Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe


  • Please log in to reply
10 replies to this topic

#1 ap1212

ap1212

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 30 April 2005 - 08:18 PM

What is the svchost.exe and how do I disable it? I have XP home edition with SP2. It is causing my CPU to be upwards of 97% What is the ideal?

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:11 PM

Posted 30 April 2005 - 08:41 PM

Hi ap1212,

From ProcessLibrary.com

Process File: svchost.exe
  Process Name: Microsoft Service Host Process

  Description: svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/...n/ms04-011.mspx This is a registered security risk and should be removed immediately. Please see additional details regarding this process


As I type this, I have 4 instances of this process running on my computer. They handle communications and other things. What we need to find out is what process is causing trouble.

Two Questions: Did you load anything recently? Has anything changed? - deletions, reconfigurations?

I would recommend running an online virus scan. You can find links to those at the bottom of my post (Pandasoft - eTrust).
Next, Download and run BOTH Spybot Serach and Destroy and Lavasoft's Ad-aware SE. (Links at bottom also) What this will do is check for viruses and adware/spyware/malware.

Check the preformance of your computer after running these programs and let us know of changes.

If this doesn't clear the problem, we may look to a HighjackThis log to see if we can find out what is lurking.

Good Luck,

Rigel

Edited by rigelslight, 30 April 2005 - 08:43 PM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 ap1212

ap1212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 30 April 2005 - 10:33 PM

Hi Rigel,

I have run Spy bot Ad Aware, McAfee AV all in safe mode and nothing has come up. I have posted a hijack this log already and it apparently looked ok according to the reply I received. I do have that lssa.exe thing on my computer because I can see it with sysinternal which also lists like 10 svchost.exe. I have made it so all my files are not longer hidden. I have NO IDEA what to do at this point!!

What should I do now? My computer freezes a lot too, or it shuts off cuz it gets really hot.

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:11 AM

Posted 30 April 2005 - 11:25 PM

Overheating may be caused by blocked air passages or fans not working properly; this should be fixed immediately.

You may have too many applications running on startup; review these and eliminate those you really do not need (you can check these against the BC startup database).
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 ap1212

ap1212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 01 May 2005 - 02:33 AM

Hey John,

After following your advice, I found this

msmgs "C:\Program FIles\Messenger\msmgs.exe"/backgroud


Which I took to mean:

Messenger Service  msmsgs.exe  X Added by the W32/Sdbot-ZB. When started this infection connects to an IRC server where it waits for remote commands. 



Am I right? I have run spy bot, ad aware, and Mcafee and they haven't reported this. Oh, and I disabled msm use about a year ago. What should I do?

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:12:11 PM

Posted 01 May 2005 - 04:45 PM

Hi ap1212,

From ProcessLibrary.com

Process File:  msmgs.exe
  Process Name:  W32.Alcarys.B/G@mm Worm

  Description:  msmgs.exe is a process which is registered as the W32.Alcarys.B, W32.Alcarys.G worm. These viruses are distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Also registered as the W32.HLLW.Spirit, a trojan which spreads on peer-to-peer networks and intermittantly accesses your CD-Rom drives when executed. Please see additional details regarding these processes


Now the question to you... is it msmgs.exe or msmsgs.exe? - Both are files, one good one bad. I still recommend the online virus scan.

John is also 100% right. If you have a heat problem, that needs to be fixed asap. Damage may occur to a system that isn't cooled properly. review the start up list too.

Good Luck,
Rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 ap1212

ap1212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 01 May 2005 - 06:18 PM

Hi Rigel,

Thanks for your help! I have run the Panda virus scan and it did not detect anything. I still think something odd is going on. Would the over heating changethe resolution of my display?

I have been having a problem with my windows XP home edition for about 2 months. I turned on my computer one day and it said the resolution had been changed and everything on my screen was huge. I couldn't see windows because they were so big and the icons on desktop were much larger than usual. I changed the resolution back to normal and downloaded new display software. I had to do this repeatedly because the resolution would keep changing randomly. I have all up to date forms of ad aware, spy bot, Mcafee, and Ccleaner. No viruses ever come up. Also, the changes that I make are not effective when I reboot in safe mood. Changes have also been made to different settings (internet connections, home pages, accessabilty) that I did not make myself. I have contacted both dell and microsoft and no one seems to be able to tell me what is going on. Today when I tried to get one of my downloads I got error 771. When I tried to look up this information by following a link on microsoft.com, it said it wasn't a valid page. I am very confused and am at my wits end as to what to do.



This is actually the tip of the iceberg.

If you have any ideas as to what is going on, I would greatly appreciate it.

Thanks!

Allison

#8 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:02:11 AM

Posted 01 May 2005 - 09:05 PM

suggestion:
Download the free Everest system diagnostic and click on Computer and Sensor on the left hand window. In the right hand window it will show you the temperature of all the devices with sensors, the fan speeds and the voltages supplied by your PSU. Check for anything unusual or if you are not sure use the Report tool and cut and paste the info back here.

Link for Everest: http://www.lavalys.com/

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#9 ap1212

ap1212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 01 May 2005 - 09:53 PM

Hey Rimmer,

Thanks for your help. This is what the report said

Temperatures: 

FUJITSU MHT2060AT/b  48 C (118 F) 

FUJITSU MHT2060AT/a  18 C (64 F) 



Um...I really have no idea what this means. Good? Bad? I'm assuming that the 118 is a bad thing....

:thumbsup:

#10 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:02:11 AM

Posted 01 May 2005 - 10:06 PM

Were those the only temps?
Some of the sensor readings need to be taken with a grain of salt so its easier to know what's going on if you post all of them and your fan speeds.
What (roughly) is your room temperature now?

In itself 48C on the hard drive (is it a hard drive? Everest will tell you whats in the system) is fine but 30C higher than something else is not!

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#11 ap1212

ap1212
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 01 May 2005 - 10:25 PM

In itself 48C on the hard drive (is it a hard drive? Everest will tell you whats in the system) is fine but 30C higher than something else is not!



You're telling me! It said it is the hard drive. I can feel it when I put my had by it, or if I try to sit with my lap top actually on my lap it gets WAY too hot...even if I make sure there is sufficent air flow to the fan. I actually have to place my lap top on top of a book or something because I cannot leave it on a flat surface. Weird, huh?

What (roughly) is your room temperature now?



I would say that its about 60 degrees in here. I have to make sure its cold otherwise my computer won't work well or for long enough ( I'm attempting to type a 10pg paper in one fell swoop w/o shut downs or freezes)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users