Solved

tmlisten process hogging about 50% of CPU : virus malware

Posted on 2013-06-16
6
1,414 Views
Last Modified: 2013-12-06
Around the time I installed EM YDT tool to download youtube
video on my Win XP laptop, the tmlisten process has been hogging
50% of my laptop's CPU.

I've uninstalled YDT software & rebooted laptop but it did not
help.  My laptop has 2 processor & looks like tmlisten is hogging
one of the processor.

Attached is the hijack (ver 2.05) output : let me know if there's
anything I can do to fix this CPU hog.

I've installed back YDT tool as I need to download some videos
hijackthis-17Jun13.txt
0
Comment
Question by:sunhux
  • 3
  • 2
6 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 20 total points
ID: 39251535
Nothing jumps out, except too many processes are running (some unneeded, i.e., should only run on demand).
0
 
LVL 4

Accepted Solution

by:
kdubendorf earned 470 total points
ID: 39251633
tmlisten is Trend Micro.  By chance, is your antivirus running an active scan?   That might account for some of the CPU usage.

Try disabling the Antivirus for 5 minutes and see if things return to normal.

If you want to do a quick check to see if you have picked up an infection, go to www.surfright.com and download Hitman Pro.   It's free for the first 30 days and will give you an indication of how clean your PC is.
0
 

Author Comment

by:sunhux
ID: 39252167
Glad that you've identified tmlisten is Trend Micro as another of my colleague
told me he hit almost 100% CPU on Trend Micro & when he unloads Trend
Micro, it resolves his issue.

My corporate has ceased supporting Trend Micro (& I must say my TM signatures
have been outdated by a few months) & corporate wanted us to go onto McAfee
but I did not get to reinstall with McAfee.

Frankly I prefer TM over McAfee but any idea why my TM which has behaving
well suddenly turned CPU hungry?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 4

Assisted Solution

by:kdubendorf
kdubendorf earned 470 total points
ID: 39252221
I'm thinking that either it's doing some sort of a scan or it is trying to clean out a virus.  If it's doing a scan you'll see the Trend Micro icon in the lower right section of the screen having some motion in it.  Otherwise it's probably trying to fight a virus.  Of it might be fighting with another AV but that doesn't sound like the case here.

If it's not scanning, try to run a few malware tools.  I suggest:

Malwarebytes
HitMan Pro
Possibly Combofix if either one of the other programs indicates a problem.


Use these tools to remove infections that they identify.


I'm with you about TM.  Can't understand why they'd go with McAfee.  TM has some great management and control tools that allow you to centrally monitor and manage multiple installations.
0
 

Author Comment

by:sunhux
ID: 39252222
http://esupport.trendmicro.com/solution/en-us/1059410.aspx

There's one possible answer above but in my case the link below is
closest to my issue :
http://esupport.trendmicro.com/solution/en-us/1061408.aspx

ie

The OfficeScan/WFBS client is having a hard time sending the logs to the the server. For a reason still unknown, some file/s inside the ..\Trend Micro\OfficeScan Client\HLog directory were corrupted and not being sent to the OfficeScan/WFBS server.
There is a high CPU usage because the client keeps on trying to send the corrupted file/s to the WFBS/OfficeScan server, creating a loop.
You can fix this by doing the following:
Restart the machine under Safe Mode. Follow the steps in this Microsoft article: To start the computer in safe mode.
Go to the ..\Trend Micro\OfficeScan Client\HLog directory and delete all the files inside.
Restart the machine back to normal mode.
The CPU utilization of the TmListen.exe process should be back to normal.

===================

just that my folder's name is "TrendMicro" instead of "Trend Micro"
& the HLog subfolder is missing from my laptop (Hmm, that's strange
as I never touch it) :

C:\Program Files\TrendMicro\Officescan Client>md HLog
0
 

Author Comment

by:sunhux
ID: 39252232
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Desktop_Anti-Virus/Q_24230717.html
Another link above indicated Diskeeper is the cause of it & I killed "Dkservice"
 from Taskmgr's Processes but it did not help.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now