Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7: svchost.exe (netsvcs) at 25% cpu usage. Windows update impossible.


  • Please log in to reply
8 replies to this topic

#1 Sirgo

Sirgo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 May 2016 - 09:25 AM

Hello!

 

It looks like I have an issue with my computer but I’m unable to determine the cause. I have looked at some topics on the forums but found noone with the same issue so I am posting a new topic.

 

My issues seems a bit similar to http://www.bleepingcomputer.com/forums/t/614137/infected-svchost-windows-update-misbehaving/?hl=%2Bwindows+%2Bupdate#entry4001712 but the topic was not resolved and various different services seem to be hogging my CPU, not just windows update.

 

Update

After running for 4 hours and presumably being stuck (showing no signs of working) the Windows Update DISM tool (https://support.microsoft.com/en-us/kb/947821 ) seems to have finally caught up and installed some updates. I will inform about further progress in future updates.

 

Update II

The Microsoft tool seems to have installed all updates on my computer successfully (after running for about 5 hours), but another service (FDResPub) is "abusing" my CPU now. I will post more info later.

 

Introduction

 

I run a Windows 7 on a quadcore computer (which is a relevant information, more about that later). I use Avast! Free antivirus and most of the time my brain to protect my computer to… somewhat varying degree.

 

I would like to mention that I am a software developer so I use a lot of quite powerful tools (cygwin, GIT, various command line extensions, automatic scheduled tasks to simulate cron tasks on our production server and so on) which further complicates the situation as the whole issue might just be a conflict between tools that I have installed or just my own damn fault.

 

I have created a topic about myself in the Introductions forum but the information posted there is the same as the information I post about myself here.

 

Observed symptoms

 

As far as I can tell from my observations it seems that 100% of the time my computer is stuck at 25% CPU usage (quadcore, so one core is always at 100% usage) with svchost process having this mentioned 25% cpu usage. That is how I have noticed the issue - my computer’s fan is running all the time and my CPU usage is always high.

 

At first I thought it was WAMP or Chrome (I tend to have more than 20 tabs open at the same time, I have reached over 100 open tabs at one point) but then I have noticed that this issue is present even when no programs are open. But at first I didnt think it was an issue so this has been going on for quite a while - so if there is any infection, it has had plenty of time to dig deep into my OS.

 

The most interesting part is - judging off the Resources Monitor tool, there is always a DIFFERENT service stuck at 25% cpu. I restart it, some other one goes to 25% CPU usage. Sometimes it is the same one as before, but most of the time it is a different service. It seems almost random which service is the current CPU hog but there is ALWAYS at least one after a brief while.(after I restart the service the CPU usage goes down for like a minute and then another service starts running hight CPU - FDResPub, WSearch, DcomLaunch (not 100% sure if this one ever actually was an issue), some logging service… Wide variety of different services). Always 100% CPU core usage tho and it's the same service for (seemingly) endless time period - until I restart it, then another one takes it's place.

 

And it seems that the “chain” always starts with wuauserv after system restart.

 

Sometimes multiple services use CPU, but that seems like their legitimate usage because they always quickly drop down to 0 again, as should be the case.

 

My attempts to fix the issue so far

 

I have been trying to solve this issue for two days already, starting with Avast! anti virus scan, then backing up my work, moving to my laptop and performing a 23 hour long scan by ComboFix which I had to interrupt in the end so I dont know the results. Then I re-run ComboFix under windows safe mode and only then it completed in about 20 minutes. It removed some suspicious exe files from my hard drive and erased all the copies of GIT on my hard drive for some unknown reason but... it didn't fix the issue. I can post the log here but as far as I have red the instructions on this forum that information should not be posted in this section of forum.

 

A bit of disclaimer:

I am aware that the forums repeatedly state that ComboFix is a “tool for trained professionals only.” With a university degree in software engineering I may feel embarassed that I don’t know how to fix the damned issue myself but I do beleive that I am "a trained professional". I have been using it over a dozen times before to fix other people’s malware infected computers with generally good results so I’d say that I do know the basics of using it.
 

Moving on:

I have also run Malwarebytes. Found three suspicious files, but no success - the issue prevails.

 

Since the CPU hogging service is a wuauserv.exe most of the time, I have figured out that this might be the issue with Windows Update.

 

So I have tried to run Windows update and… the update process gets stuck at “downloaded 0% , downloading at 0 kbps”. So I cant run Windows Update on my computer…

 

So I have red through https://support.microsoft.com/en-us/kb/947821 and https://support.microsoft.com/en-us/kb/2509997 and tried to run several fixes that those articles mention and… well, guess what, they get stuck infinitely at “Looking for updates on this computer” (I dont know the exact thranslation as I run a Czech version of Windows 7) with the aforementioned wuauserv stuck at 25% CPU usage.

 

I have also tried running “Fix windows startup issues” from the boot menu and… “No issues found”.

 

Run sfc /scannow - “No integrity violations found”.

 

At this point I don't know what to do anymore... Right now it's the FDResPub service taking 25% CPU.

 

Possible causes

I don't know for sure what the issue might be caused by or when it started exactly. I think that there was an automatic windows update a few days ago that was successful but I am not certain as I have learned to ignore such pesky messages. I think the system did successfuly update in the last month or so. But I did change from "Install important updates automatically" to "Ask me to manually install windows updates" recently after the computer restarted itself in the middle of an online game with my friends... 

 

From the 21 important updates that there are in the Windows Update right now, the earliest uninstalled update is from the 12th of april so that's probably some time after the last successful update.

 

I have also noticed that WIndows Update mentions for all the updates that "This update has been downloaded and is ready to install". That might be the issue if the system's update mechanism is somehow corrupted and repeatedly tries to prepare the updates for install but gets stuck in the process.

 

I do NOT receive any "updates are ready to install" popup windows in the bottom right corner of the screen (and did not receive those for quite a while now that I think about it) , so that also points towards an issue with the Windows Update.

 

As I have mentioned above - I have recently started using TasksScheduler in Windows to simulate Cron tasks (they run some Laravel scheduling tasks), but those Windows tasks are currently disabled.

 

I also use Ditto, Skype, Razer Synapse, Microsoft One Drive, AutorunEater, Overwolf overlay, Dropbox and other software that might interfere with the system to a certain degree. 

 

I also began using Cmder console emulator recently. 

 

And as a last mention of something that I'm not very proud of: I do sometimes work with potentially dangerous files downloaded from various sources as my friends tend to ask me to... extend trial periods on certain software from time to time. I try to stay away from this as I know that it is quite dangerous (though legal if I do not use the software myself) but I am the kind of guy who hates to say "no" to people when asked for a favor. This is one of the main reasons why I'm considering separating my work OS from my personal OS (as I have recently started working on a project that does work with more sensitive data than before) but I do mention this as that might have been a source of infection, even though I do scan all files I download. 

 

Summary

 

The point is - it seems that my computer is corrupted, possibly infected but I can’t seem to find the issue neither do I seem to be able to repair it.

 

What are my options here? After seeing that I am unable to fix the issue I am considering reinstalling the system, possibly to Windows 10.

 

Any other ideas? Can this be fixed? If not, do you think that this has been caused by some malware/virus/etc. and that I should be careful when moving my old files to newly installed system?

 

And to further prevent simillar issues, would you recommend any tools that I should use to prevent such attacks?

 

As briefly mentioned before: recently I have started working on a security-sensitive web system and even though sensitive data will never be stored on my computer, I would like to prevent any potential attackers from getting for example FTP login data for my FileZilla, Git login credentials and other sensitive stuff. This is the main reason why I post this topic here - I want my work to be safe.

 

I am considering using separated computers / windows installations for personal use and for work. We do have external security consultants in our company but I would like to know as much as I can on my own. And I would like to try to fix the issue and learn from fixing it instead of just giving up.

 

With best regards

John


Edited by Sirgo, 17 May 2016 - 10:41 AM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 17 May 2016 - 09:42 AM

Windows 7 updates truly suck nowdays. 25% usage means you have a quad core processor. Dual cores use 50%.

 

Download and install  KB3153199 then do a manual update. Reboot the computer and immediately install the update. Do a manual update and wait about 15 minutes.

 

https://www.microsoft.com/en-us/download/details.aspx?id=52232

 

Edit: If the above does not get you updates install the following KB. This resolved my April update problem. The above KB3153199 resolved the May update issue. It seems this will be a monthly issue with Windows 7.

 

https://www.microsoft.com/en-us/download/details.aspx?id=51853


Edited by JohnC_21, 17 May 2016 - 09:57 AM.


#3 Sirgo

Sirgo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 May 2016 - 10:40 AM

Hello JohnC_21.

 

Yeah, I know about the usages, I was mentioning them to emphasise the fact that one core keeps on running at 100% CPU Clock. I have successfuly installed all windows updates but the problem seems to persist (FDResPub runs at 25% CPU instead of Windows Update). I will restart my computer now and see if anything has changed.



#4 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 17 May 2016 - 11:21 AM

I would do the following scans if you still have the issue.

 

TDSS killer and 

Hitman Pro

Adwcleaner



#5 Sirgo

Sirgo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 May 2016 - 12:01 PM

Thank you. Still downloading some more updates but things seem to work better now.

 

I will have a look at the tools you have recommended and see if any of them finds anything. 

If I manage to successfully fix my computer I will try to summarize my experience in a sort of guide reply for people who might encounter similar issues. I will let you know later.



#6 Sirgo

Sirgo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 18 May 2016 - 02:57 PM

Ok, I seem to have solved my issue

 

I am currently at 0% CPU usage (quite a pleasant change to see the task manager CPU bar "empty" in the bottom right corner of the screen).

 

To anyone who would face simillar issues:

Be patient, this stuff takes a while to get rid of.

Try full system scans of your computer with various software (e.g. Malwarebytes, ComboFix might be too brutal and cause unnecessary issues)

Try the recommended Microsoft fixes mentioned above ( https://support.microsoft.com/en-us/kb/947821 helped me a LOT, probably fixed the issue. https://support.microsoft.com/en-us/kb/2509997 didnt help at all).

- I had to let this software run for multiple hours, so be patient. It might look stuck but it is working and doint it's job. (That was quite a surprise to me, to be entirely honest)

I dont know about the security fixes that John_C mentioned but try them out if they don't get installed automatically as they did in my case when I used the Microsoft DISM (Thanks for them John)

 

And last but not least - Consider a paid anti-virus software, I have gotten Eset Endpoint Security from my employer and it seems a lot more solid (found some issues and cleaned up the rest of the mess that was left after ComboFix and other scans). Not sure if it's worth the price for pesonal use as I don't really have to care about that.

 

Good luck everybody and goodbye



#7 JohnC_21

JohnC_21

  • Members
  • 24,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 18 May 2016 - 04:12 PM

Sirgo, thanks for posting your solution and update to the problem. It is sure to help other people with similar problems.



#8 katerina7

katerina7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 04 January 2017 - 11:52 PM

I'm now getting this issue, the svchost.exe is hogging my CPU resource, not much but always stay at 30% after starting the computer. I've tried many methods that you guy suggested in this topic but no hope at all.

 

What I suppose to do?



#9 katerina7

katerina7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 06 January 2017 - 09:17 AM

After reading a few results on Google:

 

https://www.cnet.com/forums/discussions/svchost-exe-netsvcs-is-hogging-my-cpu-usage/

 

https://www.youtube.com/watch?v=DcgdIdkuZVs

 

https://usefulpcguide.com/18385/svchost-exe-netsvcs-high-cpu/

 

it seems my computer was affected by some new updates. I've uninstalled those updates and the issue is gone, for now. I don't know whether it will come again or not.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users