Workstation had a 100% CPU process .. help me

Question

Today, while I was doing some vector on Illustrator, suddenly it lags, even my cursor is stuck and moves slowly. I was playing some music at the same time, it got stuck too. Here's a screenshot of my task manager. It was listed as Svchost.exe*32 under the name Comodo Dragon and stays under Chrome. I used Kaspersky TDSSKiller, Microsoft Essential with no result.

I can't delete it because it was running. Whenever I stop the process, it restarts itself again. when finally I did managed to delete it, when I restart, there it is again. I had a couple of people using this computer these few days for some editing on Illustrator.

enter image description here

Sounds like a typical virus but you could try uninstalling any Comodo Firewall software too — SpliFF, Apr 22 '13 at 10:23
I dont use any Comodo Apps . how to delete malware if my pc wont even recognised it ? — Gix, Apr 22 '13 at 10:37
You should accept an answer. That way the question will be seen as solved. Don't edit the question and mark it as solved! — Simon, Apr 23 '13 at 11:34

score 1 · Answer 1 · answered Apr 22 '13 at 11:21

1

Okay, if it is a virus and it is appearing again when you restart, try this:

Note the location
Restart in Safe Mode
Delete the file from the File System
Go to Start > Search for "Run" (or press Windows button + R)
Type "MSConfig" and press enter
Go to the "Startup" tab
Look for the file in the list (May be under another name but 'Location' field should be correct but possibly shortened)
Untick the selection
Click Okay
Restart

Be careful when editing in MSConfig, you can mess up your system if you start messing about with the wrong stuff in there.

This should get rid of it. When you logon next a message might show, just say you don't want MSConfig to show when you boot up

Let me know how it goes.

answered Apr 22 '13 at 11:21

Skepi

111
2

Of coursed, in the general case rather than deleting the file it should be renamed and moved somewhere else, in case it really was not malware but some important system component. Then delete it once system operation seems normal again (or as "normal" as Windows ever gets). – Daniel R Hicks Apr 23 '13 at 11:53
As I said, be careful. I agree with Daniel. The only reason I said to delete was because the file was: "SVChost.exe" which it says is run by User "zam" and description is "Comodo Dragon. If this were a valid "SVChost.exe" it would be run by either System, Local, or Network. That and it would not be located in the Google Chrome AppData folder – Skepi Apr 23 '13 at 13:24

score 0 · Answer 2 · answered Apr 22 '13 at 10:33

You could try to upload the file to: https://www.virustotal.com/de/

It should tell you that the file is a virus/malware.

You can then try to download autoruns (http://technet.microsoft.com/de-de/sysinternals/bb963902.aspx) and reboot in safe mode (F8). There search for the entry that runs this file and remove it. Maybe this is enough.

Workstation had a 100% CPU process .. help me

2 Answers2