Z.exe takes 99% of CPU

Page 1 of 2 12 LastLast

  1. Posts : 6
    windows 7
       #1

    Z.exe takes 99% of CPU


    hello. my computer was lagging lately so i checked task manager and i found that file named Z.exe is taking like 100% of cpu
    i googled it and found the program Malwarebytes, downloaded, installed and scanned it found the Z.exe and like 50 more malwares i deleted all of em but this one stays... i tried deleting it and scanning several times but no effect.
    can anyone help me ?
      My Computer


  2. Posts : 6
    windows 7
    Thread Starter
       #2

    imgur: the simple image sharer
    it says mbamgui.exe because its in quarantine.
    imgur: the simple image sharer
    the Command line: minername.exe -a 60 -g no -o http://bg.hardair1.com:8332/ -u p0rnstar_worker -p password
      My Computer


  3. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #3

    Hi,

    I think you might need to consider scanning from outisde the Windows environement with this:

    https://www.sevenforums.com/tutorials...m-sweeper.html

    Be careful what you download with torrents - this is arguably the greatest source of malware infection.

    Regards,
    Golden
      My Computer


  4. Posts : 18
    Windows 7 Ultimate x64
       #4

    Hi Sorter,

    Can you post the log from Malwarebytes Anti-Malware please?

    Please download DDS by sUBs from one of these locations:

    Link 1
    Link 2

    Link 3


    Double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt

    Save both reports to your Desktop. Post them back here for review.
      My Computer


  5. Posts : 3
    Windows 7 Home Premium 32bit
       #5

    Firstly, you should google that, then check if it's a virus or a application thats taking up your cpu usage. I suggest you to do a complete scan with your anti spyware/virus software, to check if there's any virus running in your system.
      My Computer


  6. Posts : 91
    Windows 7 Home Premium x64 SP1
       #6

    Try scanning with hitman pro and see what it comes up with.
      My Computer


  7. Posts : 6
    windows 7
    Thread Starter
       #7

    heres the first scan with malwarebytes

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8041

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    10/29/2011 8:30:44 PM
    mbam-log-2011-10-29 (20-30-44).txt

    Scan type: Full scan (C:\|D:\|G:\|)
    Objects scanned: 313176
    Time elapsed: 37 minute(s), 1 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 52

    Memory Processes Infected:
    c:\Users\z. lama\AppData\Roaming\regsrv64.exe (Trojan.Agent) -> 3584 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Trojan.Agent) -> Value: Microsoft DLL Registration -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\\AppData\Roaming\regsrv64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\1174.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\136F.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\188.exe (Trojan.Taskupdate) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\1966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\1984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\1AE0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\2DD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\3257.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\39EE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\4351.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\462C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\4846.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\49CF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\4A07.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\4BCF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\50A3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\5A07.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\5C6D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\5CFD.exe (Trojan.Taskupdate) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\65EA.exe (Trojan.Taskupdate) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\67C6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\6C2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\6CBD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\6FC7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\7D35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\85C4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\886D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\8A54.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\8C21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\904F.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\9137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\E757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\EE48.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\F55.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\F90B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\F95D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\9B71.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\9F80.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\A270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\A668.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\AA17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\B33B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\B435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\B6DE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\B81A.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\BB6D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\BF1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\C37A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\D75A.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\DF27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    and the second
    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8041

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    10/29/2011 11:24:04 PM
    mbam-log-2011-10-29 (23-24-04).txt

    Scan type: Full scan (C:\|D:\|G:\|)
    Objects scanned: 314145
    Time elapsed: 41 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\\AppData\Local\Temp\acd\z.exe (Trojan.Agent) -> Delete on reboot.
    c:\Users\\Desktop\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
    c:\Users\\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\dat.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
    with avast6 it found the Z.exe . deleted successfully but it started up again. so i scanned again and it finds nothing now.

    thanks everyone ill start trying those right now. gonna post the results


    also. i googled it but only advertising sites come up. nothing usefull
    Last edited by sorter123; 30 Oct 2011 at 02:25.
      My Computer


  8. Posts : 6
    windows 7
    Thread Starter
       #8

    heres the DDS
    Z.exe takes 99% of CPU Attached Files
      My Computer


  9. Posts : 6
    windows 7
    Thread Starter
       #9

    Golden said:
    Hi,

    I think you might need to consider scanning from outisde the Windows environement with this:

    https://www.sevenforums.com/tutorials...m-sweeper.html

    Be careful what you download with torrents - this is arguably the greatest source of malware infection.

    Regards,
    Golden
    i used this. found nothing


    okay, so i used Hitman pro 3.5 it found like 15+ viruses Z.exe too .. also theres this Dat.exe which is located in Startup that can be related to Z.exe . so after the scan it just deleted all those viruses, i rebooted but Z.exe is still here.

    any suggestion ?
      My Computer


  10. Posts : 10,994
    Win 7 Pro 64-bit
       #10

    Try using Malwarebytes, Hitman Pro, etc after booting into Safe Mode.

    Safe Mode

    If that doesn't work you might want to try the suggestion in Bleeping Computer on how to manually remove trojans, viruses, worms, and other malware by using a free program called Autoruns. (Scroll down about half way to see the steps involved.)

    How to remove a Trojan, Virus, Worm, or other Malware
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:57.
Find Us