How do you get rid of a memory sucking virus?

I3lue1 · Feb 22, 2015

As the title says.

Problem started when I downloaded a fake torrent (a game).

It was obvious the moment the game wouldn't wanna start. The next time I turned on my PC I'd get popups for EVERY site I'd visit (I do have the Adblocker extension); hell even for youtube I'd get extra adds on the page.

I started searching and found a few obscurely named programs in my Temp folder. I removed them; I did scans with Microsoft Security Essentials, Malwarebytes Antimalware; Mcaffee Rootkit remover.

I ended up making my PC run (somewhat) better again but I constantly have at least 1 Gb of extra ram usage that comes out of nowhere.

When I mean nowhere I mean that I just start my PC and look at task manager. Doing this, I'd get ~ 1.5 Gb of RAM usage, but now I'm getting ~ 2.6 Gb. Whatever I do that extra 1 Gb won't go away.

I checked all the things that boot at startup with Msconfig; I checked all the running processes for all users; I checked the resource monitor but still I found nothing. Adding up all the processes doesn't get me to the total memory displayed by task manager.

My PC feels a tiny bit sluggish but it's noticeable.

Suggestions? Please don't say reinstall Windows because currently I have no way of backing up anything and the soonest I can do that is in 2 weeks or more.

Darkbreeze · Feb 22, 2015

Do ALL of the following as instructed:

http://www.tomshardware.com/forum/8263-63-simple-free-guide-removing-malware

And then kick yourself in the ass for attempting to download pirated software. This is the penance you pay for the road you traveled. Heh.

Darkbreeze · Feb 22, 2015

If you still have issues, you can try restoring to a point prior to the "problem" if you have system restore enabled. If not, you can try a windows repair by doing the following:

http://www.eightforums.com/tutorials/26095-repair-install-windows-8-a.html

I3lue1 · Feb 22, 2015

Thanks for the quick replies Darkbreeze. I'll get to work on them after I finish some house work; will keep you posted in a few hours.

I3lue1 · Feb 22, 2015

Still have the problems. Can't do a roll back since I don't have any restore points; will the system repair also work on Windows 7?

Quick edit: in safe mode I have ~ 1.2 gb used which sounds just right since ~ 1.5 was normal and safe mode boots up with less services.
Is there a way to figure out what differs between the two bootups?

Keep in mind that I checked for the starting items in MSConfig -> nothing suspicious; I'm constantly looking at installed programs, programs running, processes and still I find nothing suspicious.

The only thing the culprit leaves is that the RAM usage is 1Gb more than it should be in the Performance tab and also I managed to use all my memory now: playing WoW and having Chrome with 20-30 tabs open took my memory to 7.5 Gb of ram and WoW started running sluggish. You'd say that Chrome is the culprit but I had the EXACT same scenario before and I was sitting at 5.8 - 6.5 with ease.

Another thing worth mentioning is that whatever action I do in BSPlayer I get an error regarding "can't save configuration file". Aka: I pause the movie -> error; I resume -> error; I close BSPlayer -> error; you name it. I also tried uninstalling and freshly installing and I still get the same thing.

Darkbreeze · Feb 22, 2015

What are your full system specs?

I3lue1 · Feb 22, 2015

Same motherboard as you, AMD FX 8350, 8 Gb (2x4 Gb) Patriot @ 1600 Mhz, MSI 780 ti, 900W PSU.

I've had this setup for half a year and changed 4 Windows installations until now (Windows 7 Ultimate, Windows 8, Windows 8.1, Windows 7 Home Premium); that's why I'm so sure that there's an extra Gb of RAM being used.

Darkbreeze · Feb 22, 2015

Can you post a screenshot of the running processes? Instructions on how are here:

http://www.tomshardware.com/forum/id-2546991/detailed-instructions-posting-images-thread-tom-hardware.html

Also, post a screenshot of all drives/partitions in disk management.

I3lue1 · Feb 22, 2015

I3lue1 · Feb 22, 2015

I had absolutely nothing running.

As I was taking the screenshots, the usage jumped up to 3.15 Gb and it stayed there. I hope I posted all the relevant information.

Darkbreeze · Feb 22, 2015

Nice job, exactly what I was looking for. Partition information looks good. I was worried there might be old boot partitions from the previous installations and that the system was perhaps not using the correct partition tables. Not the case though.

You have an extreme amount of services running, most particularly svchost.exe which is a host process for other programs to run services in windows and is commonly used by Trojans, viruses and malware to implement their payloads. Follow the steps at this link to see if perhaps there is an issue with one of these processes.:

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/

Darkbreeze · Feb 22, 2015

What's with the actualmultiplemonitors process? Do you use the program? I know what the program is, just wondering if it's something you use?

Is tudorel your account name on this machine?

I3lue1 · Feb 22, 2015

Checked every one as per the guide provided by you. All svchost.exe entries point to services located inside windows/system32/

Will have to call it a night since it's late for me; thanks for the support and I hope we can figure it out eventually. Will get back on it tomorrow a.s.a.p.

Darkbreeze · Feb 22, 2015

Sounds good.

Vic 40 · Feb 22, 2015

There's one svchost.exe that uses "673,536KB",can you right click and look at which service is using it?

Another forum where they might be able to help you better is this one,
http://spywarehammer.com/simplemachinesforum/index.php/board,10.0.html
don't think there's a truly dedicated forum here to handle this.Make sure you read the stickies first before posting,especially nr 1+2.
These guys have tools that really help and the knowledge how to use them. No offence to darkbreeze.

Darkbreeze · Feb 22, 2015

None taken. I'll be the first to admit I'm more of a hardware guy than a software tech. In fact, I might just go check it out too. Every day you don't learn something new is a waste of a good opportunity.

I3lue1 · Mar 22, 2015

Thank you for your answers guys and sorry for ungodly late reply but I had a very tight schedule.

Sadly, the amount of time needed to apply Vic40's method is pretty much the same as re-installing Windows. So, eventually I'll just re-install Windows and that's that.

Thanks for the help guys! I can't really chose a best answer since both of you gave your all to solve the issue :S.

Vic 40 · Mar 22, 2015

I3lue1 :

Since darkbreeze helped you through most of the topic could you pick one of his answers,just to close the topic,maybe his first since that one probably hits the nail on the head.

How do you get rid of a memory sucking virus?

Distinguished

Retired Mod

Retired Mod

Distinguished

Distinguished

Retired Mod

Distinguished

Retired Mod

Distinguished

Distinguished

Retired Mod

Retired Mod

Distinguished

Retired Mod

Titan

Retired Mod

Distinguished

Titan

Share this page