Svchost. Exe ?

Discussion in 'Hardware' started by Pabst, Dec 27, 2003.

  1. nitro

    nitro

    Pabst,

    If your machine is running like crazy, and there does not seem to be a reason for it, you have probably been hacked.

    Another possibility is the IIS Indexer. This is the program that goes and indexes your files so that when you do a search (start->search) it can do so more quickly.

    It is nearly impossible to avoid some form of hacking. The benign stuff is the ads that pop up. There are some not so benign ones...

    The only real defense against this stuff is to have a computer that is quarantined from the rest of your network that you use for browsing, etc. A pain in the ass, but we all eventually get bit by the maggots that have nothing better to do with their time :(

    nitro
     
    #11     Dec 27, 2003
  2. The reason I suspected it was one of the svchost.exe files that was a part of the problem was that the cpu time for it was running under Task Manager. It may have been a symptom and not a cause but it looked suspicious.

    Cheers.
     
    #12     Dec 27, 2003
  3. Note that SvcHost.exe is a legit Windows process - it provides a generic host process for Win32 Services and you can easily have multiple ones running (each hosting a different Windows service).

    Usually it's a completely legitimate thing (for example, the Netsvcs service is hosted by a SvcHost process) used by both certain Windows and third party services (e.g., some digitial camera, sound, etc. vendors implement part of their support as Windows Services and their service implementation needs to be hosted by a Scvhost process).

    I think part of the automatic Windows Update service might also run hosted by a Svchost process - which if you have that activated might cause intermittent high CPU when it checks for updates to load.

    But if you're seeing a lot of activity all the time, especially when you're not doing anything on the machine - you've probably picked up a virus or adware/spyware that's hooked itself into your computer. Scan your machine and/or check your Windows registery and the Windows services control panel to see if you've picked up virus/adware/spyware.

    Good luck.
     
    #13     Dec 28, 2003
  4. I was getting an error message on start up a week ago.

    I have a friend who is sort of like Nitro.....amazingly well informed about tech stuff. He has worked for government agencies and large corporations as a computer security consultant.

    When I described my problem to him over the phone, he told me that without looking at my computer, he could only guess that I must have had a virus on my computer.

    I told him I always have Norton running and that it does a complete virus scan every morning in addition to scanning all email as it comes and goes. And that it was showing my computer as being virus free.

    He told me that I should uninstall Norton and go to http://www.grisoft.com and download the free AVG anti virus program.

    I did that, ran it, and it found and fixed two "worm" viruses that Norton did not detect.

    I re-installed Norton, and now have both programs scanning for viruses. The AVG program has just one drawback (to me)....it puts a message at the end of all my emails. Looks like this on all my "inbox" messages:

    Incoming mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.557 / Virus Database: 349 - Release Date: 12/30/2003


    And like this on all my "sent" messages:

    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.557 / Virus Database: 349 - Release Date: 12/30/2003


    Which doesn't look great, but since it seems to have "fixed" my computer, I guess doing a little advertising for a free product is worth it. Also, I suppose it gives some assurance to those to whom I send emails. Particularly if there are attachments.

    Hope this helps. I know it does not address the svchost issue, but Nitro has explained that quite well. The comment on Norton not being infallible was what prompted my to make this post. As I know from experience now, indeed Norton is apparently not completely up to date in the virus department. And I am getting the downloads from Symantec. My version of Norton Utilities is current.

    Notice that the AVG program's release date is very recent (12/30/03). The rest of the Norton Utilities programs seem to me to work well. Just not up to the standards of my friend the computer maven. Who also suggested that I run Ad-Aware 6.0 regularly (which I have been doing for quite some time anyway). It too is a free program: http://www.lavasoftusa.com/

    Peace,
    :)RS
     
    #14     Jan 9, 2004
  5. CalTrader

    CalTrader Guest

    There are multiple trojans and viruses that attempt to install Windows services for malicious purposes - like allowing a third party to take over your system or allowing random file deletes or other monitoring.

    svchost is part of the infrastructure for windows services.
     
    #15     Jan 9, 2004
  6. I must really be a REPUBLICAN cause my Windows Task Manager shows 5 svchost.exe's!!!

    I'm running McAfee Anti-Virus with a 4-Port Router via a Cable Modem on Windows XP-Pro, and run Ad-Aware 6.0 Spyware every single day!

    :)
     
    #16     Jan 10, 2004
  7. nkhoi

    nkhoi

    I get 5 too, it's ok.

    it look normal to me.
     
    #17     Jan 10, 2004
  8. svchost.exe LOCAL SERVICE 3,956 K
    svchost.exe NETWORK SERVICE 3,304 K

    svchost.exe SYSTEM 3,364 K
    svchost.exe SYSTEM 15,768 K
    svchost.exe SYSTEM 4,060 K

    No CPU time was being shown whatsover for any of the above Processes.

    CPU Usage: Between 0%-3% while idling.

    Page File Usage: 150MB

    How does this look, guys?
    Any comments?
     
    #18     Jan 10, 2004
  9. To All Posters:
    I thought I would mention this for anyone who contemplates trying the Grisoft product. I was having some problems with virus attacks and I did as was suggested in Error's post. I uninstalled Norton and installed the free version of Grisoft's program. Sure enough it found 27 infected programs and I went ahead and quaranteened them. About 2 hours later just for the hell of it, I used the program to scan for virus again, and then shut the computer down and tried to start up again. I am running Windows XP professional. What happened then was that Windows would not start up, except in "safe mode". Apparently the Grisoft program removed (quaranteend) some files that were important to the operating system. I had to use system restore to get the machine back in order. So for folks who are tempted to try this, be careful. You may want to call you local computer tech and ask about the pros and cons before you get in over your head. Good luck, Steve46
     
    #19     Jan 10, 2004
  10. fyi I had 100% CPU usage and did a search on msft support pg. Apparently some AVI video files hang up software and peg it to 100% CPU. I simply killed off winamp(which I had last used to run a movie file) process in task manager and the problem went away.

    In the Msft solution they said they will have a fix in next service pack.
     
    #20     Jan 10, 2004