Help
Is this a virus or is Norton, (this computer's antivirus program) just a crappy antivirus product?
We have Windows XP 2002.
I have updated iE and also chrome.
I also did the Live Update for Norton today.
Page 1 of 1
CPU runs at 100% sometimes I look at ccSvchst.exe and it's running real high
#1
- Member
-
- Group: Members
- Posts: 16
- Joined: 31-August 10
- Gender:Female
Posted 03 January 2011 - 12:52 PM
Back to top
#2
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,516
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 03 January 2011 - 03:21 PM
ccsvchst.exe is related to Symantec (Norton) products.
If you do a Google Search for ccsvchst.exe high cpu usage, you will find this is a common complaint from Symantec users.
However, determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitmate file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.
Tools to investigate running processes and gather additional information to identify them and resolve problems:
-- These tools will provide information about each process, CPU usage, file description and its path location.
-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.
-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.
If you do a Google Search for ccsvchst.exe high cpu usage, you will find this is a common complaint from Symantec users.
However, determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitmate file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.
Tools to investigate running processes and gather additional information to identify them and resolve problems:
- Process Monitor
- AnVir TaskManager Free
- Process Explorer
- System Explorer
- ProcessHacker - (requires Microsoft .NET Framework 2.0 or above to use)
- Autoruns
- svchostViewer
-- These tools will provide information about each process, CPU usage, file description and its path location.
-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.
-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.
This post has been edited by quietman7: 03 January 2011 - 03:30 PM
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#3
- Senior Member
-
- Group: BC Advisor
- Posts: 594
- Joined: 12-October 10
- Gender:Male
Posted 03 January 2011 - 05:35 PM
Just wondering, I assume your machine is a single-processor, single-core machine?
On a multi-processor and/or multi-core machine, you could set the affinity of the Norton process to a single core, thereby limiting the performance hit you notice.
On a multi-processor and/or multi-core machine, you could set the affinity of the Norton process to a single core, thereby limiting the performance hit you notice.
Share this topic:
Page 1 of 1