Why svchost.exe eats all processor time? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 02-24-2005, 06:16 AM   #1 (permalink)
Newb Techie
 
Join Date: Feb 2005
Posts: 25
Question Why svchost.exe eats all processor time?

Since several minutes to i start work, 1 of svchost.exe processes begins to use all processor time and the system hangs!!
__________________

Scorpio(Max) is offline  
Old 02-24-2005, 06:53 AM   #2 (permalink)
Wizard Techie
 
Join Date: Jan 2005
Location: Delaware
Posts: 3,475
Default

You may have a virus that infected the file.
__________________

turtile is offline  
Old 02-24-2005, 07:06 AM   #3 (permalink)
Newb Techie
 
Join Date: Feb 2005
Posts: 25
Default

I know it could happend but i'm not sure!
• I need freeware antivirus
• (Win 2000 Server) as workstation
Scorpio(Max) is offline  
Old 02-24-2005, 07:52 AM   #4 (permalink)
Lord Techie
 
Join Date: Jan 2005
Posts: 8,013
Send a message via AIM to DJ-CHRIS
Default

Get AVG from grisoft, google it.
DJ-CHRIS is offline  
Old 02-24-2005, 09:18 AM   #5 (permalink)
Newb Techie
 
Join Date: Feb 2005
Posts: 25
Default

He he ! My home comp is under Linux. But my WORK...
I'll try to..
Scorpio(Max) is offline  
Old 02-26-2005, 05:05 PM   #6 (permalink)
Newb Techie
 
Join Date: Feb 2005
Posts: 3
Default

what does svchost.exe does bytheway
Arsenal is offline  
Old 02-26-2005, 07:42 PM   #7 (permalink)
True Techie
 
Join Date: Feb 2005
Posts: 122
Default

svchost.exe is almost like a chemical that the computer needs to process applications and system services. In xp it is normal for the svchost to sap up to 15,000k if it is sapping more, and it reads as all caps: SVCHOST.EXE, then you have a virus, a network virus that will infect anything on the lan.
__________________
Quote:
In the eyes of Bill Gates, the open source world seems un-activated...
geffin is offline  
Old 02-26-2005, 08:05 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down.
__________________
Osiris is offline  
Old 02-27-2005, 07:28 AM   #9 (permalink)
Monster Techie
 
Join Date: Nov 2004
Posts: 1,343
Send a message via AIM to southernlady Send a message via Yahoo to southernlady
Default

I just took a look at the amount of usage those were taking.
I only show three in my log but I show 6 in my task manager using:
3,168
3,960
4,208
22,636
4,128
4,872

And my sytem is perfectly healthy.

Here is the quote I was looking for yesterday when I had to go work on a client's computer:
Quote:
svchost.exe [System32\svchost.exe]

%System% is a variable. By default, the legit files are:

C:\Winnt\System32 (Windows NT/2000): C:\Winnt\System32\svchost.exe*
C:\Windows\System32 (Windows XP): C:\Windows\System32\svchost.exe*
C:\Windows\System (Windows 95/98/Me): not normally present*

To know if it is legit - the easy way; simply remember these *

These are vital Windows system files, and should usually never be touched!

The legitimate files are never plural.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

There are many variants across all OS. This list is not comprehensive.
This is the hard way to get it right > working through these and not get lost.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

SVC variants – Trojans, viruses and hijackers.
These variants are often case specific as shown.

These are generally found in the Windows folder and are sometimes in plural form.

c:\windows\svchosts e.g.Troj/Hostidel.B

c:\windows\svchostc.exe e.g. Backdoor.Zinx

c:\WINDOWS\svchost32.exe e.g. Nachi Worm.



However, these variants are found in the \Windows\System folder

c:\Windows\system\svchosts.exe e.g. Sdbot-N / Troj/Sdbot-Z virus!

C:\WINDOWS\SYSTEM\svchost32.exe e.g. BackDoor-AQT

C:\WINDOWS\SYSTEM32\svchosts.exe e.g. IRC-Sdbot trojan

C:\Windows\System32\Wins\svchost.exe Welchia worm, W32.Blaster, LoveSan.D, Nachia

C:\Windows\System32\Svhost.exe. e.g. Backdoor.Socksbot; WORM_AGOBOT.D (W32/Gaobot.gen ); BAT.Boohoo.Worm

C:\Windows\System32\SVCH0ST.EXE [ with an 0, not an O ] WORM_SAGE.A.



SCV variants:– Trojans, viruses and hijackers

c:\windows\scvhost.exe e.g. W32/GAOBOT worm

c:\windows\SCVHOS.EXE



Startup Variants:

O4 -HKLM\..\Run:[svshost] svshost.exe e.g. W32.Spybot.Worm, Worm.P2P.SpyBot.gen

O4 -HKLM\..\Run:[scvhost] scvhost.exe e.g. W32/Randex-S
There is also an SVCHOS startup.


Related Variants

C:\WINNT\SYSTEM32\MSVCHOST.EXE e.g. Downloader-GJ


** All names of malware depend on the identifying company and may have several aliases!

NOTE: just to keep you on your toes: this exception is a legit file:

c:\windows\SCVHOSTS.EXE……….Windows Print Spooler (SCVHOSTS.EXE)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[From what I know; normal size for System32\svchost.exe is 8 to 14k, depending upon file version. Fully patched WinXP SP1 is 13k. (to be confirmed)]




Svchost.exe General Information:

The legit file c:\System32\svchost.exe is a generic host process name for services that are run from dynamic-link libraries. The System32\svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, System32\svchost.exe checks the services portion of the registry to construct a list of services that it needs to load for other windows components.

System32\svchost.exe could be almost anything..... Svchost.exe is what XP uses/calls an item when it needs to perform certain functions but doesn't have a subroutine to do them on its own (it uses the generic Windows file svchost.exe).

There is an intensive internal comms system in XP. There can be multiple instances of System32\svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. It is normal for win processes to use reasonable but not excessive cpu and normal for several concurrent System32\svchost.exe processes to happen.
__________________
<font size=\"1\"><a href=\"http://www.prioritycomputers.net/\" target=\"_blank\">Priority Computers</a> | <a href=\"http://www.majorgeeks.com/download506.html\" target=\"_blank\">AdAware SE</a> | <a href=\"http://www.majorgeeks.com/download2471.html\" target=\"_blank\">SpyBot-Search & Destroy</a> | <a href=\"http://www.majorgeeks.com/download2859.html\" target=\"_blank\">SpywareBlaster</a> | <a href=\"http://www.majorgeeks.com/download3045.html\" target=\"_blank\">SpywareGuard</a> | <a href=\"http://www.majorgeeks.com/download3155.html\" target=\"_blank\">HijackThis</a> | <font color=\"red\"> <a href=\"http://www.stealingisillegal.com/\" target=\"_blank\">Stealing is illegal</font></a> <form action=\"http://www.theriddlehouse.com/random/tfsearch.php\" method=\"get\"><br />
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search Tech-Forums!\"></form><font size=\"1\"><i>Powered by Emily!</i></font><br />
<br />
southernlady is offline  
Old 02-27-2005, 01:38 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

How many startup items do you have? If you have a lot, go to start, run, type msconfig, go to startup, disable all except antivirus and firewall if you have one. See if this makes any difference.
__________________

__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:16 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.