Chrome process using 90% CPU on W10

Solved
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention   -  
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   -
Hello

For the past few days, I have about ten "Google Chrome" processes using over 90% of my CPU usage. And this happens even when I am not using this browser.

I ran a scan with FRST and I am sharing the 3 generated reports below:

https://pjjoint.malekal.com/files.php?id=FRST_20181226_m9k8i7o10y5
https://pjjoint.malekal.com/files.php?id=20181226_z8v13s8c14n13
https://pjjoint.malekal.com/files.php?id=20181226_x10v14n11g15x12

Can you help me because I can hardly do anything as my CPU is solely used by "Google Chrome"

Thank you in advance.

Merry Christmas.

Best regards.

10 answers

RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Hello

Thank you for your response, but I actually use 3 browsers: Mozilla, Chrome, and Opera... And I definitely do not want to remove Chrome...

Have a nice evening.
Best regards.
0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Re...

Why a response like yours?

I can't understand your reaction...

I want to keep CHROME because I have a lot of saved pages and other things...

I'm asking if there's a possible solution without having to delete this browser or restore it since I no longer know when this event occurred...

Thank you for respecting my request..

Have a good evening.

Sincerely
0
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 711
 
Hi,

Your problem comes from the fact that you have infected your computer.
A scheduled task launches Chrome on a site with a miner.
This uses the browser to mine virtual currencies and therefore uses your processor for calculations.
Principle of Crypto-Jacking, see: https://www.malekal.com/web-miner-javascript/

~~

If you have installed CCleaner, you can uninstall it, it is useless.

~~

Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.

Open Notepad: Windows Key + R,
In the "Run" field, type notepad and hit OK.
Copy/Paste the following into it:

CreateRestorePoint:
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe [X]
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [31920 2015-03-01] (Wondershare)
2018-12-17 11:24 - 2018-12-17 11:24 - 000000000 ____D C:\Users\Domicile\Documents\Wondershare TunesGo
2018-12-17 11:21 - 2018-12-17 11:35 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-12-17 11:35 - 2017-05-28 23:40 - 000000000 ____D C:\Users\Domicile\AppData\Roaming\Wondershare
2018-12-17 11:22 - 2017-05-28 23:41 - 000000000 ____D C:\ProgramData\wondershare
2018-12-17 11:22 - 2017-05-28 23:38 - 000000000 ____D C:\Users\Public\Documents\Wondershare
Task: {529138BE-71E9-42E8-BC88-21E503DE1955} - System32\Tasks\BlueStacksHelper => "C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir=DIR --mute-audio hxxps://gamerksk.blogspot.com/
Task: {F01B598D-C009-4FCC-96C7-A8E7816B04E2} - System32\Tasks\ASUS USB Charger Plus => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=DIR --mute-audio hxxps://gamerksk.blogspot.com/
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Once the text is pasted into Notepad,
Go to the "File" menu and then "Save As",
On the left, navigate to the Desktop,
In the bottom field, file name enter: fixlist.txt
Click on "Save", this will create fixlist.txt on the Desktop.

Restart FRST and click on the "Fix" button
A restart may be necessary (not required)
A text file will appear, copy/paste the content here in a new message.

Restart the computer.

0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Good evening Malekal_morte-

Thank you for all these clarifications and your solution to my problem.

I am attaching the report after the fix:

https://pjjoint.malekal.com/files.php?id=20181226_m8e6d6z6e5

For now, everything seems to be working normally.

I will get back to you if necessary.

In any case, thank you for your kindness and your skills... Awesome!

Have a good evening.

Merry Christmas!

Best regards.
0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Good evening Malekal

Unfortunately, I still have the same problem...

I have done another scan with FRST and here are the 3 new reports:

https://pjjoint.malekal.com/files.php?id=FRST_20181226_y11s13l10v5o5
https://pjjoint.malekal.com/files.php?id=20181226_m7m13v6s12o12
https://pjjoint.malekal.com/files.php?id=20181226_w8n9e5w14c6

I hope you will find a solution to my problem.

Thank you very much for everything.

Have a good evening.
Best regards.
0
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 711
 
yes, there are still some things I forgot,


Here is the correction to be made with FRST. You can use this explanatory note with screenshots for help.

Open Notepad: Windows key + R,
In the "Run" field, type notepad and OK.
Copy/Paste the following into it:

CreateRestorePoint:
Task: {6B3DE5F5-A5C9-4438-8D49-035C4368F56E} - System32\Tasks\ASUS Live Update1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" localtask.bid
Task: {F8E7830B-5254-48A9-9EC3-DE4765D7E3E3} - System32\Tasks\ASUS Live Update2 => "C:\Program Files\Google\Chrome\Application\chrome.exe" localtask.bid
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Once the text is pasted into Notepad,
Go to the "File" menu and then "Save As",
On the left, select Desktop,
In the bottom field, for file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on your Desktop.

Restart FRST and click the "Fix" button
A restart may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.

Restart the computer.
0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Good evening Malekal_morte-

Thank you for your response.

I followed the indicated steps... When I then launch FRST and click on FIX... After the restoration point and the execution of the fix, a window opens with the following message:

Autolt Error
Line 18821 (File "C:\Users\Domicile\Desktop\FRST64-.exe"):
Error: Variable used without being declared.

To close the window, I click on OK and the FRST software also closes. Therefore, I am unable to apply this new fix.

If you could help me once again...

Thank you.
Best regards.
0
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 711
 
Apparently it's a bug with FRST.
Delete it and redownload it.
0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Good evening Malekal_morte-

Thank you for your reply.

I have downloaded FRST64 three times from the sites "CCM/nicolascoolman/malekal.com" and still have the same problem. A window opens with this message and therefore I cannot apply your fix... For your information, this message appears just after creating a restore point... And when it says "the correction is in progress...".

What a hassle...

Thank you for your kindness and availability.

Have a nice evening.
Best regards.
0
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 711
 
Try to start in safe mode:

If it still doesn’t work, use autoruns.
Tutorial: https://www.malekal.com/autoruns/
Go to the Taskschduler tab
look for the lines that look like:
Task: {6B3DE5F5-A5C9-4438-8D49-035C4368F56E} - System32\Tasks\ASUS Live Update1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" localtask.bid
Task: {F8E7830B-5254-48A9-9EC3-DE4765D7E3E3} - System32\Tasks\ASUS Live Update2 => "C:\Program Files\Google\Chrome\Application\chrome.exe" localtask.bid


Basically the one that launches chrome on this site localtask.bid
and uncheck them.
0
RAPIDO13 Posted messages 8 Registration date   Status Member Last intervention  
 
Hello Malekal_morte-

Sorry for not replying sooner, but I've been testing from my PC.

Everything seems to be working normally. I still have some (5) "Google Chrome" processes, but they are using zero CPU...

I think my problem is finally resolved thanks to you.

Thank you so much for your kindness and expertise.

I wish you a great end of the year.

You are amazing!

Thank you and thank you.

Best regards.
0
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 711
 
Glad to hear it!

It's normal to have multiple Chrome processes =)

Happy holidays!
0
vieu bison boiteu Posted messages 44334 Registration date   Status Contributor Last intervention   Ambassadeur 3 591
 
hi RAPIDO13

if you are using Mozilla Firefox, uninstall Google Chrome with >>> free CCleaner <<<

see you
--
no links on English web pages, I'm already flying enough by myself
-1
vieu bison boiteu Posted messages 44334 Registration date   Status Contributor Last intervention   Ambassadeur 3 591
 
to be able to use "µTorrent"
??????
for infections, it's very good
--
no link on the web page in English, I'm already stealing enough on my own
-1