Someplace to stash my stuff
keeps reinventing itself with high CPU
Published on May 27, 2018 By starkers In Personal Computing

Yeah, as the title suggests, I'm having trouble with notepad.exe constantly reinventing itself.... no matter how many times I end the process in Taskmanager/Taskkill in CMD as administrator.  I no sooner end it and it is back pretty much instantly.  When this happens the CPU is running at over 90%, often at full tilt, 100%.  Not only that, it is writing files that I cannot find.  So far it has written over 30Gb of files I am unable to locate, and on a 120Gb SSD, I will run out of room very soon.

Other things I have tried: deleting notepad.exe, but Windows won't let me, even in Safe Mode; I used a 3rd party process killer from IOBit without success, and an "end stubborn programs", also from IOBit.  Nothing I've tried had worked and I'm concerned for my machine, the little HP 2-in-1.

Also, I found 2 instances of notepad.exe on my machine; one in system.32, and the other in the regular Windows folder.  I don't recall there being 2 before, so maybe one is bogus and needs to be removed.... IF Windows will let me.

If somebody can help me resolve this I'd be most appreciative.  Perhaps an uninstaller/file shredder that uses brute force is the only solution.  If I delete/uninstall both to be sure, can I get back notepad exe via a Windows update or something.

TIA, Mark.


Comments (Page 1)
on May 27, 2018

starkers...in theory there should only be one.

It'll be in windows/system32/notepad.exe [Win7] ....should be much the same in 10.  [I'll check]

on May 27, 2018

Yep....same place in 10.

Ctrl/Shift/Esc ....task manager....look at processes and kill any instances of it running....see what happens.

on May 28, 2018


starkers...in theory there should only be one.

It'll be in windows/system32/notepad.exe [Win7] ....should be much the same in 10.

That's what I thought... that there can.... er, should only be one.  Hmmm, go carried away with the famous Highlander line... after watching it again just recently.


Ctrl/Shift/Esc ....task manager....look at processes and kill any instances of it running....see what happens.

I've done that umpteen times and it keeps coming back.... over and over again.  Theres only one instance of it running at any given time, but it can have up to 150 handles at a time, hence the high CPU usage.  I even tried killing it in a CMD line as administrator, but no go, and I can't change the priveleges so I have full control. 

Nothing I have tried has worked, not even unistalling/deleting the one in Windows, which I now believe is likely to be some kind of malware.  I even restarted in Safe Mode to try getting rid of it, but Windows still says it's a System File. I don't believe it is now, but I still have the problem of getting rid of it.

How I got it I don't know.  I've not opened any emails with attachments in yonks, nor downloaded or installed any new programs, either.  

Maybe a 'drive-by'?

on May 28, 2018

starkers

Maybe a 'drive-by'?

Possibly.

Next step is to try an online scanner - they are 'safe' from whatever infection you may already have - your local AV may be compromised...hence the 'infection' [maybe]

Also.... google 'runaway notepad process" ...I'm betting you are not alone.

on May 28, 2018

Update....there can/will be 2 instances of notepad.exe ....other one in the win root dir.

....whether 7 or 10.

 

http://www.tomshardware.com/answers/id-1991394/uninstall-notepad.html 

Give that link a read ....suggests the sfc /scannow command, etc.

on May 28, 2018

If it behaves as an infection, then presume it's an infection. Windows doesn't do tricks like that by itself since Win98. Dunno about Win10 tho.

Malware has got very sophisticated nowadays, it's not like in the good old times, where you could simply end task the suspicious process.

Thanks to global economic crisis, which causes lack of food, which again causes regular fasting, and which finally causes increase of IQ level (lol), viruses nowadays know 100s of new ways to nest in your device.

 

About getting rid of infection I suggest 3 things:

1. Get and run Malwarebytes:

https://www.malwarebytes.com/

2. Get and run ComboFix (not designed for above Win8):

https://www.bleepingcomputer.com/download/combofix/

Both are free and super effective.

 

3. If they fail, then you need to Secure Erase your SSD and reinstall Windows.

Don't forget to backup your important stuff first.

 

After you've rid of it, learn to properly firewall your OS; learn what is important and what is trash.

on May 28, 2018

This is most likely something in your registry youll have to google what your registry looks like, and get rid of what you dont need. Regedit i didnt learn how to do this. Next time make a folder to keep a antivirus installation file, so you can run it without updating. Viruses dont attack instalation files that arent in your downloads. Check your downloads for a free antivirus installer. If there is one there then install it in safemode do not update it, for viruses will most likely go after your web browser. Then run it without updating it first. This worked when i tried it against a virus. 

on May 28, 2018

Do an offline scan with windows defender.   Switch into airplane mode and see if the problem stops.  You have some type of malware likely a js script that is causing the problem.

Open windows defender.  Choose Virus and threat protection and then Run a new advanced scan and choose the offline scan.   If it does not auto-start post here and I'll walk you through force starting it.

on May 28, 2018

I would also reset your firewall to default if i was going to do that i noticed that viruses, also like to play with your firewall.

on May 28, 2018

Well that did it!  Running Malwarebytes did the trick and quarantined several instances of Google crap identified as malware.... updaters and the like.... stuff that Win Defender and IOBit failed to find.  Thing is, I don't have any Google software on this machine, so where the fech did this crap come from?   Bastards!!!!!

Anyway, it wasn't such a painful experience to get rid of after all.  I was expecting having to use brute force methods to sort this issue out, but Malwarebytes quite easily removed the cause.... fechin' Google crap.

As for future protection against such threats, I have restored my Firewall to default settings and will purchase Malwarebytes Premium tomorrow.  I do have a 14 day trial but may just as well purchase the full thing while I have the cash on hand.

Anyhow, thanks to all who offered assistance, I appreciate it muchly.      

on May 29, 2018

I would also suggest having a free antivirus like Bitdefender uninstalled in a different directory just for a rainy day later. Even an uninstalled malwarebytes. Viruses don't target uninstalled software.

on May 29, 2018

Good to hear it's sorted...

I never even use Notepad....I've always used Texturizer...and made it the default txt association...

on May 29, 2018

admiralWillyWilber

I would also suggest having a free antivirus like Bitdefender uninstalled in a different directory just for a rainy day later. Even an uninstalled malwarebytes. Viruses don't target uninstalled software.

Yeah, I'll look into that idea.  I do like Malwarebytes Premium, though, and will keep it on my system.  It found issues that others didn't or couldn't, and being that it has a real-time scanner, firewall and auto database updater, I have greater respect for it than other anti-malware programs I've tried, several of which rely on user input for updates and scans.

I still can't get over Google installing it's crap on my machine, and without consent, no less.  I mean, why would I want or need 3 instances of Google Updater on my machine if I have no Google software installed?  I know that I'll be far more vigilant when clicking on links to Youtube and other sites owned by Google, to check for crap I neither need or asked for.

on May 29, 2018


Good to hear it's sorted...

I never even use Notepad....I've always used Texturizer...and made it the default txt association...

Thanks, mate, it was starting to worry me.

I never use Notepad, either, but it comes with the OS and, as I now know, it can be exploited by nefarious software.  I generally use Wordpad for text creation, but after this unpleasant experience I now may look into an alternative that's non-Windows based, maybe even Texturizer.

on May 30, 2018

you never installed chrome or other google stuff ever? chances are it was installed with the other stuff but not uninstalled.

---

what the heck is uninstalled malwarebytes, etc? just the installer file?