Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe, Is this infected, uses 100% CPU


  • Please log in to reply
27 replies to this topic

#1 scriba_golfer

scriba_golfer

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 22 December 2013 - 08:17 PM

I really need some help. I have run several scanning softwares and thought I cleaned up my PC but when it reboots this file reappears and comsumes 100% of the CPU. I can't do anything until I select end task on it. This is very annoying. May be a simple fix to some of you but apparently not me. Thanks.



BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:19 PM

Posted 22 December 2013 - 09:26 PM

Take a look here for a method to narrow down your svc.host issue and find what exactly is causing the hich CPU issue.

 

How to determine what services are running under a SVCHOST.EXE process


The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#3 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 23 December 2013 - 05:54 PM

Take a look here for a method to narrow down your svc.host issue and find what exactly is causing the hich CPU issue.

 

How to determine what services are running under a SVCHOST.EXE process

I have several svchost.exe’s. One of them ends up consuming 100% of the CPU. Not sure what to do next? I recognize some of these are from programs which I don’t use anymore. I also looked at the thread tab and had seen that wuaueng.dll+0xa4f42 is just about consuming 100%.

 

Here are some of the things the one that says 100% is running:

Command Line:

C:\WINDOWS\System 32\svchost.exe –k netsvcs

Path:

C\WINDOWS\SYSTEM32\svchost.exe [netsvcs]

Services:

Automatic Updates [wuauserv]

Background Intelligent Transfer Service [BITS]

Cryptographic Services

COM+Event System

Computer Browser

DHCP Client

Distributed Link Tracking Client

Error Reporting Services

Fast User Switching Compatibility

Help and Support

HID Input Services

Network Connections

Network Location Awareness

Remote Access Connection Manager

System Restore Service

Server

Secondary Logon

System Event Notification

Security Center

Shell Hardware Detection

Task Scheduler

Themes

Telephony

Windows Time

Windows Management Instrumentation

Worksation

Windows Firewall/Internet Connection Sharing

Windows Audio

Wireless Zero Configuration



#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:19 PM

Posted 23 December 2013 - 11:32 PM

Appears to be an issue with with windows auto update. Disable auto update and see if that resolves your issue.

See here: http://forums.computeractive.co.uk/showpost.php?s=ba3aa39a7b9b92c0044ceac57643654d&p=1414138&postcount=5

and the reply right after: http://forums.computeractive.co.uk/showpost.php?s=ba3aa39a7b9b92c0044ceac57643654d&p=1414153&postcount=6

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#5 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 December 2013 - 11:10 AM

Appears to be an issue with with windows auto update. Disable auto update and see if that resolves your issue.

See here: http://forums.computeractive.co.uk/showpost.php?s=ba3aa39a7b9b92c0044ceac57643654d&p=1414138&postcount=5

and the reply right after: http://forums.computeractive.co.uk/showpost.php?s=ba3aa39a7b9b92c0044ceac57643654d&p=1414153&postcount=6

Well, I'm not sure. I did disable the automatic updates. seemed to help some. However I attempted to do manual updates. It launches and IE window (I have been using Firefox) and when I click on Express Updates it initially had a file called wuauclt.exe consuming 100% for a short time and then svchost.exe ran at 100% while it attempts to download the updates. This download takes forever to the point where it doesn't really get completed. In the meantime I can't really do anything else on the computer. I have noticed that if I 'End Task' on that file the download stops. I use Windows XP, Version 2002 Service Pack 3. It has been a good computer.

 

I did look at those links and it does seem to match what I had. The downside, the 2nd one seems to suggest there is no fix. So am I up the creek without a paddle? Essentially, is there anything else which could be done? 



#6 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 December 2013 - 11:17 AM

Would something like this work at all?

http://www.technibble.com/how-to-fix-svchost-using-100-cpu-memory-leak/

 

I will hold on attempting it until I hear back from you. Before contacting bleeping computer I did run Malwarebytes software and it cleaned up 80 files. I ran something called eset online scanner which took 10 hours to run and that cleaned up 4 threats. When I got done with those I ran Fixit. I believe there is a solution. I just don't know what.



#7 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 December 2013 - 12:16 PM

After having it "checking for latest updates" for 2 hours trying to get updates without downloading any (that I know of) I terminated it. As soon as I did, svchost.exe went back to zero.



#8 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:19 PM

Posted 24 December 2013 - 12:27 PM

Let me contact some of the more malware qualified staff and get their input. Being this close to Christmas it may take a few days.

If anyone else reading this has input please don't hesitate to offer suggestions.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#9 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 December 2013 - 01:40 PM

Let me contact some of the more malware qualified staff and get their input. Being this close to Christmas it may take a few days.

If anyone else reading this has input please don't hesitate to offer suggestions.

Thank you. I can be patient. I will be away from the computer I have a problem with after Christmas until Dec 30th. Have a Merry Christmas!!



#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:19 PM

Posted 24 December 2013 - 02:25 PM

Thank You for your patience. Happy Safe Holidays.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 26 December 2013 - 02:51 PM

Hello, let's try running these next.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.
  • [/list]
    >>>>
    TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:19 PM

Posted 27 December 2013 - 06:41 PM

Since this appears to be an MS Update issue according to the svchost info also take a look here: http://www.bleepingcomputer.com/forums/t/518764/svchost-fix/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#13 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 December 2013 - 08:15 AM

Thanks! I just returned from vacation. I will work on this today some and let you know what's up. I may just run the fix listed in Animal's response to see if that worked. Then if it doesn't, go back and run the items in Boopme's. Mostly because of ESET ran for 10 hours before.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 31 December 2013 - 11:19 AM

That's a good plan
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 scriba_golfer

scriba_golfer
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 31 December 2013 - 01:25 PM

So far no success. I did the download from MS with IE7 but didn't work. I thought it did but when I went to download the latest updates it froze once again while it was searching for updates.

 

Ran RKill - no issues found

Ran TDSkiller - no issues found

Ran AdwareCleaner - will post report.

Ran Junk Removal Tool (I think). It did run and said it was saving 7 files but it did not log a report and I searched my drive and did not find one.

Will ESET once I post the Adware Cleaner report.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users