High CPU usage with closed task manager, igfxupdate.exe-like virus?

[Kromdar]

Whenever I use my laptop I noticed the fan starts running on full speed even when not running any applications. When I open task manager to look for the culprit i see my CPU running on 100% for a fraction of a second and then shooting down to under 10%. It was too fast to see what application it was so i recorded my screen and it seems to be windows task manager itself using 100% of the CPU. As long as task manager is open, my laptop keeps behaving normally.

I have looked for solutions online and could find many threads on forums about a trojan called igfxupdate wich disguises itself as another windows application and knows to shut itself down as soon as task manager opens. I've checked CWindows and CWindows/System32 for igfxudate.exe but no such file is to be found. I also checked those folders for any new files added to the folder on the date the problems started but nothing was added on that date (but i suppose it wouldn't be that hard for a virus to disguise that).

Is anyone aware of any recent virus/trojan that behaves similarly to the igfxupdate trojan and how to fix it?

 

[zoltan.boese]

https/www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZyYGMyv_ZAhVRbFAKHZ4qDVUQFggoMAA&url=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_7-security%2Figfxupdateexe-forces-cpu-to-load-100%2F5936cbd2-a758-4a27-946f-0bac401d56f3&usg=AOvVaw3n2BZfaC4LT8YST3psqPsk

 

[mdd1963]

the utility, "Last Activity View" will show you everything down to the microsecond opening, running, starting, stopping from bootup until shutdown by examining detailed event logs not normally visible from within Windows...

https/www.nirsoft.net/utils/computer_activity_view.html

I'd think running this utility after a reboot, waiting for sounds of high fan action/cpu activity, and then opening task manager followed by immediately opening the utility will allow you to track down what service is terminating,as, clearly some form of malware (probable a crypto currency miner) is attempting to evade detection...

 

[Kromdar]

Thank you for your answers. I've been trying to identify the virus with "Last Activity View" As mdd1963 suggested, but I have no idea what i should be looking for. I can see a lot of .exe files being run, but how do you differentiate if these applications are stopping or starting?

I noticed officeclicktorun.exe and officec2rcliënt.exe starting alot and found it weird since i wasn't using office at that time. Could that be it?

 

[mdd1963]

I'd sure be tracking those down....; were I going to atempt to clandestinely plant a crypto currency miner in someone's rig, I'd sure want it sounding innocent, and not quite labled as "Evil-resource-hogging-miner- hack.exe

I'd hope that last activity view would show you exactly what was stopping almost to the instant you fire up task manager....

Microsoft/SysInternals' "Process Explorer" might be better for seeing things starting/stopping, after changing Options/Difference Highlight Duration to 5-6 seconds or so.... will allow you to celarly see things start (turn green) and stop (turn Red, then disappear)

https/docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

[hotdinsomniac1995]

i had the same issue the day you started this thread found a trojan that hides itself ans soundmixer.exe to be the problem

 

[bignastyid]

Necro posts removed and thread closed.