly if you use ANY free a/v is what I recommend, I may have to switch to that myself.

Or just pay for malwarebyte's product and let it be your real time monitoring solution. 8)
24 Aug 2013   #9

Microsoft Windows 7 Home Premium 64-bit Service Pack 1

Try running Malwarebytes Chameleon next, and see how much more malware you can slay at once.

To run: Start > All Programs > Malwarebytes' Anti-Malware > Tools > Malwarebytes Chameleon

Follow the directions.

Note   Note
This tool will attempt to launch Malwarebytes in an attempt to update the definitions, especially if malware has taken over and prevented any other AV/AS tool from working. Even if it fails, it will then try to slay the malicious processes before trying to run Malwarebytes in Quick Scan mode.
Chameleon may not work if Malwarebytes itself needs an update, or if you're running the Windows 8.1 release preview.
05 Sep 2013   #10

Windows 7 Ultimate X64 & Windows 8 X64

Hello All,

I am running a different Video Card but still an AMD. (doubt that the video HW has anything to do with issue) My Card-->XFX Radeon HD 7970 GHz Edition 3GB FX-797G-TDFC

I had the exact problem and the replies on this topic helped me key into the problem and eradicate it.

I had never heard of bitcoin mining botnets or anything of the sort and was very disturbed that Malwarebytes did not have even the slightest clue that my system was boarded and my GPU was being baked by a foreign program.

Neither my MS Defender nor Malwarebytes' Anti-Malware full scan even with chameleon found anything that could have been causing the issue with my runaway GPU processes and associate heat and loud fan noise.
It found some stuff and I removed it all, but it was just adware stuff and nothing that helped when it was removed. Several post scans revealed they were gone and found nothing new.

After further browsing of the Internet for possible help I came across some folks that identified the iehighutil.exe as being a part of the \"0Access\" or \"ZeroAccess\" bitcoin mining botnet and found that file in my system startup and its associated file location in c:\temporary.

Another Virus found spreading quickly. This virus installs malwares on your system silently and exploits your GPU leading to a messed up one. Unfortunately, Antivirus Software’s don't detect this one. These viruses probably pass down to your computer via Torrents and some other sources.

How to check if I have the Virus?
Check your task manager for processes with these names -

How to remove the virus?
1. If you've the virus you'll have a folder named Temporary in your System Drive. For eg:- C:\Temporary. You'll see the virus there. So delete that folder.
2. Block the programs - ieutil.exe and iehighutil.exe with an Antivirus Program.
3. Run msconfig and delete iehighutil.exe from startup programs.
4. Run regedit search and find(Ctrl +F) iehighutil and delete the whole folder.

Even after deleting the files and the folder and removing any reference to it in my registry and several reboots, I was still plagued with this menace of what sure seemed like a GPU hijack for bitcoin mining. I was almost ready to wipe and reload My OS and in preparation I logged in with a secondary Admin account to back up my docs and profile. That is when I noticed that the GPU was calm and unaffected.

So I backed up the suspect user profile then deleted it completely and then logged into the old account and widows rebuild my profile and that killed whatever was present on my system.

It must have had some nasty files running (that were undetected by MB and MS defender Mind you) somewhere in my app data or elsewhere in my User Profile.

I am so happy to be rid of this menace and to have a calm, cool and noise free PC again.

I wish I could have used a smaller hammer than wiping out the user profile, but I was glad I got rid of the menace and did not have to reload the OS and all my APPS and non-steam games again.

Not so fast.. See the next post to see the ongoing saga..

Thanks for the advice and steering me in the right direction all.

Take Care,
