|
-
June 27th, 2005, 11:19 AM
#1
svchost.exe taking up 25mb ram?
For some reason, svchost.exe is taking up nearly 25mb of ram. I'm using kaspersky with updates and sygate personal pro and microsoft antispyware beta. The firewall keeps showing messages about someone trying to gain access but my guess is the whole network of my isp is infected with a virus which spreads itself through the network. I've put up pics of the task manager and the firewall logs. Is this svchost.exe a trojan? I'm not getting anything with kaspersky and the antispyware. Any leads?
Task manager
Sygate
-
June 27th, 2005, 11:33 AM
#2
This isn't uncommon. svhost is a generic process (various services that run from DLLS will run under this name) and can occupy a lot more memory space than you are seeing.
See here:
http://support.microsoft.com/?kbid=314056
If you really want to know what your machine is doing, go download tcpview from www.sysinternals.com and then watch the processes and connections.
Going further, you can even fire up a sniffer (ethereal would be my pick on Windows) and watch all the traffic coming and going from your host. This combonation will tell you what's going on.
The screenshot of your firewall log is pretty useless except for showing that the traffic you believe is virus activity is coming from an RFC 1918 address space, i.e. it's traffic on your local network.
but my guess is the whole network of my isp is infected with a virus which spreads itself through the network.
This guess would be wrong.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 27th, 2005, 11:59 AM
#3
So, you say, there's no need to worry. I was a bit apprehensive coz, svchost usually shows some 5mb-10mb. Thanks for the quick reply.
-
June 27th, 2005, 04:49 PM
#4
In this case no, however, viruses and worms are known to actually spawn processes with the name svchost and variations of the name. Again, further analysis using the tools mentioned will be able to tell you if indeed you have an unknown/undetected piece of malcode running. There are many other techniques to discover these things but given the scope of the conversation, the ones mentioned are appropriate.
As for your firewall log, I bet you money if you walk up to the other hosts on your LAN then do an IPCONFIG from the command line, the IP addresses will match up to those in your fw log (as long as they haven't received a new DHCP addy). I would take a peek at what they're up to then filter the fw logs/settings to dismiss the activity if it is normal.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 27th, 2005, 06:38 PM
#5
checking your profile i see your running XP. open a command prompt and enter tasklist /svc. this will show you the programs that are being started by svchost among other things.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 28th, 2005, 03:56 AM
#6
money if you walk up to the other hosts on your LAN then do an IPCONFIG from the command line, the IP addresses will match up to those in your fw log
That's for sure coz everyone's got static ip addresses  . But it's just that sygate shows these packets coming from other computers as severe intrusion attempts. And it isn't one or two... it's quite a large number of ip addresses and all of them are on the same isp. I've downloaded ethereal but i've got to kind of figure out how to use it. Kaspersky's realtime monitoring was bringing my system to a standstill so I've removed that and installed NAV2005. Thanks for the help.
checking your profile i see your running XP. open a command prompt and enter tasklist /svc. this will show you the programs that are being started by svchost among other things.
Thanks. That's been mentioned here as well: http://support.microsoft.com/?kbid=314056
-
June 28th, 2005, 06:20 AM
#7
Member
dude all i know is that i had win 2k and svchost.exe always used more than 25 mb ram...my comp used to be damn slow so i changed it to win me
-
June 28th, 2005, 02:59 PM
#8
dude all i know is that i had win 2k and svchost.exe always used more than 25 mb ram...my comp used to be damn slow so i changed it to win me
That is not really the way to go. With Windows 2000 professional you just turn off processes and services that you don't need and that start by default.
Windows 2000 is actually faster than Win ME. It is just that ME does not load all the services that Windows 2000 does. Win ME is actually quite a resource hog.
-
June 28th, 2005, 04:18 PM
#9
Was about to recommend looking at www.blkviper.com for a list of what services you can disable without consequence (or what the consequence will be if you turn it off); however, it looks like it is no more  I hate to see that, it was a damn good site, most recent that I could find was an archived version of site:
http://web.archive.org/web/200411280...servicecfg.htm
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
