Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very active Svchost.exe


  • Please log in to reply
5 replies to this topic

#1 GeorgiaIceCream

GeorgiaIceCream

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 31 January 2012 - 09:50 AM

I have a very active Svchost.exe process. It runs between 17% to 40% active all the time. It is running some 30 services which all fall in the "netsvc" category. I used the "tasklist /svc" command to see what services were running. I have 2 other PCs and they are running the same services but are much less active.

How can I figure out why this process is so busy on one particular PC? I have run Norton Internet Security 2012 and MalwareBytes in Safe Mode looking for malware. The other symptom seems to be a lot of disk activity on the C: drive.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:13 PM

Posted 31 January 2012 - 10:09 AM

FWIW: How to determine what services are running under a SVCHOST.EXE process - http://www.bleepingcomputer.com/tutorials/tutorial129.html

Louis

#3 GeorgiaIceCream

GeorgiaIceCream
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 31 January 2012 - 12:39 PM

Per my original post, I used "tasklist /svc" to see what processes were running. The output is attached. They are all legitimate processes. How do I tell what the most active one are?Attached File  SVChost tasklist.png   5.88KB   7 downloads

#4 Ang101

Ang101

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 February 2012 - 10:18 AM

You can do

Tasklist /FI "PID eq processID"

where process ID is the process id you see there. Will show you mem usage

#5 GeorgiaIceCream

GeorgiaIceCream
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 01 February 2012 - 10:30 AM

The same info is also available from Task Manager. It's storage used by all the services running under that SVChost process. I need more granular information for each service,

#6 GeorgiaIceCream

GeorgiaIceCream
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 03 February 2012 - 09:14 AM

I found the culprit. It was Secunia PSI. When I stop this program, the SVChost CPU utilization is nil. I run this program on two other Windows XP3 PCs with no issues.

Thanks to all who tried to help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users