BleepingComputer.com: svchost.exe using way too much ram

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
←
1
2
3
4
→

You cannot start a new topic
This topic is locked

svchost.exe using way too much ram

#31 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 27 January 2012 - 09:29 PM

Now let's replace the infected driver with a clean copy

Boot the computer with the xPUD CD again.
Click on File
Expand mnt
Now browse to the following file:

/sda1/WINDOWS\SoftwareDistribution\Download\7662ce4d10dbc4afae84f95151b83183\SP3GDR\mrxsmb.sys <-- right click on this file and select Copy.
Now browse to the following file:

/sda1/WINDOWS\system32\drivers\mrxsmb.sys <-- right click on this file, select Rename and rename it to mrxsmb.vir
Once this file is renamed, right click in an empty space in the drivers folder and select paste.

You should now have a new copy of mrxsmb.sys in your drivers folder.

Now try to reboot your computer normally and let me know what happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#32 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 30 January 2012 - 04:38 PM

Sorry, I've been super busy this weekend. I'll be doing this tonight and posting the results. I just saw it'd been three days and didn't want the thread to get closed.

#33 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 30 January 2012 - 07:17 PM

Thanks

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#34 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 31 January 2012 - 06:49 PM

Did it and rebooted, not noticing much different. Was something in particular meant to change?

#35 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 31 January 2012 - 08:49 PM

That should have replaced the infected driver with a clean one.

Please rerun TDSSKiller so I can take a look

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#36 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 31 January 2012 - 10:52 PM

TDSS says no threats found.

#37 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 01 February 2012 - 02:21 PM

Can you post the log please.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#38 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 02 February 2012 - 06:00 AM

Does it create a log if it doesn't find anything? I'll run it again and try to take a closer look to see where it might be putting it.

#39 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 02 February 2012 - 02:53 PM

It does create a log even if it doesn't find anything. I'll await your rerun

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#40 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 03 February 2012 - 03:12 AM

It actually recognized the video card when it booted today, but the screen went black and everything froze after only a minute or two. That's happening most of the time lately. I'm not sure I'll be able to get to the log, but I'll keep trying.

#41 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,127
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 03 February 2012 - 08:39 PM

I'm beginning to wonder if this might be a hardware problem now. Keep me posted

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#42 xavierq

Member

Group: Members
Posts: 26
Joined: 05-January 12

Posted 04 February 2012 - 02:54 AM

I think I'm going to try booting to xPUD and letting it run there. If it has the same behavior in that environment, completely isolated from Windows, hardware has to be the culprit. I don't like that answer, but there's not much disputing it if that's the case.