So, I'm here at work and all of a sudden my computer starts running horribly slow. All I had running was FlashDevelop, Outlook, GoogleTalk and FireFox with a couple sites open in tabs. TaskManager showed CPU was maxed out, sites stopped loading up in FF and an error popped up in Outlook saying it couldn't communicate with the exchange server. Under apps Gtalk, GoogleUpdate (I didn't even know this had been installed on my computer), and FF were not responding.

Everything was taking way to long to die off so I just did a hard shutdown. Now FF will not fire up at all. I get the restore session message, tried both restore and new and nothing happens. I've fired FF up in safe mode and it opens for about a half second and then crashes. IE will start up, but links in Google searches of processes I didn't know were all replaced with malware "You are infected" links.

Bear in mind, the only time I fire up IE is to access an internal Sharepoint site. FF is my default browser.

Also upon reboot of the machine I get a error message about Google Updater before I even login to the machine. I uninstalled all Google apps and Google updater, but the machine still seems to think they're installed as Google Installer crashes every 10 minutes now.

Personally, I'm thinking virus, but it could be something else as well. eTrust hasn't produced any hits yet, but I did run a full scan the other day when eTrust thought my flash drive was infected, which it then apparently deleted something off of it and it then wouldn't allow me to open said flash drive because it couldn't load msvsc70.dll. Said flash drive was then reformatted and all scans came back clean on both machine and drive.

Thoughts?

TaskManager showed CPU was maxed out, sites stopped loading up in FF and an error popped up in Outlook saying it couldn't communicate with the exchange server. Under apps Gtalk, GoogleUpdate (I didn't even know this had been installed on my computer), and FF were not responding.

Everything was taking way to long to die off so I just did a hard shutdown.Did you happen to see which process was hogging up the CPU?

I was having problems with my home machine recently, including Firefox crashing and eventually failing to launch at all (and system reboots), and it turned out to be RAM problems...

Did you happen to see which process was hogging up the CPU?

I was having problems with my home machine recently, including Firefox crashing and eventually failing to launch at all (and system reboots), and it turned out to be RAM problems...

Unfortunately I didn't. I looked at the process window, but for some reason my brain didn't think to log that at the time.

I'm starting to back off on the viral assumption. Google Installer still keeps trying to fire and crashes, I unplugged the machine from the network to be on the safe side. I'm starting to think Google stuff may be the root cause here, potentially something hardware as well. I've experienced frequent system lag spikes for the past month or so.

Well, the puzzle gets a bit more convoluted. Before I left the office I decided to run disk cleanup and defrag, something that I had been meaning to do for a couple months now. Disk cleanup ran just fine, but when I tried to defrag a drive it gave me an error saying "Defragmenter failed to start".

Sometimes Windows Automatic Update gets hosed and crowds everything out of memory and kicks the CPU utilization up to 100% (http://www.pcworld.com/article/131770-1/article.html). Process is listed as svchost.exe. Here at work I use the Windows Server Update Services (WSUS) to keep our workstations up to date. It looks like the issue that I've linked to is specific to WSUS. However, I did some research and found that deleting the contents of the folder C:\Windows\SoftwareDistribution\Datastore folder clears out any corrupt or hosed files and allows Windows Automatic Update to reinitialize any screwed up updates and cuts the CPU usage to a normal level. You may have to shut down the Automatic Update service and restart it after clearing out the folder.

Sounds like your hard reboot may have Björked some of your system files. Maybe try a reinstall of windows over your old %windir% in order to save your settings and installed programs.

Thanks Buddha, that's a good tip to know for the future, I'm starting to think there's a combination of things that went on here. The root cause is definitely viral, AVG found 15 viruses today, 2 trojans and the rest were Win32/Cryptor. That Cryptor is a nasty son of a bitch. It appears to have created its own versions of svchost and IE, which explains why "IE" was still "working" when FF got blocked.

So now with your bit of info my current theory is this. At some point in time these trojans were introduced, most likely it appears via a compromised download of the OSAKit, said trojans sat around for a while doing nothing as I've been out of the office quite a bit lately due to travel. When I got back these little bastards downloaded Cryptor and when it started blocking things to use against it got in the way of Windows Update causing the CPU spike as you described.

And now my computer is dirtier than a $2 hooker.

I'm trying to avoid a reinstall since I'm not IT and our IT guy is only part time on the weekends. Cryptor is a nasty piece of work though and it keeps blocking everything I throw at it, or it gets deleted it just creates a new version of itself. I'm trying the Windows Malicious Tool as a last ditch effort, but I'm not confident in it doing anything. I'm pretty close to conceding the battle and just backing up my files and firing off the email to tell the IT guy to reformat it this weekend.

Might give Malware Bytes (http://www.malwarebytes.org/) a shot; It's gotten rid of some shit I couldn't get rid of with anything else in the past.

Might give Malware Bytes (http://www.malwarebytes.org/) a shot; It's gotten rid of some shit I couldn't get rid of with anything else in the past.

Yep, tried that. It's one of the several that are getting blocked.

Might give boot cds some thought. Trying to find one now that has a good selection of AV stuff to run.

Edit: Might give this a shot: http://www.f-secure.com/linux-weblog/2008/11/25/rescuecd-301-released/

Double edit: List of rescue cds: http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

You might try Hijack-This (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and post the log to one of the public support websites (http://www.thespykiller.co.uk/index.php?board=3.0). Those guys know their stuff!

You might try Hijack-This (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and post the log to one of the public support websites (http://www.thespykiller.co.uk/index.php?board=3.0). Those guys know their stuff!

Yeah, I had thought of Hijack-This toward the end of the day yesterday since I've used it rather successfully when fixing my mom's computer. My resolve was pretty much broken at that point so I decided not to bother. I've gone the lazy way out. Our IT guy is having me run McAfee and if it doesn't get everything we're just going to wipe it.

My resolve was pretty much broken at that point so I decided not to bother. I've gone the lazy way out. Our IT guy is having me run McAfee and if it doesn't get everything we're just going to wipe it.

Just have him order you an Alienware kickass laptop. ;)

Just have him order you an Alienware kickass laptop. ;)

If only. I'm attached to this desktop though. I got the ok to build it after I showed them that we could build 3 beefy "programmer" machines for far under what 3 pre-built machines would run us.

Panda has an online scanner (http://www.pandasecurity.com/homeusers/solutions/activescan/) that I've used in several last ditch efforts. It's found things that both AVG and Symantec missed.

Well it seems our part time IT guy chose not to come in over the weekend so my office machine is still down, but it would seem all is not lost. Apparently my last couple scans with McAfee on Friday managed to kill the core of this beast, plus I noticed the fact that I forgot to clear out the restore points as well as empty the recycle bin after manually deleting stuff.

So now FF can run, SpyBot is up and running, I'd say probably by tomorrow I'll be confident in letting it go back onto the network.