Today I noticed a little piece of malware running in the background which apparently just takes up CPU cycles (around 20% for me) and wastes bandwidth by downloading things.
I’m not sure what it downloads, because my firewall blocked its connection. Some people say it downloads more malware but I don’t know for sure. Either way it’s probably not something you want
So I ran the programs that usually work (MalwareBytes, SuperAntiSpyware and Spybot) but none of them removed it. MalwareBytes said it was going to but it kept reappearing after a restart.
So, I did a search around the net and found how to remove it, but it was buried several posts in on a forum thread, so I thought I should make this guide to be more straight-forward than that.
Note that this fix works for most versions of Windows (XP, 2000, Vista and 7) but I made it on Windows 7, so the steps may be slightly different for other versions of Windows. It should still be straight-forward, though.
Am I Infected?
To see if you are infected with it, open Task Manager (ctrl+alt+del then click Start Task Manager), make sure you’re on the Processes tab, then click the Show processes from all users button at the bottom of that window.
Make sure the list is sorted by Image Name and see if stdrt.exe is listed there. If it isn’t there, congratulations! If you see it, follow the instructions below.
Download ComboFix as Combo-Fix.exe (not ComboFix.exe which is the default) and remember where you saved it.
Boot into Safe Mode.
To do this, restart the computer and as it is starting up, keep pushing F8 until you come to an option screen. Use the arrow keys to select Safe Mode and push Enter.
When Windows is loaded, find your Combo-Fix.exe and run it. Now just read the prompts and click accordingly, it’s a straight-forward process.
When it is finished cleaning your computer it will automatically restart it.
After that restart, it will take a few more minutes to finish up, so don’t use the computer until it is done.
Artreid from the VistaHeads forum for the post that inspired this one.