Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: svchost.exe @ 20-40% CPU usage




  1. #1
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    I've got my self something intersting going on here...

    I was doing my weekly check-up on my sister's machine (she can be quite hard on the poor thing) and noticed that one of the svchost.exe is runing a constent 20-40% CPU usage :confused:

    it's running as a 'Local Service' and using about 3-5 MB of memory

    this is new to me, I've never had a svchost do this before. I've run an online AV and it found nothing, and nothing is trying to slip by the firewall...so I'm assuming it's not a virus or tojan

    anyone got any ideas on how I can isolate this and stop whatever is going on from using up so much of the CPU?

    I was going to run another Folding@home client on her machine, but I'm obviously going to put it off till I figure out what this is :confused:
    I've gone too far and need to move on!

  2. #2
    Join Date
    Dec 2002
    Location
    Winnipeg, Canada
    Posts
    848

    Default

    Without anymore info, it's hard to tell. Could be MORB virus or GAYBIRD.B virus. Or System1060 homepage hi-jacker. Found in the Windows\System\1060 directory. Run norton and anti trojan, and see if anything comes up.
    athlon xp-m@2456mhz(12x204)
    tt aquariusII liquid cooled/ arctic silver ceramique
    asus a7n8xe-dlx
    thermaltake xaserIII lanfire
    bfg 6800gt
    seagate sataII 250gb/seagate 7200rpm 160gb ide
    samsung dvdrw
    2x1024 kingston hyper-x pc3200/ windows xp pro sp3
    logitech mx518/ logitech wingman rumble
    2x samsung 955df 19"/ canon i960
    creative x-fi fatal1ty 64mb/ altec lansing 251-5.1
    mushkin 550w

    opteron 146 @ 2850 (10x285)
    DFI infinity nf4 ultra
    thermaltake tsunami dream -black
    seagate sataII 500gb
    evga 8600gt oc ssc edition
    samsung sata dvd-rw
    2x1024 ocz black
    logitech ifeel/ nec accusync 75f
    ocz fatal1ty 550w

  3. #3
    Join Date
    Jun 2003
    Posts
    9

    Default

    run services.msc in start > run and then disable it...i always disable that kinda useless crap. its not needed att all unless your pc is a server
    -=Gh3tt0PC=-

  4. #4
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    maximus7001, if you'll read my post again I have already scaned for viruses and trojan (http://security1.norton.com)

    as for more informantion, after playing with it a little more last night, I found a few more things...

    if I reboot the pc, it runs like it should...occational cpu useage but always going back down to 0%

    something sets it off at somepoint and make it run at a contsent 10% and slowly goes up to more than 50% of the course of serveral hours

    it seems to sit dormant until and application gets it going, I just cant figure out which application

    if I kill it under Task Manager, it stays that way, I can't find anything that will re-launch it on it's own

    after 2 reboots I got a black screen right when the comp should be logging on (but I don't think it is releated as it only happened twice)

    I have also got the following message several time after rebooting:
    I've gone too far and need to move on!

  5. #5
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    Quote Originally Posted by l33tus3r0wn@g3
    run services.msc in start > run and then disable it...i always disable that kinda useless crap. its not needed att all unless your pc is a server
    you need to be a bit more specific on which services you think i need to disable. I'm not going to go randomly turing off services...some of them are rather important ya know
    I've gone too far and need to move on!

  6. #6
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    it doesn't seem to be associated with a n application after all...

    if I boot the comp and let it idle, this little svchost will eventually work its way into an ever-increasing % of CPU usage all on its own :confused:
    I've gone too far and need to move on!

  7. #7
    Join Date
    Dec 2002
    Location
    Winnipeg, Canada
    Posts
    848

    Default

    I would not be so confident about a free online virus scan, even if it is from symantic. I use norton 2002 and anti-trojan 5.5(both legit). The norton is updated weekly+. Norton has caught stuff than no online scan picked up. The anti-trojan has caught stuff that regular av programs don't catch like some trojan horses. I doubt much effort goes into keeping the online ones upto date.
    Its gotta be something......svchost.exe is the name those mentioned viruses use. Found this one: Sdbot-N trojan in a machine a few weeks ago with anti-trojan 5.5. Nothing else found it. It was hiding as a Svchost.exe
    athlon xp-m@2456mhz(12x204)
    tt aquariusII liquid cooled/ arctic silver ceramique
    asus a7n8xe-dlx
    thermaltake xaserIII lanfire
    bfg 6800gt
    seagate sataII 250gb/seagate 7200rpm 160gb ide
    samsung dvdrw
    2x1024 kingston hyper-x pc3200/ windows xp pro sp3
    logitech mx518/ logitech wingman rumble
    2x samsung 955df 19"/ canon i960
    creative x-fi fatal1ty 64mb/ altec lansing 251-5.1
    mushkin 550w

    opteron 146 @ 2850 (10x285)
    DFI infinity nf4 ultra
    thermaltake tsunami dream -black
    seagate sataII 500gb
    evga 8600gt oc ssc edition
    samsung sata dvd-rw
    2x1024 ocz black
    logitech ifeel/ nec accusync 75f
    ocz fatal1ty 550w

  8. #8
    Join Date
    Dec 2002
    Posts
    4,246

    Default

    I'm 99% sure that it's not a virus or a trojan...any got any other ideas?
    I've gone too far and need to move on!

  9. #9
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    check this freeware out
    http://sysinternals.com/ntw2k/freeware/procexp.shtml

    find out where it is starting out from and wat all is it doing. most probably you can disable it from services.msc
    it will also help you rule out a virus or a trojan.

    i would like to mention something here. svchost.exe is a system related process...most of the viruses or trojans hiding as svchost.exe have their spellings changed for example svch0st.exe or svchosts.exe or something like that.

    imo those online virus scans especially from norton are quite reliable.
    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

  10. #10
    Join Date
    Dec 2002
    Location
    caves of bedrock
    Posts
    3,129

    Default

    Latest Microsoft Security Updates.
    Last Updated:
    10th MARCH


    If you are a security freak: Use Microsoft Baseline Security Analyzer (NT/2000/XP/2003)
    ======================
    icq : 203189004
    jabber : asklepios20@jabber.org
    =======================
    Linux user since: April 24, 2003 312478
    yabaa dabaa doo...
    Customized for 1024x768

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •