Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Not sure if my problem is caused always by svchost.
My computre is always attached to the Internet, but quite often when I am not doing anything with the internet I am receiving a lot of very long delays.
Software packages I have run for tears will now always take ages to load, coming up with either server is busy, or another program is using the resource I require, giving me a retry or switch option. When I select Switch it always calls up the Start menu. Eventually the program will load, then it runs fine.
Also whenever I use the file open, save options etc it takes ages to load the details(, often displaying the search icon).

Any help would be much appreciated

regards

Jim Hope

Thanks Leo for all you do for the computing public. I have been reading all day about the SVCHOST issue where folks are experiencing 100% cpu activity for a while as soon as connecting to the internet. My fix is limited to the situation outlined below and does not include the 60 second shutdown issue or crashing.

Some websites and forums suggested that SVCHOST is being exploited by a worm or trojan, but most people find their virus scans come up empty as do the spyware checkers. So your computer is mostly OK except for this cpu drain that seems to last only a short time.

I have had the problem for about a week and I have tried five different virus scans (including on line McAfee, AVG, PC Security Shield, and Symantec) and two spyware programs (Adaware and Xoftspy) but found nothing of import. My Hijack this has not changed. It started after a recent Microsoft Automatic Update to my Windows XP SP2 system.

Using Process Explorer (from SisInternals --

http://www.sysinternals.com/Utilities/ProcessExplorer.html

I could see that one of the many SVCHOST copies was running (1144) which was attempting to assist Microsoft Automatic Updates (3108 and 2720). My Automatic Updates was set for "Notify Me but do not download or install". Apparently the cpu usage is caused by the Updates program attempting to determine if there are updates which it of course only does when you connect to the internet. I simply set my Automatic Updates to OFF and the problem disappeared. I did not experiment with allowing it to be ON full automatic mode, but I suspect that would be OK too. Appears to me that Windows is not playing nice with the Notify me but do not download option.

Wanted to let you know cuz lots of folks are suffering. I suspect this is something MS will be fixing in a future update.... When you start your machine, immediately start the Process Explorer, and watch the cpu usage as your internet connection is established. If you see that the SVCHOST that is causing the CPU load has underneath it (below the minus sign associated with it) one or two Automatic Update listings, then try my fix by either shutting off Automatic Updates in Control Panel (Automatic Updates).
Regards, Dan

hi im running server 2003, i keep getting LSA.exe errors which cause restarts. i wanted to know if that has anything to do with svchost. i also have a firewall which logs dropped packets, after looking at it i found lots of packets dropped to ports 1026, 1027, 445, 1025, 135 and some random others. could this mean im under attack, i've done all the scans ect to clean the system and fitted full new hardware and full reinstall of OS. i have a static wan ip and wanted to know if i change it will it stop the problem?????

please help as i just cant get past this!

many thanks raj

Look at this article referenced by the article you just commented on: http://ask-leo.com/what_is_svchost_and_why_is_there_more_than_one_copy_running.html

if open add/remove windows components window, it does not open, but only one empty dos window titled svchost loads and disappears.

Same thing also happen if i try to view the source code of webpages. Pls give me a solution
thanks in advance

After reading about the Windows Update post, I checked the computer that I was having the same svchost.exe problems with and udpates were set to automatic every night at 3:00 am. Once I turned this off, the svchost.exe CPU went down to 0. I manually connected to the Windows Update site and during the check for updates, svchost.exe went up to near 100 utilization again. After waiting nearly 30 minutes it finally gave me the option to get the latest windows update software. I installed this, downloaded all the latest updates, set it back to automatic updates every evening and now everything is working fine again. It could be that you have the older version of Windows update, that seemed to be the problem on this computer.

Should SVCHost.exe be constantly accessing the net? Because my network symbol is on all the time even when no net apps is running such as IE?Mathon or Yahoo Messenger and MSN etc.

The light is constantly on, does this indicate a violation of the svchost file? Or a modification for a possibel spyware or malware?

I have read the articles on svchost.exe and by using Process Explorer I found that the CPU is being hogged by WIAFBDRV.DLL When I kill this process the CPU unclogs, but my system still seem sluggish. I have run Norton AV, and Trend along with spybot and System Mechanic 6. No luck. Any suggestions?

I have a similar problem to what answered above, but I have used 3 different virus scanners, an ad-aware software, and a registry cleaner. Yet I still get this problem:

I connect to the internet normally, and I don't get any overloads of cpu usage or whatever. Everything is fine.
However, after a while (length is pretty random), I get a "Generic Host Process for Win32 Services has encountered an error and must shut down" After this, my internet connection just freezes. The internet connection icon stays in the taskbar, but no internet actions work (can't get to any web page, MSN Messenger can't connect, etc.) I can't "disconnect" my internet connection, and when I try to view the status, the window pops up for a fraction of a second but dissapears right after, no matter how often I try to do it. My only way to reconnect to the internet is by rebooting my computer.

And everything that isn't internet related works fine (I tested extensively). I can still play games, work, listen to (offline) music, etc.

I'm getting desperate, as my last option as of right now is a full format of my C: drive
I don't know what else to do (and I'm no computer expert, although I do know quite a bit)

Please help,
Thank you,
Dominic

Dominic, I had exactly the same issue. Must be something fresh - all the posts on it I found were from the last few days. But I finally found the solution - here it is:

http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx

Just install the patch and enjoy a no-more-interrupted connection ;]

regards2all
Marek

To post a comment on "Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.", please return to that article's main page.