svchost using 99% of cpu
Results 1 to 6 of 6

Thread: svchost using 99% of cpu

  1. #1
    Junior Member
    Join Date
    Jun 2004
    Posts
    11

    Question svchost using 99% of cpu

    hi all,
    my system is behaving strangely this time. whenever i am online my system gets slow, when i check the processes i found 2 instances of svchost and one of them was using more than 90% of the cpu. assuming it a virus or a spyware tried scanning using mcafee (virus def updated), adware, hijackthis but failed. the os is windows xp pro. i have gone through the previous posts and google too but am not satisfied.
    can anyone help.
    bye
    aladdin
    Aladdin

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmm, that is odd.

    I have two instances running one is described as "Local Service" and the other as "Network Service".................you need to have the "user name" column enabled in Task Manager.

    Please re-check the names very carefully, is the spelling EXACTLY the same?

    Then do a search on your computer and see how many instances of the program you have and what the access path(s) is/are.

    Go to the Trend Micro site and run "Housecall", it is their free, online scanner.

    Please let me know what you find

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    you can see what service is running under each svchost pid issuing
    "tasklist /svc" on a command prompt. It will show you by pid which services that "svchost" is serving....
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    cacosapo,

    I think that is the next step after eliminating the malware possibility.

    As we know, malware frequently uses similar names to valid files, or the same name in an invalid location.

    If that is not the case then it sounds very much like some sort of conflict. To do that, you indeed need to identify processes and switch things on and off until you find out which ones are the culprits.

    Malware is generally easier to detect and rectify than conflicts or corruption, so I tend to try to eliminate it first
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    i got it nihil, but im just trying to get all infro at once

    on tasklist we may identify real ones (with the serving functions) and the fake ones
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    Member
    Join Date
    Aug 2004
    Posts
    34
    Maybe you are infected with some unknown virus (not known to any antivirus company yet)
    Use the exe file inside the zip file i attached, run in dos mode and capture to a text file and show us.
    i.e: fport.exe > processes.txt

    Well that is if after reading the text file, you still dont know what to do.
    Please do a scan on the zip/exe file first before you unzip/ execute.
    I dont think my file is infected, but just to clear my responsibility.

    This fport will show you the path of the processes running. SVCHOST should be inside winnt\system32
    directory not anywhere else. if it is not, it is not the real svchost file that you want to keep in your pc. Do a quick backup and remove it. (Also forward the problematic svchost file to anti virus company for checking).
    (This is important, so that the same virus never come back.)

    After that check how it was activated, registry, winstart.bat, autoexec.bat, win.ini etc etc and have it remove
    permanantly.

    When anti-virus company is not as up-to-date as you, this is one of the better way to detect and remove
    viruses.


    ___________________________________________________________________________________
    Anything goes wrong dont blame me....as.....

    moonlight_XXX <--------- newbie

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides