malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to fix WindowServer high CPU usage (Mac)

It is a native service that comes pre-installed on all Mac-based devices. The main purpose of it is to optimize the proper display of graphical elements onto your screen. It uses the CPU power to carry out the image of what you see while interacting with apps, icons, or simply switching some tabs in Safari. This is why it is so essential and irreplaceable for owners of macOS. Although Mac is world-famous for its stability and flawless operation, sometimes users may stumble into a very unpleasant spot - high consumption of CPU resources by WindowServer. As a result, Mac starts becoming sluggish, laggy, or even hard-to-use normally due to the downgraded performance. The same scenario may happen with similar processes like nsurlsessiond, mdnsresponder, mds_stores, hidd, trustd, and syslogd as well. The abnormal behavior of WindowServer is likely to be related to one of the above-mentioned processes. You may see some of these processes standing in line with WindowServer eating a high number of resources. In case of a bug, one process can pull other related into a fault. The phenomenon of high CPU usage by one of these processes may range from basic to more complex causes. Many users can fix the issue by shrinking the number of graphical elements working on Mac at the same time. The reason can be a cluttered desktop or multiple screens (especially 4K) connected to a single machine. In rarer cases, the high CPU usage of WindowServer may also be caused by unwanted or malicious behavior running some stuff under a certain. This guide below will give an expert look at how to lower the usage of CPU by WindowServer and related processes on Mac. The solutions should not take much time to get the desirable result of rolling your Mac back to solid performance.

How to remove Rook Ransomware and decrypt .rook files

Being a dangerous ransomware virus, Rook targets data encryption and tries to blackmail users into paying the ransom. The virus is easy to distinguish from other versions as it assigns the .rook extension to all blocked data. This means a file like 1.pdf will change to 1.pdf.rook and reset its original icon upon successful encryption. Right after this, Rook Ransomware creates a text note named HowToRestoreYourFiles.txt showing users how they can recover the data. The text note content says you can restore access to the entire data only by contacting swindlers and paying the money ransom. Communication should be established by e-mail (; or TOR browser link attached to the note. While writing a message to cyber criminals, victims are offered to send up to 3 files (no more than 1Mb) and have them decrypted for free. This way cybercriminals prove decryption abilities along with their trustworthiness to some extent. Also, if you contact extortionists within the given 3 days, cybercriminals will provide a 50% discount for the price of decryption. Unless you fit in this deadline, Rook developers will start leaking your files to their network to abuse them on darknet pages afterward. They also say no third-party instruments will help you recover the files.

How to remove Rigj Ransomware and decrypt .rigj files

If you cannot open your files and they've got .rigj extension added at the end of the filenames, it means your PC is infected with Rigj Ransomware, the part of STOP/Djvu Ransomware family. This malware is tormenting its victims since 2017 and has already become the most widespread ransomware-type virus in history. It infects thousands of computers per day using various methods of distribution. It is using a complex combination of symmetric or asymmetric encryption algorithms, removes Windows restore points, Windows previous versions of files, shadow copies and basically leaves only 3 possibilities for recovery. The first is to pay the ransom, however, there is absolutely no guarantee, that malefactors will send the decryption key back. The second possibility is very unlikely, but worth trying - using a special decryption tool from Emsisoft, called STOP Djvu Decryptor. It works only under a number of conditions, that we describe in the next paragraph. The third one is using file-recovery programs, which often act as a workaround for ransomware infection problems. Let's observe the ransom note file (_readme.txt), that the virus places on the desktop and in the folders with encrypted files.

How to fix CLOCK_WATCHDOG_TIMEOUT error in Windows 10

Abrupt errors along with no knowledge to fix them may turn your PC experience into a world of trouble and nightmare. The name of today's culprit is CLOCK_WATCHDOG_TIMEOUT - a very annoying and rare stop error denying access to normal and flawless usage. Usually, this type of error means something has caused your system to fault with hardware connected. In other words, the context of this error says there are incompatibility problems preventing some hardware components from establishing proper communication with Central Processing Unit (CPU). They can be encountered by the system while trying to launch some process. The Blue Screen of Death displaying the CLOCK_WATCHDOG_TIMEOUT error may interrupt your experience anytime while playing a videogame, running a program, or other daily activities often executed by users. While there are a couple of subtypes originating from CLOCK_WATCHDOG_TIMEOUT, the most popular reasons leading to malfunctioned communication between your CPU and hardware are usually corrupted files, bugged or outdated drivers, faulty updates, incompatible software, and other problems related to RAM, malware, and even BIOS settings. Such a variety of issues may seem too much to handle, but you should not be worrying that much since we are going to solve this error together. Just follow our instructions below and fix the abovementioned error once and for all.

How to remove HarpoonLocker Ransomware and decrypt .locked files

HarpoonLocker is the name of a recent ransomware infection reported by users on malware forums. The virus runs encryption of data with AES-256 and RSA-1024 algorithms making all restricted data cryptographically secure. As a result of this configuration change, users will be no longer able to access their own data stored on infected devices. HarpoonLocker assigns the .locked extension, which is commonly used by many other ransomware infections. This makes it more generic and sometimes hard to differ from other infections like this. It also creates a text note (restore-files.txt) containing ransom instructions. Developers say all data has been encrypted and leaked to their servers. The only way to revert this and get files back safely is to agree on paying the ransom. Victims are instructed to download the qTOX messenger and contact extortionists there. There is also an option to try decryption of 3 blocked files for free. This is a guarantee given by cybercriminals to prove they can be trusted. Unfortunately, there are no other contacts apart from qTOX that victims could use to get into a discussion with cybercriminals. Many cyber researchers joked that HarpoonLocker should also be called Unnamed qTOX Ransomware since there is nobody victims can talk to. For this and many other reasons, it is highly advised against meeting the listed requirements and paying the ransom. Quite often cybercriminals fool their victims and do not send any decryption tools even after receiving the money.

How to remove Robm Ransomware and decrypt .robm files

Being part of the DJVU/STOP family, Robm is a new ransomware infection targeting data encryption. Just like other malware of this type, STOP Ransomware of this version appends its own .robm extension to encrypted files. To illustrate, an innocent file like 1.mp4 will change to 1.pdf.robm, and similarly with other files. Developers of ransomware infections pursue monetary benefits - this is why there are providing paid instructions to decrypt your data. This information can be found in a text note (_readme.txt) created in each folder with the encrypted files. Inside of it, developers give a condensed summary of what happened to your PC. It is said that all of your pictures, databases, documents and other valuable data were encrypted with strong algorithms, but can be returned. To do this, victims should purchase the decryption tool along with a unique key held by cybercriminals. The original price equals 980$, however, it can be decreased by 50% if you contact swindlers during the first 72 hours. Before doing so, you can also get a video overview of the decryption tool and send 1 random file (that does not contain valuable intel) to test whether developers can decrypt your files for free. Unfortunately, there is no guaranteed way to decrypt files without the involvement of cybercriminals themselves. No other software provided by anti-malware companies can match the necessary ciphers to unlock data affected by Robm.