Explorer.exe High CPU Usage, probably not malware, can't find the problem - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 10-22-2017, 05:47 PM   #1 (permalink)
Newb Techie
 
Join Date: Oct 2017
Location: Brazil
Posts: 4
Default Explorer.exe High CPU Usage, probably not malware, can't find the problem

Hi!

Recently I realized that explorer.exe was using too much cpu, floating between 30% to even 70% of CPU's overall usage, even if nothing but explorer is open. Even if I close the explorer's windows themselves, explorer.exe runs in high percentages in background, even though I do absolutelly nothing.


(sorry, I'm brazilian so my windows it's in portuguese - also, sorry, English isn't my first language, feel free to correct me.)

So I scanned my pc with MalwareBytes, SuperAntiSpyware and even Avast Free. No malwares was found.
Then I ran a system check inside SuperAntiSpyware and looked for potencially harmful programs, registry, rootkits, whatever. Also, I checked system's integrity with sfc /scannow, all was right.
Finally, I thought that it may be due to junk files, temp and so on, so I cleaned up with ccleaner, and although it deleted like 8gb, nothing changed in explorer's performance. All was right, except explorer's performance.

So I downloaded microsoft's Process Explorer to explore what the heck was using it, and found that the highest cpu's consuming threads, like 99% of the high cpu usage we see in explorer's cpu's usage, it's this Audioses.DLL+0x1141b0.



I scanned audioses.dll in virustotal, nothing was found. Also scanned my explorer.exe in virustotal and nothing still.

When I double-click audioses.dll, it appears this list of threads:

AUDIOSES.DLL+0x2a0cd
AUDIOSES.DLL+0x2a507
AUDIOSES.DLL+0xad1b
AUDIOSES.DLL+0xa766b
AUDIOSES.DLL+0x114538
AUDIOSES.DLL+0x114241
KERNEL32.DLL!BaseThreadInitThunk+0x14
ntdll.dll!RtlUserThreadStart+0x21

Don't know when this started, but it's been a while already, like several months now.

I updated my sound driver, nothing changed.

I went to look which program was using audioses.dll and found something rather odd. It was listed two times in process explorer...


In resources monitor I found this AudioSes.dll.mui associated with chrome.exe PID 8672.

So I went to look what else was associated with this chrome.exe PID 8672, and about a hundred dll's are associated with it. Is this normal?


So... can anyone please help?
I've already posted on two other forums, and they couldn't help me. One user referred me this forum, said i should ask for help here.

Don't know if it is allowed here, but i can link the original thread here so you can get a better look.
__________________

keneedy is offline   Reply With Quote
Old 10-22-2017, 05:52 PM   #2 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,480
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Make sure you disable the setting for Chrome to run extensions/apps in the background when Chrome is closed. It's under the Advanced options in Chrome's settings.
__________________

__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 10-22-2017, 06:19 PM   #3 (permalink)
Newb Techie
 
Join Date: Oct 2017
Location: Brazil
Posts: 4
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Right, it is unchecked.
After reboot, still didn't change :/
keneedy is offline   Reply With Quote
Old 10-22-2017, 06:24 PM   #4 (permalink)
Wizard Techie
 
Join Date: May 2011
Posts: 3,069
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Might want to check for a Coin Miner in the Chrome browser, Use an Ad Blocker to prevent this for the future too
https://researchcenter.paloaltonetwo...ining-browser/
__________________
The nine most terrifying words in the English language are, 'I'm from the government and I'm here to help.'
Ronald Reagan - 40th president of US (1911 - 2004)
Joe C is offline   Reply With Quote
Old 10-22-2017, 06:52 PM   #5 (permalink)
Newb Techie
 
Join Date: Oct 2017
Location: Brazil
Posts: 4
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Oh that makes sense.

How should i check for coin miners?
I already tried full scan with malwarebytes and superantispyware... Well, i'll try both again in safe mode.

Do you think 'scan at reboot' from avast would be helpful?
keneedy is offline   Reply With Quote
Old 10-22-2017, 10:05 PM   #6 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,480
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Quote:
Originally Posted by Joe C View Post
Might want to check for a Coin Miner in the Chrome browser, Use an Ad Blocker to prevent this for the future too
https://researchcenter.paloaltonetwo...ining-browser/
A simple ad-blocker wouldn't work; it would have to block scripts as well.

Quote:
Originally Posted by keneedy View Post
Oh that makes sense.

How should i check for coin miners?
I already tried full scan with malwarebytes and superantispyware... Well, i'll try both again in safe mode.

Do you think 'scan at reboot' from avast would be helpful?
Install one of the blocker extensions to Chrome. AntiMiner or MinerBlock.

That said, the mining that happens on websites should only happen when those specific websites are actually open and have the JavaScript loaded to do so.
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 10-23-2017, 01:12 PM   #7 (permalink)
Newb Techie
 
Join Date: Oct 2017
Location: Brazil
Posts: 4
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

I went to perform a clean boot, but noticed that this internet banking 'protection' service refused to stay disabled, so i decided to uninstall it. GBPlugin, very annoying 'plugin' that looks more like a rootkit. Had to boot ubuntu from cd and manually delete it, then clean up the registry...
then i thought it would be interesting to run a scan from bitdefender cd boot, just in case.

Surprisingly, turns out there was 5 malwares going unnoticed by MalwareBytes and Superantispyware, and one of them was audioses.dll

audioses.dll was infected with Gen:Application.Heur2.WdW@baaaaaaab
then there was other 4
couple of old emails with Gen:Trojan.Downloader.imGfaWU4Xef and Gen:Trojan.Heur.DP.bmGfaq!l@U (files: 'elvispresley0027674.avi outlook.zip' and 'dsc11072013.avi.zip')
avast's 'gvma64.dat' with Gen:Trojan.Heur.Tp.bmW@bCZc7ih
qbittorrent.exe with Gen:Variant.Jaik.14304

So i deleted them, and problem is gone. Explorer's cpu levels are just regular now.

In any case, i installed anti-mining and adblock extension for Chrome, and i'll run junkware removal and anti-rootkit tools from malwarebytes just to make sure.

But i think that's it! System looks fine, initialization was a bit faster also.


Thank you all very much for helping me.
keneedy is offline   Reply With Quote
Old 10-23-2017, 01:39 PM   #8 (permalink)
Wizard Techie
 
Join Date: May 2011
Posts: 3,069
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

And do not forget to scan any elvispresley.avi video's in your email before you open them next time
__________________
The nine most terrifying words in the English language are, 'I'm from the government and I'm here to help.'
Ronald Reagan - 40th president of US (1911 - 2004)
Joe C is offline   Reply With Quote
Old 10-23-2017, 02:22 PM   #9 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,480
Default Re: Explorer.exe High CPU Usage, probably not malware, can't find the problem

Quote:
Originally Posted by keneedy View Post
In any case, i installed anti-mining and adblock extension for Chrome, and i'll run junkware removal and anti-rootkit tools from malwarebytes just to make sure.

But i think that's it! System looks fine, initialization was a bit faster also.


Thank you all very much for helping me.
I suggest uBlock Origin. Uses same list sets (and more) that Adblock Plus does, but also doesn't automatically white-list certain ads (like ABP does).
__________________

__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Reply

Tags
high cpu usage, not malware

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ave.exe malware...can't open .exe files... John Dillinger Viruses, Spyware and Malware 1 04-06-2010 06:42 PM
What Are CCC.Exe, Atiedxx.exe, Atiesrxx.exe, Mom.exe And CLIStart.exe? Osiris Tips, Tricks & Tutorials 0 01-07-2010 08:11 AM
Rather high CPU usage? (probably not virus) bonehelm Viruses, Spyware and Malware 7 12-01-2008 03:58 AM
explorer.exe, userinit.exe, rundll32.exe not initialising! squirrellym Microsoft Windows and Software 3 08-03-2008 06:08 PM
CPU Usage And Crashing, svchost.exe sucking up CPU Usage Bahamut Monitors, Printers and Peripherals 10 05-30-2007 06:01 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:52 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.