Fishy command line...

For awhile now iv been having some some trouble with a process i believe has been turned to the dark side.
If my computer idles for 2 minutes a process hidden behind svchost.exe starts up with this commandline attached to it “-o http://85.214.220.1:81 -u user2 -p UB97ad2 -w 128 -I d -k poclbm --api-listen”, at this point my computer grinds to a halt with CPU usage hitting 100% and as soon as i touch my mouse or keyboard it vanishes again.
Iv tried searching for the process in question with scans but full and boot plus manually going through processes that activated in that time frame but that list is pretty large.
So far iv counteracted it by installing a anti-idle program that shakes my mouse a pixel every 2 minutes but I would rather get rid of it for good, especially seeing that if I read those line correctly its installing. logging and uploading every time it activates.

Any help on this subject is greatly appreciated and thanks in advance!
Kyle

Was this another of your postings or just a related one from someone else? http://www.bleepingcomputer.com/forums/topic470099.html

polonus

hi KylevT,

RE: hxxp://85.217.220.1, see the following:
https://www.virustotal.com/url/9cfca9fee0872577969af22865ec9b5a340fc939cb7d7a894108572b7dbdbf1e/analysis/1351113057/
http://zulu.zscaler.com/submission/show/9cbada5ff3f58658e4e896e6d4884268-1351113106 Note Code 401 under Redirects.
http://urlquery.net/report.php?id=254950
http://wepawet.iseclab.org/view.php?hash=14ac8f825c28031ed2cdc54389fc8d3a&t=1351113241&type=js
http://www.whois.net/ip-address-lookup/85.214.220.1
http://whois.domaintools.com/85.214.220.1

polonus: No that isn’t me, I also found that thread on my searches.

And even though the URL cons up clean in most searches doesn’t mean it isn’t malicious, from my own investigations I believe it to be part of a botnet aimed at bitcoin mining. And of I don’t fix it, it will damage my computer physically.

If you wish, we can have a malware specialist check your system to ensure it is clean or not.

Please read: http://forum.avast.com/index.php?topic=53253.0

Please run and then attach logs from the following programs: AdwCleaner, Malwarebytes (MBAM), OTL, and aswMBR.exe

Use ‘Attachments and other options’ below to attach all logs in your next reply.