Author Topic: Excessive and frequent CPU usage with version 7.0.1426 even when idle  (Read 13804 times)

0 Members and 1 Guest are viewing this topic.

Offline zukovski

  • Jr. Member
  • **
  • Posts: 21
-Frequent peaks of CPU usage with v. 7.0.1426 in MS Windows XP Pro, dual-processor Intel CPU environment, presumably caused by Sf.bin process
-Unecessary activation of Sf.bin at constant and very short intervals even when computer is idle (no programs running, no files opening or closing)
-Consequently, pointer sign of background processing keeps blinking, very annoying mostly when precise vision and pointing is needed in detailed graphic applications

-HINT: Above problems stop when Files Module configuration is set inactive but then ... basic protection is also gone!
Can anyone help? Thanks
zukovski

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #1 on: March 13, 2012, 11:56:34 AM »
Obviously, the computer is not really idle, but rather some applications are being started (and scanned, subsequently).
If you check the FileSystem Shield's "last scanned" field, you should be able to say what that is.

Offline zukovski

  • Jr. Member
  • **
  • Posts: 21
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #2 on: March 14, 2012, 12:37:48 AM »
Sorry for being inaccurate, Igor: obviously, there were some background processes running but with minimal CPU usage, as opposed to Sf.bin, which was showing CPU usage peaks. Your advice was very useful because, indeed, the frequent file scanning was associated with activation of process GBPSV.EXE, the GBPlugin installed by several brazilian banks to enhance internet banking secutity that became a nightmare to users.
That's my corrent hypothesis for the problem but I can't be certain because this plugin is protected against killing ou uninstallation and resisted some of the solutions recommended by user's forums I've tried up to now. Brazilian users facing the same problem and willing to help in testing the hypothesis may begin by http://forum.clubedohardware.com.br/gbpsv-exe-como/535994.
I'll keep you posted.Thanks.
zukovski

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #3 on: March 14, 2012, 12:46:37 AM »
It's not just "running" - those wouldn't be rescanned. The executable should be starting (and most likely exiting) repeatedly to trigger the scan (which is a bit strange behavior).
Anyway, if this executable appears in the "last scanned" field (and the scanned count grows continuously), you can try to put the path to this particular executable to the list of FileSystem Shield's exclusions - might help.
« Last Edit: March 14, 2012, 12:49:56 AM by igor »

Offline zukovski

  • Jr. Member
  • **
  • Posts: 21
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #4 on: March 27, 2012, 10:41:51 PM »
Igor,
Getting back from trip. It goes without saying that a running program may do whatever is allowed to but, with nothing but minimal OS processes running, it is not expected to present processor overload, right?
I already solved my problem but since one can find many Google pages related to GbPlugin (gbpsv.exe) problems I list the following information to the benefit of other users affected by it:
-LEGITIMATE gbpsv.exe is a program installed by user permission and automatically updated by banks (brazilian only?), mandatory for secure internet transactions. See http://www.runscanner.net/lib/Gbpsv.exe.html
-HOWEVER, there are a lot of reports of infected gbpsv.exe (such as update 41516956) causing a range of problems up to total CPU clogging. That’s why to SIMPLY EXCLUDE GBPSV.EXE FROM FileSystem Shield's or AV SCRUTINY to avoid conflict problems, even when apparently legitimate, IS UNWISE
User’s reports/discussion, see: http://forum.clubedohardware.com.br/gbpsv-exe-como/535994?s=24415230440bdbfec9301f7bbd244f18&amp and
http://sistemaberto.blogspot.com/2008/04/vrus-gbpsvexe.html
Reported detection as trojan by AV Avira (positive? false-positive?): http://www.pcforum.com.br/cgi/yabb/YaBB.cgi?num=1305911694
Reported detection by file-threat analysis services (again, positive? false-positive?):
http://www.file.net/process/gbpsv.exe.html ; same with files’ origins (worldwide spread: people transacting with brazilian banks?) http://www.removespywaretips.com/exe-g/gbpsv-exe.html
Detection positive with slightly different name (gbpsr.exe), different location:
http://social.technet.microsoft.com/Forums/pt-BR/segviruspt/thread/47a0f8b3-1778-4e42-9b18-927fa886189d
-SOLUTION IN MY CASE (XP Pro + Explorer and Firefox + AVAST free, gbpsv.exe not detected as threat by AVAST, so supposedly it was just gbpsv.exe poor, conflicting update):
1) Boot of Mini XP from Hiren’s disc (gbpsv.exe does NOT uninstall the usual way). See http://www.hirensbootcd.org/download/
2) Manual deletion of entire GbPlugin directory at Program Files\ and Trash Can\
3) Shut-off and standard boot by Windows XP
4) Since one still wants to use internet banking, must reinstall gbpsv.exe, preferably from another version and bank site
5) Use of registry analysis and correction tool not mandatory but recommended
It worked fine.

Other ways to get rid of gbpsv.exe (infected or not) related problems were described by by file-threat analysis services (see links above), by http://forums.cnet.com/7723-6132_102-552090/how-do-i-delete-gbpsv-exe-gbplug-in-files-from-my-pc/ and http://alexandrecmachado.blogspot.com.br/2011/01/g-buster-browser-defense-vamos-brincar.html (in Brazilian Portuguese).
zukovski

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #5 on: March 28, 2012, 03:01:51 AM »
Mandatory for secure internet transactions.
It's a pity that we cannot use online banking without it anymore. It's well known that it causes troubles for some applications and for the whole computer also.
Soluto does not work because of it. Other frozen computers also.
I know it's a security tool. I know it's developed for good. But it's not well tested and developed in my personal opinion.

That’s why to SIMPLY EXCLUDE GBPSV.EXE FROM FileSystem Shield's or AV SCRUTINY to avoid conflict problems, even when apparently legitimate, IS UNWISE
Users, do NOT do that as Zukovski says. There are quite some banking trojans that mimic the authentic plugin.
The best things in life are free.

Offline zukovski

  • Jr. Member
  • **
  • Posts: 21
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #6 on: April 01, 2012, 12:17:00 PM »
That’s why to SIMPLY EXCLUDE GBPSV.EXE FROM FileSystem Shield's or AV SCRUTINY to avoid conflict problems, even when apparently legitimate, IS UNWISE

Quote
Users, do NOT do that as Zukovski says. There are quite some banking trojans that mimic the authentic plugin.

Tech, i didn't understand your commnent: that's exactly because trojans mimic the authentic banking plugin that I said it is UNWISE (that is, DON'T DO IT) to exclude it from the scrutiny of your security tools (that exclusion was suggested by Igor in his second reply).
Also, if the plugin is causing trouble and you want to delete it from your computer, and later reinstall a well-performing version in order to perform internet banking operations, I really see no problem with the recommended procedures: it worked absolutely fine.

Best regards.
zukovski

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #7 on: April 02, 2012, 02:27:01 PM »
Tech, i didn't understand your commnent: that's exactly because trojans mimic the authentic banking plugin that I said it is UNWISE (that is, DON'T DO IT) to exclude it from the scrutiny of your security tools (that exclusion was suggested by Igor in his second reply).
We're saying the SAME with different words. I was not arguing, just confirming.
The best things in life are free.

balem

  • Guest
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #8 on: April 10, 2012, 01:00:03 AM »
The conflict of use by the application cauxado GBPSV compared to Avast, can be solved by adding an exclusion for scan by Avast as tutorial published on the website: http://www.hti.com.br/help/knowledgebase.php?article = 97

He had previously tried to do what the site guides, however, did not realize we have to record the path EXACTLY like Avast scans: C: \ PROGRA ~ 1 \ GBPLUGIN \ GBPSV.EXE


O conflito de utilização cauxado pelo aplicativo GBPSV em relação ao Avast, pode ser resolvido adicionando uma exclusão de varredura pelo Avast, conforme tutorial publicado no site : http://www.hti.com.br/help/knowledgebase.php?article=97

Já havia tentado anteriormente fazer o que o site orienta, contudo, não percebi que temos que registrar o caminho EXATAMENTE como o Avast faz a varredura: C:\ARQUIV~1\GBPLUGIN\GBPSV.EXE

Gostaria de agradecer ao autor do tutorial. Valeu !

dujuan

  • Guest
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #9 on: April 11, 2012, 08:31:59 AM »
Corrent the hypothesis of my problem, but I'm not sure, because the killed OU uninstall the plug-in to protect, prevent and resist, some users of the forum proposed solutions, up to now I've tried.

lfariarj

  • Guest
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #10 on: April 12, 2012, 03:47:44 PM »
This plugin is a plague and is not possible to remove it from your computer once it's installed. Forget all the procedures described. Besides, it's unwise to write it in the AVAST list of exclusions. Instead, exclude it from the AUTOSANDBOX.

This way:
FILE MODULE -> ADVANCED CONFIG -> AUTOSANDBOX -> EXCLUSION FROM AUTOSANDBOX -> C:\ARQUIV~1\GBPLUGIN\GBPSV.EXE -> OK

AVAST try to scan this file in the sandbox everytime some activity is detected, because it is considereded a suspicious file, causing the conflict. The exclusion from AUTOSANDBOX allows the file be scanned normally and ends the CPU consuption.

Hope it helps.

Offline seb3343

  • Newbie
  • *
  • Posts: 2
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #11 on: April 17, 2012, 04:31:26 PM »
lfariarj, can you please explain why it is safer to exclude it from the AUTOSANDBOX than to add it to the AVAST list of exclusions?
I have had the same problem for several days and both lists of exclusions work.
Thanks!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #12 on: April 17, 2012, 04:46:56 PM »
If you exclude it from autosandboxing, it won't be autosandboxed, but it will still be scanned.
A full exclusion will exclude it even from scanning - so if it gets infected, it will be executed without being stopped.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #13 on: April 17, 2012, 11:12:13 PM »
If you exclude it from autosandboxing, it won't be autosandboxed, but it will still be scanned.
A full exclusion will exclude it even from scanning - so if it gets infected, it will be executed without being stopped.
Igor, can you check this plugin?
There are other users in the Portuguese forum that are complaining about this a lot.
I can translate your info to them :)
The best things in life are free.

lfariarj

  • Guest
Re: Excessive and frequent CPU usage with version 7.0.1426 even when idle
« Reply #14 on: April 18, 2012, 08:31:19 PM »
In regular situations, this file is a plug-in installed for 'safer' internet banking. In Brazil, Banco do Brasil, Caixa Econômica, Banco Santander and may be other banks, check for this plug-in to allow electronic transactions. Then, usually, it is not a virus or trojan. However is an executable file and is target of infections.

It is hard to remove it from windows boot, once the file scan continuously registry entries e try to detect any change in its process. It even rebuilds entries and dlls deleted.

This is the G-Buster Browser Defense site: http://www.gastecnologia.com.br/site/en/Product.aspx