Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Comments

All Comments on: Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Comment Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38

After I have booted the pc (XP SP2 Home edition up to date from Microsoft) sometimes 1min sometimes 5min the the message comes up win32 got an error and have to close, mod svchost.exe submod ntdll.dll and when this happens I loose the direct sound the rest works ok. I have re-booted without starting anything (msconfig and disable all startup pgms) and the same hapens. can you help.

Posted by: Leif at June 17, 2005 10:55 PM

Make sure you've run up to date virus scans. I sounds like a virus.

Posted by: Leo at June 17, 2005 10:58 PM

I'm sorry I should heve included that I'm running Norton Antivirus 2005 updated with latest virus definitions and running Spybot with latest signature file and have Sygate personal firewall installed but to no help. Before the problem occurs sounds and audio devices in control panel looks ok, after the problem have occured it tells me no audio devices, going through all hardware checks I have found, all hardware device are working ok but no sound (including CheckIt Diagnostic from Symantec)
I'm ot of ideas,
Leif

Posted by: Leif at June 18, 2005 10:58 PM

My next step would be the system file checker: http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html

You *might* have to run it after booting into Safe Mode, I'm not sure.

I'd also grab a second free Anti-Virus scanner from somewhere. I keeping hearing mixes results from and about Norton.

Posted by: Leo at June 19, 2005 7:57 AM

I experienced the crash too, until I configured the Norton Internet Security Firewall to BLOCK ALL of the Programs that were unnecessary on a day to day basis.

The default was AUTOMATIC, which says that Norton will consider what is safe and what is not safe. Once I changed everything to BLOCK, the crashes disappeared. Now, if I wish to allow a program to access the internet (such as a browser) the BLOCK POPS UP and asks me for a one-time approval.

Other features allowed me to always accept certain IP addresses or domain names. I am still learning about the Norton Tools, but I was crashing before. (This was all after a clean bill of health on viruse scan).

I would like suggestions on excellent spyware programs to run.

And I also would like to know if running more than one virus will have a conflict.

Posted by: IPIU at July 3, 2005 10:59 AM

My anti-spyware recommendation: http://ask-leo.com/recommendation_microsoft_antispyware.html

You can install more than one anti-virus program, but you should NOT enable real time checking in more than one at a time - that WILL cause problems.

Posted by: Leo at July 4, 2005 1:10 PM

I had a problem with svchost.exe using up all cpu ussage. I found the answer by locating the PID number in the task manager, then using the Start> Run> cmd> "c:\>tasklist /svc" I found out the PID number of the "wirus, spyware or combonent" using the svc shell. I didn't find any file named "dnscache" so I opened the registry editor "Start> Run> regedit.exe" I searched through the whole registry for dnscache which was causing the cpu to run at 99% IN MY CASE! deleting everything I found connected to dnscache or setting the value to 0 if possible. This was a desperat act, and I was ready to format If it wouldn't work.
My computer works 100% normal,, also on the internet and the lan..
Hope this helps.
Johann

Posted by: Johann at September 5, 2005 1:25 PM

I had a problem with 100% CPU usage because of svchost and I had the 60s restart. If this sounds familiar you should do the following:
-Get a good antivirus and scan(BitDefender 9+ updates)
-Get a good anti-spyware and scan (Spyware doctor)
-Get the windows security patch (http://support.microsoft.com/?kbid=824146)
-Configuer your firewall to block the UDP/TCP ports:
135, 137, 138, 139, 445 and 593
-Thank Leo and Black Viper for the help :)
PS. svchost should stop hogging the CPU after you install the microsoft security patch.
If the reboot starts when you try to repair the program use this command in the start/run "shutdown -a".

Hope this helps anyone in this situation.
Alex

Posted by: AleXander at September 7, 2005 4:35 PM

I would grab process explorer - http://ask-leo.com/d-procexp - right click on the svchost instance that is using all the CPU, hit properties, and see if you can tell which Windows service it's attempting to run that's doing that. That may at least provide a clue.

Posted by: Leo at September 11, 2005 9:35 PM

One quick question: I'm using Sygate's Personal Firewall Pro, and would like to know if I should select local, remote, or both when it comes to blocking the above-mentioned ports.(I understand that I need to select both the TCP and UDP protocols.) TIA

Posted by: skay at September 13, 2005 5:29 AM

Comment Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38

Read the article that everyone's commenting on.

Subscribe to the RSS Feed for comments on this article.