Hey all,
Am writing this from a Win 10 Computer.
I have a Win 7 Computer that I suspect has been hijacked and made part of a botnet.
With no applications running, the CPU is at 100%, RAM is at 90%.
Have tried to scan with AVG and it takes hours and hours to finally freeze at 75% complete.
Have scanned with MalwareBytes. It found nothing.
Scanned with RogueKiller and it found and killed SVCHOST.EXE. And RK listed the PID number of the SVCHOST.EXE that it killed. Everything else was fine. Hit "delete" and X-ed out of RK.
Looked at Task Manager and found thirteen SVCHOST.EXEs running, but none had the PID number listed by RK as killed.
Rebooted, and when the reboot was finished, looked at Task Manager and found MORE than thirteen SVCHOST.EXEs running in Processes. Hand listed all the PID numbers and checked the Services.
Then shortly thereafter the same thing happened. CPU at 100%, Ram at near 90%. Scanned with RK and it found and killed SVCHOST.EXE, and once again RK supplied the PID number. Everything else was fine. BUT, here is something strange. Have looked at SVCHOST.EXEs running in Task Manager, each with a different PID, and the SVCHOST.EXE that RK reported as killed was not in the list that was hand copied. AND after running RK, the number of SVCHOST.EXEs was back to thirteen.
Have done this numerous times. Have even hand copied ALL the PID numbers of ALL the Processes running, and then scanned with RK, and the PID of the SVCHOST.EXE that RK killed is NOT on the list.
It doesn't seem to matter how many times RK kills the SVCHOST.EXE, it comes back. It even comes back without rebooting. Can let the computer just sit, and then check the Task Manager SVCHOST.EXE list, and there will be more than thirteen. Can scan with RK, and it will kill a SVCHOST.EXE and list the PID, but the PID will not be among the numbers listed by the Task Manager, AND right after the RK scan, the number of SVCHOST.EXEs will be back to thirteen.
The Win7 computer is seldom used on the Internet, being connected only for updates and etc. It is used every day for composing (I'm a writer). So for now, I have disconnected it from the DSL Router. AND since disconnecting it, the CPU and RAM %s have dropped to almost nothing.
Would like to get rid of whatever malware program is doing this suspected botnet thing.
Any help, advice, instructions, etc., would be very much appreciated.
BTW, would love to send you a contribution, but don't have a PayPal Account, nor do I know how to use BitCoin. I have a Debit Card Account, or could send a check if I knew where to send it. Also, I don't do FaceBook/Twitter/etc.
Anyway, thanks in advance for any assistance.
Hope this finds you all doing well.
MEL