Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? SVCHOST, Windows Update misbehaving


  • Please log in to reply
10 replies to this topic

#1 kvon

kvon

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 15 May 2016 - 06:20 PM

Hello,

 

Unable to determine if this is an infection or not.  2 separate symptoms, but started at about the same time.  1st, the SVCHOST service is taking an inordinate amount of CPU time - 25%, pretty steady, and the computer is running hot.  I've used ProcessExplorer to try to see what's running in that instance of Svchost, but it seems to vary.  Inconclusive. I can shut down that instance of Svchost from TaskManager, but it starts right back up in a minute or 2.

 

2nd - Windows update won't run.  Initially it was hanging on 0%.  I tried some "remedies" I found online, including deleting the downloads folder, but that seems to have made it worse.  

 

These are the 2 main things, plus lots of other minor disturbances in the force.  (Icons missing, MBAM mysteriously uninstalled, etc).

 

Ran malware scans with ZoneAlarm, and Malwarebytes - nuthin.

 

Any help appreciated!

 

 

Windows 7 Home Premium 64 bit SP1

ZoneAlarm Security Suite 14.1

 



BC AdBot (Login to Remove)

 


#2 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:05:59 AM

Posted 16 May 2016 - 09:44 AM

- Open Task Manager (Services) and stop (NOT disable) the "Wuauserv" Service (for Windows Update). If the high CPU drops then that's the cause.



#3 kvon

kvon
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 17 May 2016 - 04:48 AM

That worked - thanks very much!

 

So my windows update is hosed - back to the same question, malware or something else?

 

Thx,



#4 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:05:59 AM

Posted 17 May 2016 - 02:15 PM

- Malware ? WU hosed ? I don't know (yet).

- Disable Windows Update (WU) for now. Then enable it once every day and let it run for say 2 hours and disable it again. If the same problems re-surface with WU disabled then perhaps you've attrackted malware. Once you've received all your updates then we can think about malware. Other people here on the forums had similar problems.



#5 kvon

kvon
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 18 May 2016 - 05:12 AM

New info.  (Queue the Twilight Zone theme).

 

I now have 2 computers that are doing EXACTLY the same thing.  Both are Win 7 64 bit.  Just discovered it on #2 - suspected the security software (ZoneAlarm Security Suite on both), so I disabled that & stopped all its services, tried to run WU - Fail.  Hangs at "0%".

 

Regarding the WU service - When I stop the service as you described above, the CPU overload stops immediately.  Some time several minutes later the WU service restarts itself!  In the meantime, with WU running normally I am unable to download or apply any updates on either machine.  And both have a pretty long queue of updates that have been identified as needed.

 

I had the same thought about get the updates done first then check for malware - but can't get there.

 

Thanks for your help!



#6 eLPuSHeR

eLPuSHeR

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 18 May 2016 - 09:36 AM

Just a shot in the dark...

 

Try booting into safe mode and delete the Windows\Softwaredistribution folder. Do a chkdsk /f too on that drive.

 

Flush the Windows\Prefetch folder too (for testing purposes).

 

Reboot.


Edited by eLPuSHeR, 18 May 2016 - 09:37 AM.


#7 kvon

kvon
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 19 May 2016 - 05:36 AM

I did this - cleaned out the software distribution folder.  Incremental change - now when WU runs, the SVCHOST service isn't running the CPU at 25%, however WU still fails.  Now, it hangs with the message "checking for updates", but it's not doing anything.

Update - it actually is back to the 25% now, just took a few minutes to spool up...


Edited by kvon, 19 May 2016 - 05:45 AM.


#8 gauchotche

gauchotche

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 19 May 2016 - 12:39 PM

Starting sometime ago I also have the same problem of 25% CPU usage linked to windows update. This thing simple makes you go crazy.... it's SO annoying. Now my computer started displaying some sort of malware popup in every window I open or refresh, showing stupid advertise, where I have to click the X, then it opens another window (which I think Adblock plus closes). Looking at firefox inspect tool I've found that this crap is RUSSIAN related... I've done a test with iexplorer and there I've the popup windows also... so it's a system infection. I've run malware antimalware, I've always been with avast always on, i've run kasperspy, i've run ADW cleaner, and nothing find the damn virus or malware... I don't know what to do!!!



#9 kvon

kvon
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 21 May 2016 - 06:01 AM

I have concluded this is not a malware issue, but some sort of problem or conflict with WU -- based on the following:

 

I have a 3rd computer - a tired, old ThinkPad laptop - also running windows 7 64 bit.  Fired it up last night for the first time in months.  I ran WU - it found 37 updates and installed them just fine.  THEN - I ran WU again, and voila, it's doing exactly what the other 2 machines are doing.  Only difference - the laptop is a Core 2 Duo, and with only 2 cores the svchost is running the CPU @ 50%, rather than 25% as on the others.

 

I will repost this over on the Windows 7 forum...

 

Thanks everyone.



#10 gauchotche

gauchotche

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 21 May 2016 - 06:26 AM

you must install an update and it solves the problem.

 

Windows6.1-KB3153199-x64.msu



#11 kvon

kvon
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Location:Ohio, USA
  • Local time:12:59 AM

Posted 22 May 2016 - 11:58 AM

Gauchotche - looks like that did it - thanks a bunch!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users