my system is behaving strangely this time. whenever i am online my system gets slow, when i check the processes i found 2 instances of svchost and one of them was using more than 90% of the cpu. assuming it a virus or a spyware tried scanning using mcafee (virus def updated), adware, hijackthis but failed. the os is windows xp pro. i have gone through the previous posts and google too but am not satisfied.
can anyone help.
September 13th, 2004, 06:05 PM
Hmmm, that is odd.
I have two instances running one is described as "Local Service" and the other as "Network Service".................you need to have the "user name" column enabled in Task Manager.
Please re-check the names very carefully, is the spelling EXACTLY the same?
Then do a search on your computer and see how many instances of the program you have and what the access path(s) is/are.
Go to the Trend Micro site and run "Housecall", it is their free, online scanner.
Please let me know what you find :)
September 13th, 2004, 06:16 PM
you can see what service is running under each svchost pid issuing
"tasklist /svc" on a command prompt. It will show you by pid which services that "svchost" is serving....
September 13th, 2004, 07:18 PM
I think that is the next step after eliminating the malware possibility.
As we know, malware frequently uses similar names to valid files, or the same name in an invalid location.
If that is not the case then it sounds very much like some sort of conflict. To do that, you indeed need to identify processes and switch things on and off until you find out which ones are the culprits.
Malware is generally easier to detect and rectify than conflicts or corruption, so I tend to try to eliminate it first :D
September 13th, 2004, 07:26 PM
i got it nihil, but im just trying to get all infro at once :D
on tasklist we may identify real ones (with the serving functions) and the fake ones
September 14th, 2004, 02:54 AM
:eek: Maybe you are infected with some unknown virus (not known to any antivirus company yet)
Use the exe file inside the zip file i attached, run in dos mode and capture to a text file and show us.
i.e: fport.exe > processes.txt
Well that is if after reading the text file, you still dont know what to do.
Please do a scan on the zip/exe file first before you unzip/ execute.
I dont think my file is infected, but just to clear my responsibility.
This fport will show you the path of the processes running. SVCHOST should be inside winnt\system32
directory not anywhere else. if it is not, it is not the real svchost file that you want to keep in your pc. Do a quick backup and remove it. (Also forward the problematic svchost file to anti virus company for checking).
(This is important, so that the same virus never come back.)
After that check how it was activated, registry, winstart.bat, autoexec.bat, win.ini etc etc and have it remove
When anti-virus company is not as up-to-date as you, this is one of the better way to detect and remove
:mad: Anything goes wrong dont blame me....as.....