cancel
Showing results for 
Search instead for 
Did you mean: 
NS_Bob
Level 7

What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

There is a process Captur~e.exe (full name above) that has somehow entered my system and is hogging my RAM and slowing down the computer drastically as about 95% of the 2 GB is being used. I can't find the Program creating this process through a search so I have to Tremininate the process in the Resource Monitor of Windows 7.

Is this a Trojan? McAfee Security Center has not picked it up in a scan. How can I locate this file and remove it? Any help out there?

Thanks, Bob

0 Kudos
9 Replies
exbrit
Level 21

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

http://www.5star-shareware.com/Windows/Graphics/Screen-Capture/capture-express.html

Did you download that or was it an option as a part of another download?

Scan your machine with an independant anti-spyware application such as the free version of this tool.  Update it before running:

Message was edited by: Ex_Brit on 11/13/09 12:23 PM
0 Kudos
NS_Bob
Level 7

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Hi Peter,

Thanks for the link to this software. As I have had to reinstall all my software coming from XP to Windows 7, this has obviously been installed at some point unknown to me during the past week. Now to find and remove it. A Search of my C:\ drive using Windows Explorer did not turn up this program so I am presently doing a scan with the Software you have suggested. Back in a bit.

Thanks again,

Bob

0 Kudos
exbrit
Level 21

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

If that doesn't help and you can't find reference to the software anywhere you could try the following:

Enable Windows Firewall while you are unprotected by McAfee.

The regedit procedure can be done offline anyway.

Go to Start/Run and enter regedit and click OK.
A page should open with the top left hand corner looking like this:


if for some reason it's expanded, collapse it and then highlight My Computer (Computer in Vista).
Go to File tab and click "Export" and send all of the registry to your desktop. This is in case something goes wrong. It can then be rebuilt by simply double-clicking that desktop item.
Now click the Edit tab and then "Find". Enter "Pinnacle" (minus the "") then click "Find next" (or hit the enter key).
Whatever is found, right-click and delete.
Hit your F3 key for the next instance and keep going until all entries are gone.
If one says it can't be deleted this is where it gets complicated. You have to then find which key on the left column pertains to it and right-click/Properties/Permissions and give yourself permission.
If that happens stop and let me know if you aren't sure of what to do.

If all is successful that entry could not possibly remain and you can then delete the registry backup.

This has to be done when signed in as an Administrator by the way.

You may have to repeat it using "Capture_Express" and/or "Capture" minus the "" - it can be a long process.
Just be very careful you only delete it though otherwise things can go dreadfully wrong.


Message was edited by: Ex_Brit on 11/13/09 2:59 PM
0 Kudos
NS_Bob
Level 7

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Hi Peter,

The registry is an area I am not comfortable editing but may try your suggestion. Having done a search and used 3 different Malware programs, I cannot find this file or the program associated with it.

I am now not sure that this Captur~3.exe file has anything to do with Capture_Express_1.3.exe which is identified here: http://spywarefiles.prevx.com/RRHFAE4655841/CAPTURE_EXPRESS_1.3.EXE.html but it appears to be an unwanted program. I notice that when I terminate the process, it pops right back up again as a process....I can't kill it.

Here is a link to someone else experiencing the same problem http://www.phpfreaks.com/forums/index.php/topic,273312.msg1290908.html#msg1290908

I'm baffled.

Thanks, Bob

0 Kudos
exbrit
Level 21

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Well you could post a Hijackthis log on one of the following forums along with an explanation and they will probably give some good advice on  what to do next.

DOWNLOAD HIJACKTHIS

Do not post the log here, we can't help!

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

MAJOR GEEKS FORUM

MALWAREBYTES FORUM

MALWARE REMOVAL FORUM

SPYWAREHAMMER FORUM

SPYWARE INFO FORUM

WHAT THE TECH FORUM

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

0 Kudos
NS_Bob
Level 7

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Hi Peter,

Thanks for all this information and there has to be an answer somewhere and I appreciate your helpful suggestions.

Bob

0 Kudos
exbrit
Level 21

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

You're welcome and good luck.

0 Kudos
NS_Bob
Level 7

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Hi Peter,

I finally found the culprit! It is a file called CaptureBase.exe which is shortened in the System Monitor program to Captur~3.exe and used in the WinTV program from Hauppage for a PCI TV tuner I have installed. I was watching TV on the monitor and when I disabled this process, this program stopped! I then searched the WinTV program files and found 3 files starting with Capture, CaptureBase.exe being one of them.

The day was not a total loss as I learned something new.

Again, thanks for your suggestions and hope others can benefit from what I have discovered.

Regards, Bob

0 Kudos
exbrit
Level 21

Re: What is CAPTURE_EXPRESS_1.3.EXE hogging up over 60% of my RAM?

Well that's good news.  There is a way of submitting files that are wrongly identified as malware.

See: http://community.mcafee.com/message/6645#6645 or....

Send a file to Avert Labs for analysis:

http://vil.nai.com/vil/submit-sample.aspx

or

https://www.webimmune.net/default.asp

or

Email file to: mailto:virus_research@avertlabs.com

When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected

0 Kudos