|
Problem description: My computer has been running at 99-100% Disk C for the last month or two, really slowing down everything. I can't pinpoint what exactly is causing so much usage, at first I thought it was some perpetual Windows memory dump getting hung up on something. I forgot I had the "NetworkGenie" program on my computer (it's an annoying program and I should probably get rid of it) and decided to open it up to check through what was using the internet. I came across a "diagtask" program running which I assumed to be the "Windows Diagnostic Task...." but after searching around it seems there is a Bitcoin Miner Trojan that mimics this process. I would really appreciate someone helping me with either A.) fixing the windows memory dumper/corrupted memory or B.) figuring out if there is, in fact, malicious software using my computer to mine bitcoins. I should also note I get blue screens at least once a day about either kernals, memory, etc. I will be sure to take note of the exact prompts next time they happen. Also my sfc /scannow always fails. Attempted fixes: I have tried running anti-virus scans, CC Cleaner, Malewarebytes, disk space cleaning, defragging, uninstalling old programs, cmd prompt commands such as "sfc /scannow" which always fails, disabling Window search functions and Cortana (which I think are still running somehow), Farbar Recovery Scan Tool [FRST64] (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/), and some free online ESET virus thing (https://www.eset.com/us/online-scanner/) which blue screened my computer the one time I tried it. I have done the majority of all procedures in both normal and safe mode, literally anything but a hard reset to factory defaults. If anyone is familiar with that "FRST64" program, here is the pastebin of the log I received: http://pastebin.com/TDBBfNQn Here are some things I picked from that log file I though might have potential of being bad for my computer: http://pastebin.com/THjGZcJd SFC Details Log (I'm pretty sure my computer crashes / sfc stops at the last point on the log): http://pastebin.com/KHTXckVA Additional thing I tried #1: http://www.tomshardware.com/answers/id-2045646/windows-100-disk-usage.html Additional thing I tried #2: https://www.infopackets.com/news/9620/how-fix-sfc-scannow-fails-wont-complete Windows Log - Application: https://www.dropbox.com/s/qmo0selzeq3jqjq/Windows%20Logs%20-%20Applcations.evtx?dl=0 Windows Log - Security: https://www.dropbox.com/s/yz675x3l9mqkxkz/Windows%20Logs%20-%20Security.evtx?dl=0 Windows Log - Setup: https://www.dropbox.com/s/kzbt3vv91ypjk51/Windows%20Logs%20-%20Setup.evtx?dl=0 Windows Log - System: https://www.dropbox.com/s/3esdm32mrtohe8o/Windows%20Logs%20-%20System.evtx?dl=0 Recent changes: I let my gf start using my computer around the same time I began noticing increased Disk C usage, she was watching xfinity stuff. Possibly just coincidence. Other than that I haven't really added anything new / hardware still the same. She might have downloaded a fake java update at some point, I heard that was a thing. -- Operating system: Windows 10, 64 bit System specs: Processor: Intel Core i5-4570 Haswell Quad-Core 3.2 GHz LGA 1150 84W BX80646I54570 Desktop Processor Intel HD Graphics Motherboard: MSI B85-G41 PC Mate LGA 1150 Intel B85 HDMI SATA 6Gb/s USB 3.0 ATX High Performance CF Intel Motherboard Graphics Card: ASUS GTX660 TI-DC2O-2GD5 G-SYNC Support GeForce GTX 660 Ti 2GB 192-Bit GDDR5 PCI Express 3.0 x16 HDCP Ready SLI ... Memory: G.SKILL Ripjaws Series 8GB (4 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 (PC3 12800) Desktop Memory Model F3-12800CL9Q-8GBRL Power Supply: XFX P1-650X-XXB9 650W ATX12V 2.2 & ESP12V 2.91 SLI Ready CrossFire Ready 80 PLUS BRONZE Certified Modular Active PFC Power Supply Hard Drive: Seagate Desktop HDD ST500DM002 500GB 16MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive Bare Drive Additional Hardware: Razer Anansi keyboard, Razer DeathAdder mouse, Razer Kraken headset Location: United States I have Googled and read the FAQ: Yes Bigbillthaboss fucked around with this message at 08:48 on Aug 9, 2016 |
#
?
Aug 9, 2016 08:08
|
|
|
|
| # ? May 5, 2024 17:53 |
|
|
A bitcoin miner would cause CPU or GPU usage, high harddrive usage indicates a failing drive. This is backed up by the slow performance, SFC failing, and the bluescreens you're getting. There's also nothing suspicious in your logs that I see on a quick glance. Post a screenshot of the Crystal Disk Info (standard edition ZIP) window for your system drive, I'm expecting it will show "Caution" or "Bad" which means the drive has failed and will need to be replaced.
Alereon fucked around with this message at 19:00 on Aug 9, 2016 |
|
#
?
Aug 9, 2016 18:58
|
|
|
Have you tried WinDirStat yet? https://windirstat.info/ It scans your drive(s) and ranks folders from largest to smallest. This tool is great for playing "hunt the disk hog"
|
|
#
?
Aug 9, 2016 22:07
|
|
|
Hey guys, thanks for your responses! I would like to say I do experience a lot of fluctuations with CPU as well, I'm can't answer for the GPU as it's not something I readily check/observe. I'll be sure to edit this post with a proper response once I have a minute tomorrow. I would like to note that my Firefox appears to use a lot of resource for some reason as well. I think I got rid of one faulty registry/driver (I'm not sure what they exactly were). CCleaner kept having issues deleting these 2 specific folders with long random letter-number combination key code looking things. I had to go in, set myself as controlling user, remove the "children" of file, then delete it manually. I think this may have helped things a little bit, still experiencing a slowing system however. Should I uninstall Avast? It really uses a lot of memory/etc. and I hear they haven't had the best reputation here lately. Also - you didn't think that "C:\Users\Public\AlexaNSISPlugin.624.dll" was potentially a malicious file in the fixlist pastebin under "files to move or delete"? I removed it anyway, it had placed itself in a public folder I had not really seen before. Edit: Crystal Disk snippet - http://imgur.com/a/f4SHf Bigbillthaboss fucked around with this message at 08:09 on Aug 10, 2016 |
|
#
?
Aug 10, 2016 07:41
|
|
|
Yes absolutely uninstall Avast, do not use third-party antivirus software. It slows down your computer, causes system problems, and makes you MORE vulnerable to viruses and malware. The Microsoft-provided protection is all you need. Alexa is not malicious, and it is not weird for you to see folders with long random letter-number combinations, those are called "GUIDs". Nor is it weird for a web browser to use lots of resources. Honestly I think you are going on a wild goose chase for malware that is not helping you identify and fix any actual problems with your computer. The important thing is that bluescreens almost always indicate a hardware problem with the computer, malware would usually appear as ads or heavy CPU/GPU load. Just to clarify, when you're talking about "disk usage", are you only worried about disk space, meaning the disk is full? If so that's much simpler, since you were talking about bitcoin mining and stuff I assumed you were looking at the disk usage meter. Just run a program like Dr Cox linked as Administrator and it will tell you where the space is going. Your Crystal Disk Info log doesn't have obvious warning signs, but Seagate drives don't log errors in the same way as other drives so that's not super comforting. I would suggest running the Windows Memory Diagnostic from Start, Search, Memory.
|
|
#
?
Aug 10, 2016 16:56
|
|
|
Memory diagnostic didn't find anything wrong.... maybe my computer is just getting old. I appreciate all your help anyways, thanks alot!
|
|
#
?
Aug 12, 2016 00:36
|
|
|
Bigbillthaboss posted:Memory diagnostic didn't find anything wrong.... maybe my computer is just getting old. I appreciate all your help anyways, thanks alot! I'd do a scan using Windows Defender Offline: https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc If your HD is still constantly churning that's not a good sign. I'd backup important data to another HD.
|
|
#
?
Aug 12, 2016 21:51
|
|
|
|
| # ? May 5, 2024 17:53 |
|
|
Is your C drive 100% full or at 100% utilization (never spinning down?)
|
|
#
?
Aug 14, 2016 18:41
|
|