Prev: word Document slow
Next: windows xp Home installation
From: Bob on 14 Jul 2010 16:38 I have one desktop that is running XP Professional SP3 on a server 2003 Domain, all security patches are up to date, all systems run Symentec Endpoint Protection 11.0.5. This one system starting using 100% processor for svhost.exe when the system boots up a few days ago, we go to task manager see the svhost.exe that is using all of the processor, end that task, and the user is back in business. I saw some information on the net that is may be a virus --- I boot the machine up in safe mode, with system restore off, ran a full scan and no threats, also ran a full scan while not in safe mode and still all clear. There are a lot of ideas on the net as to how to fix this ---- just wondering if anyone ran into this problem and if successfully resolved. Any assistance would be appreciated. Thanks, Bob
From: Unknown on 14 Jul 2010 17:08 Google for Svhost. Also try the system with Symantec disabled. "Bob" <Bob(a)discussions.microsoft.com> wrote in message news:95A5D342-1128-4532-B412-E4B5ADF3DE8F(a)microsoft.com... > > I have one desktop that is running XP Professional SP3 on a server 2003 > Domain, all security patches are up to date, all systems run Symentec > Endpoint Protection 11.0.5. > > This one system starting using 100% processor for svhost.exe when the > system > boots up a few days ago, we go to task manager see the svhost.exe that is > using all of the processor, end that task, and the user is back in > business. > > I saw some information on the net that is may be a virus --- I boot the > machine up in safe mode, with system restore off, ran a full scan and no > threats, also ran a full scan while not in safe mode and still all clear. > There are a lot of ideas on the net as to how to fix this ---- just > wondering > if anyone ran into this problem and if successfully resolved. Any > assistance > would be appreciated. > > Thanks, > Bob >
From: Jose on 14 Jul 2010 17:27 On Jul 14, 4:38 pm, Bob <B...(a)discussions.microsoft.com> wrote: > I have one desktop that is running XP Professional SP3 on a server 2003 > Domain, all security patches are up to date, all systems run Symentec > Endpoint Protection 11.0.5. > > This one system starting using 100% processor for svhost.exe when the system > boots up a few days ago, we go to task manager see the svhost.exe that is > using all of the processor, end that task, and the user is back in business. > > I saw some information on the net that is may be a virus --- I boot the > machine up in safe mode, with system restore off, ran a full scan and no > threats, also ran a full scan while not in safe mode and still all clear. > There are a lot of ideas on the net as to how to fix this ---- just wondering > if anyone ran into this problem and if successfully resolved. Any assistance > would be appreciated. > > Thanks, > Bob Did any of those ideas have a happy ending? You should normally see several svchost,exe in Task Manager (if that is where you are looking). If you are curious why that is, read this article: http://www.bleepingcomputer.com/tutorials/tutorial129.html Malicious software will sometimes hide underneath or hijack a legitimate XP svchost.exe process. Sometimes malicious software will run using a Process Image Name that looks like a legitimate process in order to fool you. If you really see svhost.exe, that sounds suspicious. I would not put all your malicious software detection eggs in the Symantec basket. Perform some scans for malicious software, then fix any remaining issues: Download, install, update and do a full scan with these free malware detection programs: Malwarebytes (MBAM): http://malwarebytes.org/ SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ They can be uninstalled later if desired. If you have the same problem, we can then figure it out and fix it (not try things).
From: Al on 14 Jul 2010 18:42 Bob - svchost functions as a "host container" for threads being executed - several will be "running". Usually malware will have names similar to system files. Is the title you posted "svhost" correct? If so it is likely malware. or did you intend to mean "svchost"? There are several utilities - "process monitor" in particular - at Sysinternals site that will permit pinpointing the problem.
From: PA Bear [MS MVP] on 14 Jul 2010 21:23
Nevertheless, there is a very good chance that you are seeing the effects of a hijackware infection! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Microsoft PCSafety provides home users (only) with no-charge support in dealing with malware infections such as viruses, spyware (including unwanted software), and adware. https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 Also available via the Consumer Security Support home page: https://consumersecuritysupport.microsoft.com/ Otherwise... 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it. 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm 2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm 3. Now post the requested logs in an appropriate forum for assistance by an expert in such matters. DO NOT SKIP THIS STEP!! I can recommend the expert assistance offered in these forums: http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, and http://aumha.net/viewforum.php?f=30 If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. Bob wrote: > I have one desktop that is running XP Professional SP3 on a server 2003 > Domain, all security patches are up to date, all systems run Symentec > Endpoint Protection 11.0.5. > > This one system starting using 100% processor for svhost.exe when the > system > boots up a few days ago, we go to task manager see the svhost.exe that is > using all of the processor, end that task, and the user is back in > business. > > I saw some information on the net that is may be a virus --- I boot the > machine up in safe mode, with system restore off, ran a full scan and no > threats, also ran a full scan while not in safe mode and still all clear. > There are a lot of ideas on the net as to how to fix this ---- just > wondering if anyone ran into this problem and if successfully resolved. > Any > assistance would be appreciated. > > Thanks, > Bob |