Svhost.exe using 100% Processor on XP Professional
in [Windows XP]
|
Prev: word Document slow
Next: windows xp Home installation
From: Bob on 15 Jul 2010 13:38 "PA Bear [MS MVP]" wrote: > Nevertheless, there is a very good chance that you are seeing the effects of > a hijackware infection! > > NB: If you had no anti-virus application installed or the subscription had > expired *when the machine first got infected* and/or your subscription has > since expired and/or the machine's not been kept fully-patched at Windows > Update, don't waste your time with any of the below: Format & reinstall > Windows. A Repair Install will NOT help! > > Microsoft PCSafety provides home users (only) with no-charge support in > dealing with malware infections such as viruses, spyware (including unwanted > software), and adware. > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 > > Also available via the Consumer Security Support home page: > https://consumersecuritysupport.microsoft.com/ > > Otherwise... > > 1. See if you can download/run the MSRT manually: > http://www.microsoft.com/security/malwareremove/default.mspx > > NB: Run the FULL scan, not the QUICK scan! You may need to download the > MSRT on a non-infected machine, then transfer MRT.EXE to the infected > machine and rename it to SCAN.EXE before running it. > > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) > in Safe Mode with Networking, if need be: > http://onecare.live.com/site/en-us/center/howsafe.htm > > 2b. Vista or Win7=> Run this scan instead: > http://onecare.live.com/site/en-us/center/whatsnew.htm > > 3. Now post the requested logs in an appropriate forum for assistance by an > expert in such matters. DO NOT SKIP THIS STEP!! > > I can recommend the expert assistance offered in these forums: > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, > http://www.spywarewarrior.com/viewforum.php?f=5, > http://www.dslreports.com/forum/cleanup, > http://www.bluetack.co.uk/forums/index.php, and > http://aumha.net/viewforum.php?f=30 > > If these procedures look too complex - and there is no shame in admitting > this isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. > > Bob wrote: > > I have one desktop that is running XP Professional SP3 on a server 2003 > > Domain, all security patches are up to date, all systems run Symentec > > Endpoint Protection 11.0.5. > > > > This one system starting using 100% processor for svhost.exe when the > > system > > boots up a few days ago, we go to task manager see the svhost.exe that is > > using all of the processor, end that task, and the user is back in > > business. > > > > I saw some information on the net that is may be a virus --- I boot the > > machine up in safe mode, with system restore off, ran a full scan and no > > threats, also ran a full scan while not in safe mode and still all clear. > > There are a lot of ideas on the net as to how to fix this ---- just > > wondering if anyone ran into this problem and if successfully resolved. > > Any > > assistance would be appreciated. > > > > Thanks, > > Bob > > . > Thank you for the replies all ---- I did spell the name wrong, the Process that we end in Task manager is spelled ------ svchost.exe Concerning the Symantec software --- it does have Antivus and Antispyware protection, the corporate subscription is up to date, the definitions are up to date daily, and I apply all MS patches via WSUS. Now this morning --- the user did not have any problems with it robbing their processor. I will download/run the mentioned scans to see if anything found on the system. Bob
From: Jose on 15 Jul 2010 14:11 On Jul 15, 1:38 pm, Bob <B...(a)discussions.microsoft.com> wrote: > "PA Bear [MS MVP]" wrote: > > > > > Nevertheless, there is a very good chance that you are seeing the effects of > > a hijackware infection! > > > NB: If you had no anti-virus application installed or the subscription had > > expired *when the machine first got infected* and/or your subscription has > > since expired and/or the machine's not been kept fully-patched at Windows > > Update, don't waste your time with any of the below: Format & reinstall > > Windows. A Repair Install will NOT help! > > > Microsoft PCSafety provides home users (only) with no-charge support in > > dealing with malware infections such as viruses, spyware (including unwanted > > software), and adware. > >https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 > > > Also available via the Consumer Security Support home page: > >https://consumersecuritysupport.microsoft.com/ > > > Otherwise... > > > 1. See if you can download/run the MSRT manually: > >http://www.microsoft.com/security/malwareremove/default.mspx > > > NB: Run the FULL scan, not the QUICK scan! You may need to download the > > MSRT on a non-infected machine, then transfer MRT.EXE to the infected > > machine and rename it to SCAN.EXE before running it. > > > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) > > in Safe Mode with Networking, if need be: > >http://onecare.live.com/site/en-us/center/howsafe.htm > > > 2b. Vista or Win7=> Run this scan instead: > >http://onecare.live.com/site/en-us/center/whatsnew.htm > > > 3. Now post the requested logs in an appropriate forum for assistance by an > > expert in such matters. DO NOT SKIP THIS STEP!! > > > I can recommend the expert assistance offered in these forums: > >http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, > >http://www.spywarewarrior.com/viewforum.php?f=5, > >http://www.dslreports.com/forum/cleanup, > >http://www.bluetack.co.uk/forums/index.php, and > >http://aumha.net/viewforum.php?f=30 > > > If these procedures look too complex - and there is no shame in admitting > > this isn't your cup of tea - take the machine to a local, reputable and > > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. > > > Bob wrote: > > > I have one desktop that is running XP Professional SP3 on a server 2003 > > > Domain, all security patches are up to date, all systems run Symentec > > > Endpoint Protection 11.0.5. > > > > This one system starting using 100% processor for svhost.exe when the > > > system > > > boots up a few days ago, we go to task manager see the svhost.exe that is > > > using all of the processor, end that task, and the user is back in > > > business. > > > > I saw some information on the net that is may be a virus --- I boot the > > > machine up in safe mode, with system restore off, ran a full scan and no > > > threats, also ran a full scan while not in safe mode and still all clear. > > > There are a lot of ideas on the net as to how to fix this ---- just > > > wondering if anyone ran into this problem and if successfully resolved. > > > Any > > > assistance would be appreciated. > > > > Thanks, > > > Bob > > > . > > Thank you for the replies all ---- > > I did spell the name wrong, the Process that we end in Task manager is > spelled ------ svchost.exe > > Concerning the Symantec software --- it does have Antivus and Antispyware > protection, the corporate subscription is up to date, the definitions are up > to date daily, and I apply all MS patches via WSUS. > > Now this morning --- the user did not have any problems with it robbing > their processor. I will download/run the mentioned scans to see if anything > found on the system. > > Bob See all the rookus caused by your typo?! Just kidding... we have almost all seen (and fixed) a system that has a runaway svchost.exe. It is always explainable. After scanning with MBAM and SAS, if you still have the issues: ....you should get Process Explorer so you can see what is "really" running, especially behind those multiple svchosts you see running in Task Manager. You'll like PE when you get the hang of it. PE is the Windows Task manager on steroids. PE installs nothing, and only runs on demand. It looks a little intimidating, but you will start to like the way it works. http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Using PE and the info from the other link I sent will help you see what is going on and then you can fix it instead of trying things.
From: PA Bear [MS MVP] on 15 Jul 2010 15:07 Bob wrote: >> Nevertheless, there is a very good chance that you are seeing the effects >> of a hijackware infection! <snip> > I did spell the name wrong, the Process that we end in Task manager is > spelled ------ svchost.exe I assumed such was the case.
From: PA Bear [MS MVP] on 15 Jul 2010 15:08 Jose wrote: <SNIP> > See all the rookus caused by your typo?! Ur spiel chukkers broke.
From: Jose on 15 Jul 2010 16:57
On Jul 15, 3:08 pm, "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote: > Jose wrote: > > <SNIP> > > > See all the rookus caused by your typo?! > > Ur spiel chukkers broke. That is Festus Haggen speak. S'way we tawk out cheer in Dodge. |