Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe (netsvcs) takes 50% cpu


  • Please log in to reply
9 replies to this topic

#1 meemoe_uk

meemoe_uk

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 18 October 2016 - 11:01 PM

Change in my PCs behaviour this week.

 

On startup, 'Trusted Installer' autoruns, and then a few seconds later svchost.exe takes 50% of cpu. Some help topics on the net say leave windows to update for a while. I have left windows on overnight a few times, and there is no change and not significant network activity to suggest that that the svchost is part of an update. Windows says it is fully updated. Yet still svchost is taking 50% cpu.

I think its a bitcoin mining trojan

 

AVG and malwarebytes don't detect it.

Can you help? thanks.

 

PC spec  :

 Windows 7.



BC AdBot (Login to Remove)

 


#2 Havachat

Havachat

  • Members
  • 1,050 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:05:16 AM

Posted 18 October 2016 - 11:46 PM

Before an Expert jumps in to assist in Malware Removal within that Forum -

 

What System are you Running ?

And when was your Last Update Completed On ?

 

1/ Speccy Report can be Posted http://www.bleepingcomputer.com/download/speccy/

 

2/ Last Update Installed ? - check in Control Panel / Windows Update / View Update History. 



#3 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 October 2016 - 12:15 AM

I can't post a speccy report because I get an error : post too long.



#4 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 October 2016 - 12:25 AM

windows won't update, something seems to be blocking it : It just hangs at 0kbwuf_zpsrtvmonmq.png
 



#5 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 19 October 2016 - 01:12 AM

I can't post a speccy report because I get an error : post too long.

 

Hello... could you attached it instead?



#6 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 October 2016 - 02:01 AM

>could you attached it instead?

 

I don't know how



#7 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 19 October 2016 - 02:15 AM

Hello...

 

Please refer to step 7: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/



#8 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 19 October 2016 - 03:39 AM

the reply window I get is not the same as the one depicted in step 7. There is no attach button or equivalent. On the left is what I get.

 

no_af_zpsadxuxatx.png



#9 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 20 October 2016 - 11:03 PM

hi, still stuck with svchost(netsvcs) eating 50% of my CPU

I've now got info reports

 

Farbar Recovery Scan Tool x64 report : https://www.dropbox.com/s/ogjc33rukx1h8yt/FRST.txt?dl=0

Farbar Recovery Scan Tool x64 additional : https://www.dropbox.com/s/tdsr9obxnxvptzr/Addition.txt?dl=0

Speccy report : https://www.dropbox.com/s/202bjxmrs5kq9b7/PRIVATE-PC.txt?dl=0



#10 meemoe_uk

meemoe_uk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 21 October 2016 - 05:49 AM

hi, im convinced its a serious infection now. CPU load is now near 100% while idle.

There's a program called TrustedInstaller that seems to be active and constantly installing new malware etc.

 

Since no-one so far is taking up this case, excuse me if I try a few things myself. I don't how long I've got before my ID is going to be stolen and my PC completely destroyed, I might not be able to wait another 3 days like the forum guidelines suggest.


Edited by meemoe_uk, 21 October 2016 - 05:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users