Malware labeled as "Wsappx" service
Malware labeled as "Wsappx" service
Last week, my laptop (Asus K501UX) encountered difficulties when trying to log in with a user account. After Windows Logon, the screen would often remain black with just the cursor visible. This issue affected three different accounts on the machine. About 20% of the time, the black screen would clear after a minute, but most of the time I or my sister had to restart the computer to get it working again. Sometimes it required two to four restarts for successful login.
I suspected the problem was related to the Intel HD Graphics driver I recently updated, which became unstable after the Windows 10 driver update. However, that wasn’t the root cause. A few days after the first black screen, a Windows process named "wsappx" began consuming up to 40% of my CPU, leading to lag and performance issues with other high-CPU applications like Games (especially Elsword, The Sims 4 & War Thunder) and Adobe Media Encoder.
According to the service description, this process was meant to keep the Windows Store functional, but it also required the Windows Store to run. I checked the status of the Store and found several pending updates—two apps were stuck in installation, and six others were waiting. Despite them running, I suspected a problem with the update server.
The worst happened on Friday when many UWP applications suddenly stopped working in my sister’s account. It was late at night, so I couldn’t fix it. Additionally, her boot-up and shutdown times increased significantly. On Saturday, she used the laptop all day watching Netflix. That night, when I tried to use it, my account was extremely slow. Only Groove Music and Visual Studio were open, yet they didn’t slow down the system. In the Task Manager, I noticed something unusual: 70% of CPU usage at turbo speeds, 7.1 GB of RAM used out of 8 GB, 19 GB of virtual memory consumed, 2.5 Mbps upload speed on an SSD that was only 10 Mbps.
Since I wasn’t doing anything resource-intensive, especially during uploads, I realized something was wrong. I confirmed that other accounts were signed off, my torrent client was closed, and Windows wasn’t sharing updates through my PC—suggesting a possible virus.
I ran a Boot-time scan with Avast! Antivirus and restarted the computer, expecting to find a virus. The scan took six hours to process 2.25 TB of storage. Afterward, all previous issues vanished. I wanted to share this experience so others could resolve similar problems quickly and avoid unwanted behavior on their systems.
Also, the 2.5 Mbps upload speed indicates the virus had managed to access my device, though I don’t have concrete details about what it took. Thank you for reading, and have a great day! Sorry if my English was unclear.
Next time I’d suggest using Kaspersky, Malwarebytes, or Bitdefender first, scanning your system files before moving through other folders. Begin with the C drive and Windows-related directories, then expand to the entire drive. This approach increases your chances of detecting the virus in common hiding spots.
The system ran two wsappx services or one legitimate service with a disguised process. It's unclear if the malware exploited a genuine service for its actions. Running a legitimate service under a different name is typical and not a major concern. However, using wsappx to carry out its tasks raises red flags since wsappx is a protected process meant to be secure.
I'm trying to figure out what wsappx was about. I don't have concrete evidence linking it directly to the malware. However, the service seemed to consume a lot of resources, and the Windows Store downloads stopped working. After deleting the malware, wsappx remained active but used very few resources, and other UWP apps resumed functioning normally. It appeared to be the sole running instance of that service, which I couldn't disable. Likely, the malware took over a vital Windows service.