Strange process .exe Virus? Help!

[fettoken]

I have a process that always boots on startup, which can't be find in the msconfig startup window. It switches between taking up 25% cpu usage and either 50% usage. Also uses gpu. Process is named Rthdcpl.exe. Supposed to be some Realtek audio driver. Have searched for the .exe file but cannot find it in either regedit or throughout the computer in .windows folder.

It can be killed but starts up on reboot as mentioned. What to do? Seemingly, there aren't any Realtek drivers installed either, so that's strange.

 

[caLLous]

Windows 7: Start > Run > msconfig.

Windows 10: Same as above but click the link on the Startup tab to open Task Manager.

Then see if the exe is listed there. I have a Realtek HD Audio Manager (I am using the Realtek onboard audio) but it's called RtkNGUI64.exe.

 

[TdC]

The strangest things use offloading for GPU processing these days. An excessive amount of usage is a bit strange though.

 

[fettoken]

It's in the Task Manager mentioned above, not named the one that you have @caLLous. Description of process: Realtek HD Audio Manager. Must be some kind of bitcoin miner as i do not have any Realtek ware installed, even checked the Sound tab, since using the KEF doesn't require any driver as such.

Could it be that because of some bios setting?

Windows antivirus and online scan did not detect any malware / virus either. Thing that irks me the most is the specific file cannot be found anywhere on the comp. Grrrr

The first time i remembered this was when running the benchmarking program you guys raved about, getting a score of 800. Cancelled the process and ran it again to receive 2100 score. Evidently it does take up a great deal of gpu and cpu power.

It is easily terminated but pops up on restart.

 

[caLLous]

The "KEF" being a speaker or amp or something? You will have a driver for whatever is outputting the audio from your PC to "the KEF". If you use onboard audio (ie you plug the lead straight in to the motherboard rather than a separate sound card) then the chances are it's made by Realtek. It's probably not malicious.

 

[TdC]

That said, a service or process can be named whatever the programmer wants.

 

[Syri]

I'd recommend switching to Avira if you're using Microsoft's anti-virus software. Avira has a much better detection rate, and is free. Also might be worth installing the free version of MalwareBytes and do a scan with that, it's a pretty thorough checker. If neither of those finds anything though, try downloading the latest genuine realtek hd audio driver from their website, and install that. If your motherboard has a realtek chip, windows will install a driver for it anyway, and if the driver it's put on is playing up, that could be the cause. If that's the case, installing the latest version direct from realtek should replace the version that's acting dodgy.

 

[fettoken]

I'd recommend switching to Avira if you're using Microsoft's anti-virus software. Avira has a much better detection rate, and is free. Also might be worth installing the free version of MalwareBytes and do a scan with that, it's a pretty thorough checker. If neither of those finds anything though, try downloading the latest genuine realtek hd audio driver from their website, and install that. If your motherboard has a realtek chip, windows will install a driver for it anyway, and if the driver it's put on is playing up, that could be the cause. If that's the case, installing the latest version direct from realtek should replace the version that's acting dodgy.

Great advice. Aviria found something 15% through. Windows defender is shit it seems.

 

[Moriath]

What didit find?

 

[TdC]

What Mori said. I've been using WD for years, and it's never done me wrong (unless my PC is riddled with virii I don't know about)

 

[fettoken]

What Mori said. I've been using WD for years, and it's never done me wrong (unless my PC is riddled with virii I don't know about)

I've also been using WD, but the malicious process did not show up any longer after restart, so, evidently, Aviria did its job here. Thanks @Syri

 

[Raven]

What Mori said. I've been using WD for years, and it's never done me wrong (unless my PC is riddled with virii I don't know about)

*zip*

 

[Moriath]

I've also been using WD, but the malicious process did not show up any longer after restart, so, evidently, Aviria did its job here. Thanks @Syri

So what malware did if find then? Again lol

 

[fettoken]

OpenCandy.Gen
Somoto.1
Somoto.Gen2

So what malware did if find then? Again lol

Sorry to burst your bubble bud. You're using a leaking net for antivirus defense.

 

[Moriath]

OpenCandy.Gen
Somoto.1
Somoto.Gen2




Sorry to burst your bubble bud. You're using a leaking net for antivirus defense.

I dont dl exes from anywhere i dont trust. I dont run things from emails. All is good.

Your cpu usage is good now? And the spurious process isnt running any more ?

 

[fettoken]

I dont dl exes from anywhere i dont trust. I dont run things from emails. All is good.

Your cpu usage is good now? And the spurious process isnt running any more ?

Running things from e-mails is like non safe sex with a backalley prostitute.

The process is no more at least. I also did what Syri advised and installed Realtek drivers and then uninstalling again as well.

 

[Lamp]

Hey. Stop having a go at back alley prostitutes.

It's the side alley ones you want to double bag with.