CPU usage high, stops when opening taskmgr, possible malware/miner?

[Marcus L]

Have noticed this happening tonight, my CPU usage will get to around 70-80% fans spin up and will stay like that until I open taskmgr then the CPU usage goes down and I can't seen any specifdic process that was using it before it disappears, also tried process explorer and get the same behaviour, have run multiple AV scans (defender, malware bytes and Sophos hitman pro) nothing has been picked up, have looked in startup and there's nothing there that shouldn't be, set to selective startup, deleted all unneccesary apps/programs, deleted downloaded files etc, 1 thing interesting I found some random file in my downloads that was supposedly created/downloaded a couple of weeks ago at 4am! and was a randomised file name ending in .DOC, I don't have office on my PC and didn't recognise the file, opened it up using a free DOC viewer website on edge and it was some kind of random african government meeting minutes file, obviusly that went to the recycle bin, have run the following CMD's "Open cmd.exe with Run as Administrator. (2) DISM.exe /Online /Cleanup-image /StartComponentCleanup (3) DISM.exe /Online /Cleanup-Image /Restorehealth (4) SFC /SCANNOW " all come back fine, and yet the problem remains, even formatted my 2nd NVME drives at it was just for game installs and my C: drive is down to 865Gb from 930Gb so I have very little installed/downloaded etc and the problem remains, basically only made aware of it as my fans spin up and I have them set to very quiet until the CPU reaches 60-65c, with Radeon overlay running I can see when this happens the CPU is hitting 70-80% usage and hitting 65c+ but as I have stated as soon as I open taskmgr or process explorer the CPU shoots back down to single digit use and there's nothing I can see that is causing the high usage

 

[GerKNG]

download HitmanPro and run a "one time only" virus scan in the freeware.

Download HitmanPro and HitmanPro.Alert Malware Removal and Protection Tools.

Download HitmanPro to remove ransomware, malware, ad trackers and spyware from your windows machines. Get HitmanPro.Alert to provide continuous scanning in real time.

www.hitmanpro.com

 

[Marcus L]

Worth noting that when I open taskmgr/process explorer and the CPU usage returns to normal there seems to be a 20min wait from closing them before the CPU usage spikes up again I need to measure the time but always is around 20mins time before it happens again

download HitmanPro and run a "one time only" virus scan in the freeware.

Download HitmanPro and HitmanPro.Alert Malware Removal and Protection Tools.

Download HitmanPro to remove ransomware, malware, ad trackers and spyware from your windows machines. Get HitmanPro.Alert to provide continuous scanning in real time.

www.hitmanpro.com

Done that, nothing found.

 

[GerKNG]

sounds maybe like a random idle task is kicking in like defragmenting your 2TB HDD.
did you ever ran "Rundll32.exe advapi32.dll,ProcessIdleTasks" (can take a while with that HDD but it will process every existing idle task that windows has scheduled)

1 thing interesting I found some random file in my downloads that was supposedly created/downloaded a couple of weeks ago at 4am! and was a randomised file name ending in .DOC, I don't have office on my PC and didn't recognise the file, opened it up using a free DOC viewer website on edge and it was some kind of random african government meeting minutes file,

well that sounds weird xD

 

[Marcus L]

Last happened at 22:50

sounds maybe like a random idle task is kicking in like defragmenting your 2TB HDD.
did you ever ran "Rundll32.exe advapi32.dll,ProcessIdleTasks" (can take a while with that HDD but it will process every existing idle task that windows has scheduled)

HDD is currently disconnected, only the 2 NVME drives are connected, also I am not completely idling when it happens, usually have FF open with 5-8 tabs including YT, I thought that was the culprit initially as it gradually eats up RAM and needs the tab refreshing though it has happened when FF has been closed and I have just been looking at the desktop lol

 

[GerKNG]

if there is nothing in the eventviewer or anything scheduled i would consider wiping that drive and reinstalling windows.

 

[Count von Schwalbe]

Process Lasso same thing?


I would try leaving Task Manager open in the background for a while, and seeing if the usage kicks up again.

Also, perhaps Glasswire would give you insight into unauthorized programs accessing the Internet.

 

[Solaris17]

Not sure why wiping the game drive would be relevant. It seems this is more of a mind game than an actual virus at this point. I’d wipe it and just be done.

 

[Marcus L]

Process Lasso same thing?


I would try leaving Task Manager open in the background for a while, and seeing if the usage kicks up again.

Also, perhaps Glasswire would give you insight into unauthorized programs accessing the Internet.

It doesn't happen if TM is running, usually use process lasso tbh though it's a fairly new Win10 install maybe 2-3 weeks old? so haven't got it installed. May take a look at GW

Not sure why wiping the game drive would be relevant. It seems this is more of a mind game than an actual virus at this point. I’d wipe it and just be done.

What do you mean by mind game? I just uninstalled loads of things and decided to wipe the 1 drive to rule it out incase anything may have been downloaded/stored on that drive and only then have the C: drive as the culprit, not an issue with 1Gbps internet tbh just a minor annoyance, still one I could do without, at this point I have practically deleted everything from both drives and it's clear the issue still persists despite running various AV/MW scans, getting rid of a load of installed programs, downloads, temp files and directories, common CMD prompts, selective startup, looking through services etc and yes, I agree at this point I will likely just nuke the OS and start again but that's not the point really, I want to know what is causing the behaviour

When running process explorer in the systray it stops the CPU usage spiking just as when I run it or taskmgr on the desktop, as soon as I quit the PE systray, 20 mins later which seems to be the time after using task manager type apps it starts back up again, obviously nothing shows up in either taskmgr or process explorer to pinpoint the rogue process, though it is definitely timed to start up again at a set interval and to quit as soon as any monitoring app is opened

 

[eidairaman1]

Start fresh would be safest solution