Possible Spyware

[Ferociouself]

Whenever I start up my computer, I notice that my video card suddenly jumps to 100% usage without me doing anything. I've checked my task manager as soon as possible, and I've noticed that an FTP process opens up, and soon after a (what I assume to be fake) rundll32.exe appears. I check the file location, and it appears to be in the AppData/Local/Temp folder. The folder is a random assortment of letters and numbers, and the folder itself ends in .tmp. I delete it every time, and empty the recycle bin, but it always comes back. When I end that .exe, the video card goes back down to 0% usage. What I believe is happening is this FTP is getting in and installing something to the temp folder, and then the .exe runs. Is there any way to stop this so I don't have to do this whole process every time?

 

[Trotter]

Download Malwarebytes AntiMalware (link), install it, and update it. Boot into safe mode and then scan your computer with it. Have it delete everything that it finds. And then see if that clears it up.

 

[Ferociouself]

Alright, I followed your instructions. Nothing was found with MBAM, and I have the logs if it will help. I also got the command lines being used by the fake rundll32.exe start process, if it will help. They are listed below. They usually come on one after another, with the final one staying on until I turn it off.

cmd /c ""C:\Users\Username\AppData\Local\Temp\19C6.tmp\123.bat" "
cmd /c ""C:\Users\Username\AppData\Local\Temp\19C6.tmp\copi.bat" "
cmd /c ""C:\Users\Username\AppData\Local\Temp\19C6.tmp\start.bat" "
rundll32.exe -k phatk -o 02adm1.chickenkiller.com:80 -u admssl2 -p 123 -I 1

 

[Ferociouself]

Also, I've found that I'm able to stop the process from carrying out if I end the first process that pops up. I think that means that they are dependent on each other. However, if I try to end them after the first 2 have started, then the process will carry out nonetheless because it is too late.

 

[carnageX]

Check msconfig and see if they are listed on the Startup tab. If they are, disable them and reboot, then re-scan with MBAM (make sure you update it first).

 

[Ferociouself]

I actually did that as well, but thanks for the advice. I believe that I actually solved it by running ComboFix. I ran it and it detected some files, and deleted them. After restarting, it seems to have solved it. Hopefully it fixes it for good. If there are any further problems, I will definitely come back here. Thanks for the help everybody!

 

[rnaderpo]

It is very unlikely that a malware causes your video card fan speed to increase. But just in case, run Malwarebytes and Superantispyware in a safe mode and see if they find anything...

Before you do those, clear your temp folders.

 

[GLaDOS]

Maybe try closing ports 20 and 21 on your firewall? Then running the malwarebytes?

 

[mashia]

Is it really spyware or virus?

 

[Matt77]

Is it really spyware or virus?

Probably