General discussion

Locked

File running CPU to the max

By pturton ·
I have a rogue file that is constantly running my cpu to 100% every 10 seconds or so. The file is Winkhhn.exe. I have been getting memory dumps since this little fella has been playing around.

I am running an AMD Duron 950 with 256Mb ram on Win2000.

I have tried to locate the file, but search reveals nothing. I have found it in registry but am loathe to make any changes until I know what it is there for.

Please any help on what it does and how to stop it?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

File running CPU to the max

by hinrgman In reply to File running CPU to the m ...

I could not tell you what it is for but here is a possible solution.

Make a backup copy of your registry then just rename this rogue file from a dos boot disk and remove it from the registry. Reboot from your c: drive if the problem goes away thin it is fixed. If not then replace your registry with the backup copy and try something else.

I am assuming you scanned for viruses and found nothing.

Collapse -

File running CPU to the max

by pturton In reply to File running CPU to the m ...

The question was auto-closed by TechRepublic

Collapse -

File running CPU to the max

by Pan 13 x In reply to File running CPU to the m ...

this is not a file of microsoft.
I would be willing to bet the you found the file in the registory under
hkeylocalmachine\software\microsoft\windows\current version\run or runonce.

I would bet it is a virus of some sort. Delete the fie. If youcan not find the file on your system searching for it, you don;t need it.
Backup that hive in your regitory and delete it. if the system fails to boot the first it, restart again and boot to the last known good config and repair the registory, I doubt you will have any trouble deleting the file.

Collapse -

File running CPU to the max

by pturton In reply to File running CPU to the m ...

The question was auto-closed by TechRepublic

Collapse -

File running CPU to the max

by pschuvie In reply to File running CPU to the m ...

This is a worm virus. It is worm virus named KLEZ and WINK is its active part, and it takes on all kinds of variant names and hides all around and regenerates itself, and may even have disabled your antivirus software. Go to your antisoftware virus site and search for keyword WINK or KLEZ.

Here is one reference
http://solutionbank.antivirus.com/solutions/solutiondetail.asp?solutionID=11174

(no spaces in the above when you cut and paste,this word wrap can do strange things)

You can also go do a online virus scan, which is good cause the bugger can't disable it, at

http://housecall.antivirus.com/

Good Luck

You may need to scan more then once to be sure it is gone, with a reboot in between, along with a couple registry edits.

Collapse -

File running CPU to the max

by pschuvie In reply to File running CPU to the m ...

you probably wont find the exact name in the virus lookup as this one can append any amount to Wink* to make itself a new name. So Wink is the key.

Collapse -

File running CPU to the max

by pturton In reply to File running CPU to the m ...

The question was auto-closed by TechRepublic

Collapse -

File running CPU to the max

by bohicam1 In reply to File running CPU to the m ...

It is definitely the klez/elkern worm. Go here for the removal tool and some info on it...
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
(please remove any spaces in the URL)
If this puter is running on a network I suggest you take it offline before running the removal tool....also, boot from a dos floppy and run the tool from there so that no windows services etc.. are running.
Good luck!

Mike

Collapse -

File running CPU to the max

by pturton In reply to File running CPU to the m ...

The question was auto-closed by TechRepublic

Collapse -

File running CPU to the max

by frussoniello In reply to File running CPU to the m ...

http://www.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

The above URL deals with the Klez worm that has been plaguing the Internet since April. That file pertains to this virus. Symantec's site has a tool you can use to clean out your system!!

Check it out ASAP!!

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums