avast! on Twitter |
avast! on Facebook
avast! support forums > avast! Free/Pro/Suite
Excessive and frequent CPU usage with version 7.0.1426 even when idle
zukovski:
-Frequent peaks of CPU usage with v. 7.0.1426 in MS Windows XP Pro, dual-processor Intel CPU environment, presumably caused by Sf.bin process
-Unecessary activation of Sf.bin at constant and very short intervals even when computer is idle (no programs running, no files opening or closing)
-Consequently, pointer sign of background processing keeps blinking, very annoying mostly when precise vision and pointing is needed in detailed graphic applications
-HINT: Above problems stop when Files Module configuration is set inactive but then ... basic protection is also gone!
Can anyone help? Thanks
igor:
Obviously, the computer is not really idle, but rather some applications are being started (and scanned, subsequently).
If you check the FileSystem Shield's "last scanned" field, you should be able to say what that is.
zukovski:
Sorry for being inaccurate, Igor: obviously, there were some background processes running but with minimal CPU usage, as opposed to Sf.bin, which was showing CPU usage peaks. Your advice was very useful because, indeed, the frequent file scanning was associated with activation of process GBPSV.EXE, the GBPlugin installed by several brazilian banks to enhance internet banking secutity that became a nightmare to users.
That's my corrent hypothesis for the problem but I can't be certain because this plugin is protected against killing ou uninstallation and resisted some of the solutions recommended by user's forums I've tried up to now. Brazilian users facing the same problem and willing to help in testing the hypothesis may begin by http://forum.clubedohardware.com.br/gbpsv-exe-como/535994.
I'll keep you posted.Thanks.
igor:
It's not just "running" - those wouldn't be rescanned. The executable should be starting (and most likely exiting) repeatedly to trigger the scan (which is a bit strange behavior).
Anyway, if this executable appears in the "last scanned" field (and the scanned count grows continuously), you can try to put the path to this particular executable to the list of FileSystem Shield's exclusions - might help.
zukovski:
Igor,
Getting back from trip. It goes without saying that a running program may do whatever is allowed to but, with nothing but minimal OS processes running, it is not expected to present processor overload, right?
I already solved my problem but since one can find many Google pages related to GbPlugin (gbpsv.exe) problems I list the following information to the benefit of other users affected by it:
-LEGITIMATE gbpsv.exe is a program installed by user permission and automatically updated by banks (brazilian only?), mandatory for secure internet transactions. See http://www.runscanner.net/lib/Gbpsv.exe.html
-HOWEVER, there are a lot of reports of infected gbpsv.exe (such as update 41516956) causing a range of problems up to total CPU clogging. That’s why to SIMPLY EXCLUDE GBPSV.EXE FROM FileSystem Shield's or AV SCRUTINY to avoid conflict problems, even when apparently legitimate, IS UNWISE
User’s reports/discussion, see: http://forum.clubedohardware.com.br/gbpsv-exe-como/535994?s=24415230440bdbfec9301f7bbd244f18& and
http://sistemaberto.blogspot.com/2008/04/vrus-gbpsvexe.html
Reported detection as trojan by AV Avira (positive? false-positive?): http://www.pcforum.com.br/cgi/yabb/YaBB.cgi?num=1305911694
Reported detection by file-threat analysis services (again, positive? false-positive?):
http://www.file.net/process/gbpsv.exe.html ; same with files’ origins (worldwide spread: people transacting with brazilian banks?) http://www.removespywaretips.com/exe-g/gbpsv-exe.html
Detection positive with slightly different name (gbpsr.exe), different location:
http://social.technet.microsoft.com/Forums/pt-BR/segviruspt/thread/47a0f8b3-1778-4e42-9b18-927fa886189d
-SOLUTION IN MY CASE (XP Pro + Explorer and Firefox + AVAST free, gbpsv.exe not detected as threat by AVAST, so supposedly it was just gbpsv.exe poor, conflicting update):
1) Boot of Mini XP from Hiren’s disc (gbpsv.exe does NOT uninstall the usual way). See http://www.hirensbootcd.org/download/
2) Manual deletion of entire GbPlugin directory at Program Files\ and Trash Can\
3) Shut-off and standard boot by Windows XP
4) Since one still wants to use internet banking, must reinstall gbpsv.exe, preferably from another version and bank site
5) Use of registry analysis and correction tool not mandatory but recommended
It worked fine.
Other ways to get rid of gbpsv.exe (infected or not) related problems were described by by file-threat analysis services (see links above), by http://forums.cnet.com/7723-6132_102-552090/how-do-i-delete-gbpsv-exe-gbplug-in-files-from-my-pc/ and http://alexandrecmachado.blogspot.com.br/2011/01/g-buster-browser-defense-vamos-brincar.html (in Brazilian Portuguese).
Navigation
[0] Message Index
[#] Next page