I’ve had a few computer issues over the course of the last week. First the cooling fan packed up on my computer. Got a new fan and fixed that. Then I started having some data loss issues on my hard drives. I think I’ve solved that. Then I notice a process called “spd.exe” maxing out my CPU. I think I’ve fixed that.
They say these things come in threes, so hopefully I’m all fixed. For now !
It’s been quite frustrating at times trying to resolve these issues. My computer had it’s lid off 10 times on the one day – I was cursing, more than a little bit !
Positives that have come are that I’m making better provision for backup of my data, and the ongoing task of backing up to the cloud will continue. I’ve got a much more effective cooling system on my computer now than I had before, which means I can run the CPU at full throttle without the machine crashing – So I’ve solved a major bugbear. And I’ve become more adept at spotting and removing viruses from my computer. Happy, in the end yes 🙂
The fan and the hard drive issues aren’t all that interesting. If someone said they wanted to know more about how to cool a desktop PC effectively, then perhaps I’ll post.
For me documenting the virus I’m doing because I couldn’t find a virus scanner or other piece of software to remove it automatically. So it may be helpful for others searching on Google for “the answer”.
Removing the SPD.EXE virus from Windows 7
I noticed that I had a process in my “Task Manager” running at 100% CPU – spd.exe, also pretends to be “cFosSpeed Service”. As I wasn’t running anything else on the machine I thought it odd. A few Google searches later and I learn that it may be a virus or malware. Inspection of the virus’ files which include libcurl.dll, confirmed my concerns that it’s a virus (or malware). My Microsoft security essentials hadn’t picked it up. So I tried CCleaner and Malwarebytes, both of which failed to recognise spd.exe as a problem. I even installed something called UnHackMe which was recommended on the page I found the info about the spd.exe virus. This didn’t recognise it either.
So what to do ? Well I’m fairly handy with technology – so fix it myself. I’m not aiming this as a newbie step-by-step guide, it’s more a document that would aid power users or the makers of Malwarebytes/anti-virus software to be able to remove.
To remove the virus, you’ll need to locate all the files. In my case – %TEMP%\TMP-SETUP.EXE and the files in %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\*
The virus also puts an entry into the registry so it’ll start itself on machine startup. In regedit search for “SpeedUpSystem”. I learn’t this from looking at %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\aso.bat file which writes the entry in the registry.
And you’ll need task manager open to kill the process.
In my case I also archived the files in a password encrypted .rar archive, in case I want to inspect in future for whatever reason.
The removal process : –
1. Kill the spd.exe process in Task Manager.
2. Delete all files and the directory itself – %APPDATA%\ADOBE\FLASH PLAYER\SPEEDCACHE\*
3. Delete the file %TEMP%\TMP-SETUP.EXE
4. Delete the registry entry for “SpeedUpSystem”
5. Restart the machine.
6. Job should hopefully be done – check task manager to make sure spd.exe isn’t running anymore.
Hope this helps someone somewhere !
Resources and Sources
Info I found on spd.exe virus – http://greatis.com/blog/how-to-remove-malware/spd-exe.htm
Malwarebytes – https://www.malwarebytes.org/
CCleaner – http://www.piriform.com/ccleaner/download