1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

File process using 100% of CPU all the time - Please help

Discussion in 'All other topics' started by Oriphus, Nov 19, 2004.

  1. Oriphus

    Oriphus Senior member

    Joined:
    May 31, 2003
    Messages:
    6,011
    Likes Received:
    0
    Trophy Points:
    116
    Hi, I have a process on my computer called "setupobjmeow" that uses 100% of the CPU all the time. Does anyone know what this process is? It keeps loading itself up, even after i end the process in the Windows Task Manager. When i end it, the computer speeds up again to its normal speed. The operating system is Windows XP Pro with SP2 and Longhorn extentions (later probably not relevant).

    Any help would be appreciated
    Thanks
    Chris
     
    Last edited: Nov 19, 2004
  2. Veblin

    Veblin Active member

    Joined:
    Feb 27, 2003
    Messages:
    1,241
    Likes Received:
    0
    Trophy Points:
    66
    Sounds like a trojan.
    See these.
    http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=meow.exe
    http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=trojan+meow.exe
    http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=trojan+swizzor

    Have you tried both Ad-Aware and Spybot S&D?
    I am not sure if either of those have a chance at removal. This could be a difficult one. You may have to try other spyware and trojan removal programs to find one that works on this one.
    http://www.anti-trojan-software-reviews.com/
    http://www.spywareremoversreview.com/
     
  3. Xian

    Xian Regular member

    Joined:
    Jun 27, 2003
    Messages:
    956
    Likes Received:
    0
    Trophy Points:
    26
    I would check your registry too
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Many trojans and spyware put entries in that key so that they run every time the computer is started. I would try to see if anything in there looks unfamiliar.
     
  4. Oriphus

    Oriphus Senior member

    Joined:
    May 31, 2003
    Messages:
    6,011
    Likes Received:
    0
    Trophy Points:
    116
    Hi, thanks for your replies. Its not listed in the registry edit and i am running all of these programs and nothing is picking it up:

    Windows XP Pro SP2 - with virus/trojan protection
    Firewall
    MacAfee Antivirus - Latest
    SpyHunter - LAtest
    Spy Sweeper - Latest

    Nothing is picking it up, yet still it keeps loading up, even when i switch user and then go back, it has somehow loaded up most times. If only i could find its route file?
     
  5. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    600
    Likes Received:
    1
    Trophy Points:
    26
    Try downloading HiJackThis and posting your log here.

    CJC
     
  6. Oriphus

    Oriphus Senior member

    Joined:
    May 31, 2003
    Messages:
    6,011
    Likes Received:
    0
    Trophy Points:
    116
    Hi, thanks for your help. The problematic program is called setupobjmeow and using all of the cpu. I have the log from HijacThis. Here it is: I've highlighted the program in bold

    Logfile of HijackThis v1.97.7
    Scan saved at 16:10:11, on 20/11/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\GSICON.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\devldr32.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\GSICON.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    [bold]c:\docume~1\x1-chr~1\applic~1\sendgr~1\setupobjmeow.exe[/bold]
    C:\WINDOWS\system32\taskmgr.exe
    C:\Chris\Downloads\Spyware Removal\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ynshpmdfznwwuey.com/ktdqreX1ZGrhgA4YNSoMsTHXbgsM2a4TaiZsi9uCx42mx7KfABgpmZa25rIYF0zr.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.46.8.9:8080
    O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\winhlp32.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3EE53CA6-2A93-1C87-6C04-12C03B6525D2} - C:\DOCUME~1\X1-CHR~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe
    O2 - BHO: (no name) - {6526C900-B74D-18DF-3A3D-0926FFB0BD1E} - C:\DOCUME~1\KATEMA~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [clfvrgsr] C:\WINDOWS\System32\dihvxzjy.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Jump camp shim multi] C:\Documents and Settings\All Users\Application Data\ooze deaf jump camp\knobmove.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [Media Gpl Cast Pile] C:\Documents and Settings\All Users\Application Data\keep safe media gpl\once setup.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [YourMP3] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:YourMP3:t
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [titlehope] C:\DOCUME~1\X1-CHR~1\APPLIC~1\SENDGR~1\roamexit.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: YourMP3 (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099873619890
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-gb/gbp/games4.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.5880439815
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FB668FF9-E7C2-49CC-A763-4F7913357B73}: NameServer = 194.46.8.51 194.46.8.2
     
    Last edited: Nov 20, 2004
  7. Oriphus

    Oriphus Senior member

    Joined:
    May 31, 2003
    Messages:
    6,011
    Likes Received:
    0
    Trophy Points:
    116
    I just deleted the file from the location it gave. Im hoping that this will correct the problem, i don't know though.
     
  8. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    600
    Likes Received:
    1
    Trophy Points:
    26
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ynshpmdfznwwuey.com/ktdqreX1ZGrhgA4YNSoMsTHXbgsM2a4TaiZsi9uCx42mx7KfABgpmZa25rIYF0zr.html
    O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\winhlp32.dll
    O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE (Thats a Trojan dialler)
    O4 - HKLM\..\Run: [clfvrgsr] C:\WINDOWS\System32\dihvxzjy.exe
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe

    Put a tick in all of the above

    **O2 - BHO: (no name) - {3EE53CA6-2A93-1C87-6C04-12C03B6525D2} - C:\DOCUME~1\X1-CHR~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe
    **O2 - BHO: (no name) - {6526C900-B74D-18DF-3A3D-0926FFB0BD1E} - C:\DOCUME~1\KATEMA~1\APPLIC~1\SIGNJU~1\FIRST DEAD.exe
    **O4 - HKCU\..\Run: [titlehope] C:\DOCUME~1\X1-CHR~1\APPLIC~1\SENDGR~1\roamexit.exe

    Those 3 i have never seen before, if you know what the program is leave it, if you dont put a tick in them aswell

    Click on fix selected.

    Now once thats done, a few more steps

    Download, Update from Program Menu, and run the following:

    Adaware - http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-1

    Spybot - http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html?tag=lst-0-2

    Once that is done, go to http://housecall.trendmicro.com and run an online virus scan.

    Once that is done you should be all right.

    Also make sure you delete the setupobjmeow file, you may need to go into safe mode though.

    CJC
     
  9. Oriphus

    Oriphus Senior member

    Joined:
    May 31, 2003
    Messages:
    6,011
    Likes Received:
    0
    Trophy Points:
    116
    Hi, thanks. I did all that. I deleted/quarantined all of the stuff that Ad-Aware displayed (305 of them) after doing the HijackThis as you stated. It seems to have turned off my MacAfee Virus software though and i cant turn it back on. Maybe when i restart it will work, or else i suppose i can download a fresh copy from MacAfee. I did the Search & Destroy and it came up with a few more that i quarantined and deleted. I ran the online virus scan and it found four viruses which i deleted. I hope this is the end of my problems.

    Thank you very much for your help
    Chris

     
  10. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,072
    Likes Received:
    80
    Trophy Points:
    128
    highest # of spyware on a computer i've worked on was 1164 & a friend worked on one that had about 1400 spywares on it
     

Share This Page