My PC has recently been infected with a nasty trojan. It is probably 'Trojan Generic KDV 792778' according to some websites. It raises CPU usage to 100% and overheats the computer. When you open task manager, it hides itself so you cannot see it. If you close task manager, it starts up right away. I have managed to delete it about 4 times, and the CPU usage goes away for a while, but after a couple of restarts, it manages to come back again. I am stumped... I haven't had a stable internet connection in about a month, so I don't see how it could redownload itself.
It disguises itself as SearchIndexer service. It is running through igfxupdate.exe. I found this file in the following places:
C:\%windir%\System32
C:\%windir%\SysWOW64
C:\%windir%\SysWOW64\update
I deleted all of the files listed in those locations. Next, I went to the services manager and disabled the 'SearchIndexer' service.
Then, as administrator, I opened the Command Prompt and typed 'sc delete searchindexer'. It says it succeeded in deleting it, and it has. The problem stops for a while, but after a reboot or two, it always comes back.
I read somewhere that it might have something to do with the 'C:\Windows\SoftwareDistribution' folder, but I wasn't sure, so I didn't delete it.
It is getting ridiculously annoying, and if anyone would be willing to help, or if you have also been infected with this nasty bugger, I would really appreciate it.
If you haven't tried it yet, go download and run Malwarebytes (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button). It's just about one of the the best malware removal programs I have ever used, and it's completely free.
Quote from: Chaos on December 10, 2012, 03:12:20 AM
If you haven't tried it yet, go download and run Malwarebytes (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button). It's just about one of the the best malware removal programs I have ever used, and it's completely free.
I completely forgot to mention, I have scanned with Avast and Malwarebytes a couple of times, and they haven't picked up anything.
damn i think i might have this too, i thought it was weird that my computer was randomly heating up yesterday and today.
i checked for the SearchIndexer and its is in all three of those locations you said and they were ether created/modified yesterday (the 9th) at 11:13 when i stared noticing my computer be weird.\
hopefully this is just a weird fluke and i don't have it but i would like to be sure. :/
Quote from: KaptainKohl on December 10, 2012, 06:25:26 PM
damn i think i might have this too, i thought it was weird that my computer was randomly heating up yesterday and today.
i checked for the SearchIndexer and its is in all three of those locations you said and they were ether created/modified yesterday (the 9th) at 11:13 when i stared noticing my computer be weird.\
hopefully this is just a weird fluke and i don't have it but i would like to be sure. :/
Hmmm... did you recently download Black Ops II? I believe it may have been the cause of my infection...
Quote from: Freeforall on December 10, 2012, 09:42:09 PM
Hmmm... did you recently download Black Ops II? I believe it may have been the cause of my infection...
no. i don't remember downloading anything yesterday to my computer i'll check my download history
Quote from: KaptainKohl on December 10, 2012, 10:13:19 PM
Quote from: Freeforall on December 10, 2012, 09:42:09 PM
Hmmm... did you recently download Black Ops II? I believe it may have been the cause of my infection...
no. i don't remember downloading anything yesterday to my computer i'll check my download history
You did not download Black Ops II.
@FFA: That's always a risk with torrenting : /
I would format and reinstall. Better than playing wack a trojan and would take less time too.
Quote from: ARTgames on December 11, 2012, 11:36:45 AM
I would format and reinstall. Better than playing wack a trojan and would take less time too.
It hasn't attacked again today, but if it does, I won't hesitate.
It's a risk to just have it running. If I were to make a virus I'd go for one that was non-intrusive and then just steal all the data without them noticing. It's not really a case of an 'attack'. It's always there. I'd suggest a reformat. I can help if needed.
Reformatting is good to do periodically anyway, but if for some reason you don't want to yet you could always try burning a boot disk with a malware removal program on it and scan from that. I've always been a big fan of Hiren's Boot CD.