Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe Virus?


  • Please log in to reply
13 replies to this topic

#1 Sid S

Sid S

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 30 April 2007 - 03:31 PM

I am having some serious issues with my laptop. It has become extremely slow and unresponsive. I have run several spyware cleaners to try to fix the problem which seemed to work at first, but a day later and I'm back at the same point again. When this occurs I open up the task manager to see what is sopping up all the system resources and it shows svchost.exe using 99% of the CPU (which is running at max speed) and also the vast majority of my memory. Can anyone tell me if they either know of a really good anti-virus/spyware/trojan horse program or any other way of fixing this w/o having to wipe the hard drive.

Just to let you know the programs I have tried are Zone Alarm Pro, SpyCatcher, Ad-Aware, Spyware Blaster, and Windows Defender, and none have fixed the problem.

Any help will be greatly appreciated!!!

Thanks,

Sid

Edited by Sid S, 30 April 2007 - 03:33 PM.


BC AdBot (Login to Remove)

 


m

#2 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:07:44 PM

Posted 30 April 2007 - 03:35 PM

To my knowledge, Svchost.exe is safe. Its just a part of windows XP.... but your CPU usage should not be that high....

-- Jesse
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007

#3 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:44 PM

Posted 30 April 2007 - 07:50 PM

There is a problem that was identified by Microsoft.

The Svchost.exe process may spike the CPU usage to 100 percent during update detection or update installation. Also, the Svchost.exe process causes the computer to stop responding for various lengths of time.


If that fits your issue, you may wish to try this hotfix from Microsoft. MS Help and Support

I had the same problem and noticed that wuauclt was also running - Microsoft's autoupdate.

A little background on svchost:

Credit to Computer Haven Copyright © 2004-2006

“Svchost.exe” is the file name for the generic Windows process called Service Host which resides in \Windows\System32\. Since it acts as a host, it can collect multiple services together and run them in a common environment. This results in a more efficient arrangement since it reduces boot time and system overhead by eliminating the need to run dozens of separate services, each in their own memory spaces. Different groups of Windows services have different requirements in terms of system access and security, which is why separate instances of svchost.exe are needed.


BC has a tutorial on determining what services are running here: How to determine what services are running under a SVCHOST.EXE process

I hope this helps...

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#4 Dr Faustus

Dr Faustus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 30 April 2007 - 10:15 PM

I dont wana soud stupid or nothing but could it be your antivirus ???

I had the latest avg installed and it was eating my computer process like a fat chick eats cake (100%)

#5 Sid S

Sid S
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 30 April 2007 - 11:14 PM

It might be the ms updater. I have also been having problems with the windows update. Actually come to think about it I haven't been able to update for a while now. I'll try to go to MS site and see if I can't download all updates needed. By the way I don't think it is the spyware/antivirus software I've installed because I have tried removing all of them and installing different ones just to see it would help, unfortunately it didn't.

Thanks for all the advice! I'll keep you posted,

Sid

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 30 April 2007 - 11:33 PM

Try downloading,isntalling and updating

http://www.superantispyware.com/

Then try to scan PC in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Sid S

Sid S
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 01 May 2007 - 06:21 PM

Problem is still persisting and I am completely unable to install any windows updates. If there are anymore new ideas out there I'm willing to give them a try.

Thanks,

Sid

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 01 May 2007 - 09:46 PM

Have you tried this yet

This issue can be due to corrupted/incorrect version of IUCTL.dll file.
http://support.microsoft.com/kb/555461

Open C:\WUTEMP folder and delete the contents of the folder (If any files exist).
Go to "WindowsUpdate" folder in "Program Files" folder, and delete all the contents except the "V4" folder.

NOTE: "WindowsUpdate" is a hidden folder.

Highlight the "V4" folder, then click Edit from the menu bar at top of the window and choose Invert Selection. If you cannot locate the "V4" folder, please skip this step, and then continue to delete the rest of the files by choosing Select All instead of Invert Selection.

If you see the V4 folder, open it and delete all the contents of it except the "iuhist.xml" file.

Also, delete all the contents of the C:\WUTemp folder.

Once after deleting all the files, you need to unregister the old control. Follow the below mentioned steps:

Click Start, Run.
Type: "regsvr32 /u C:\WINNT\System32\IUCTL.dll" (Without Quotes. You should get an unregistered successfully message.)

Find the old site controls and delete the same. Ensure that you don't have "IUCTL.DLL" and "IUEngine.dll" files located in the system.
Restart Windows and try accessing Windows update..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Sid S

Sid S
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 02 May 2007 - 09:27 PM

Ok I think I figured out the problem. For some reason my computer was having issues updating MSOffice. Each time the computer would try to perform an update it would freak out and consume all the system resources. I wasn't sure the best way to fix this so what I did was to completely uninstall MSOffice from my laptop. This seemed to clean up the problem for the most part but I downloaded and installed "WinCleaner OneClick CleanUp" to clean up the registry, which I did and everything seems to be working fine now. One curious thing did happen the last time I opened WinCleaner, both Avast! and I believe SpyCatcher both alerted me to a Trojan trying to install. They both directed me to the setup program for WinCleaner which I directed SpyCatcher to delete. Strange thing is WinCleaner opened fine and works without any problems? I'm not sure what to make of it. I must say I'm impressed however from how well the free security programs listed on download.com's webpage work. They are listed with links under "The best free security & spyware software" article written by Peter Butler.

Here's a link for anyone interested:

http://www.download.com/Best-free-security...83.html?tag=dir

Thanks everyone for all the advice. It's good to know there's help out there when you need it.

Sid

#10 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:44 PM

Posted 03 May 2007 - 11:59 AM

Our list is a bit more comprehensive: :thumbsup:
Freeware Replacements For Common Commercial Apps
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#11 thrillhouse

thrillhouse

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:08:44 PM

Posted 06 May 2007 - 08:49 PM

Same thing happened to me several years ago. http://www.we-todd-did-racing.com/wetoddim...kZmQzMXk1NDE%3D
(I don't run kazaa lite anymore, it was a long time ago).

Anyway, all I did was turn off the dnscache service and it was fine. Good luck

#12 Sid S

Sid S
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 10 May 2007 - 09:46 AM

I have been working w/somone from microsoft to resolve this issue and it seems like this is a common problem when uninstalling OneCare. It seems that it sometimes corrupts the update folder when it uninstalls. The best way to avoid this is to install their uninstaller specifically designed to uninstall it which can be found at this link:

http://forums.microsoft.com/WindowsOneCare...10&SiteID=2

If that doesn't work you'll need to rename your update folder which should solve the problem. Here are the instructions as emailed to me:


Step 1: Safe Mode

==============

Safe Mode loads the system with the minimum amount of programs and devices.



1. Restart the computer.

2. Keep pressing the F8 key until the Windows Startup menu appears.

3. Choose Safe Mode, and press Enter.

4. Run the computer in Safe Mode.

Note: In Safe Mode, your system display and Desktop will look and perform differently than in Normal Mode. This is only temporary. To return to Normal Mode, we can simply restart the computer.

Note: If after keeping pressing F8, nothing happens. It is because the settings have been changed by the computer manufacturer. Please refer to the user manual or contact the computer manufacturer for the information how to enter Safe Mode.

Step 2: Rename the SoftwareDistribution folder

=====================================

This problem may occur if the Windows Update, Software distribution folder has been corrupted. We can refer to the following steps to rename this folder. Please note that the folder will be re-created the next time we visit the Windows Update site.

1. Click Start, click Run, and type "cmd" (without the quotes) and press Enter. Please run the following command in the opened window to stop the Automatic Updates service.

Type in "net stop WuAuServ" (without the quotes) and press Enter.

Note: Please look at the cmd window and make sure it says that it was successfully stopped before we try to rename the folder. However, if it failed, please let me know before performing any further steps and include any error messages you may have received when it failed.

2. Click Start, click Run, and type in "%windir%" (without the quotes) and press Enter.

3. In the opened folder, look for the folder named "SoftwareDistribution".

4. Right-click on the folder, select Rename and type "SDold" (without the quotes) to rename this folder.

5. Click Start, click Run, and type "cmd" (without the quotes) and press Enter.

Type the command "net start WuAuServ" (without the quotes) in the opened window to restart the Automatic Updates service.

Note: Please look at the cmd window and make sure it says that it was successfully started. However, if it failed, please let me know before performing any further steps and include any error messages you may have received when it failed.

Step 3: Rename CatRoot2 folder

=================

1. Close all the open windows.

2. Click Start, click Run, type: %windir% and press Enter.

3. Locate and open the System32 folder.

4. Find the CatRoot2 folder, right-click on it, and select RENAME. Change the name to CR2OLD. Make sure you press Enter after typing in the new name, so the changes are executed.

After that, please boot in Normal Mode to check whether our issue persists.

I hope this helps anyone experiencing a similar problem.

Good Luck!

Sid

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:44 PM

Posted 10 May 2007 - 10:01 AM

Not an uncommon problem as rigel already noted in post #3.

Although Microsoft offers a hotfix, re-registering Windows Update components, renaming the "SoftwareDistribution" folder and using "net start WuAuServ" seems to be a better solution.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:07:44 PM

Posted 15 May 2007 - 11:42 AM

To the original poster:

Did you get the issue fixed?
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users