Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Leo, your original article suggests that there are only 2 possible problems, both related to malware. While some people may be bitten by malware, the WBEM repository hang will definitely crop up with people with clean XP installs. Consider updating your article.

>>I have had all 3 of my computers exibit this same behavior, and all within the last week. Nothing has changed on the computers except that i used window's update. Upon startup whenever i access the internet, explorer or other, svchost gobbles up my cpu, eventually it releases, but i cannot get anything done for those 5 minutes.

I fixed my problem (fingers crossed) by rebuilding the WBEM registry as per http://www.hanselman.com/blog/SvchostexeSucksCPUAndRebuldingTheWMIWBEMRepository.aspx and then also stopping windows automatic update. Even after I rebuilt the WBEM registry I had problems and using the Process Explorer utility I identified Windows Update as grabbing all my CPU. I set this to notify me only and so far so good.

Just wanted to get this out.

If you run Symantec products and if you are getting svchost crashing soon after boot with a Generic Host Process error pointing to msi.dll, then I think I might have an hint.

This error was beginning to show up all over campus. Even applying MS's patch KB894391 failed.

It turns out that it is caused by Symantec's setting to "Scan Network Drives" Turn this feature off. The svchost error should vanish on next boot. You may still get the Generic crash once more.

Hope this might help someone, I can't tell you how many hours I spent on this one...

grrrr

dan

you can find out what scvhost is running by clicking on start then click on run and type cmd (windows xp) or type command (all versions of windows) then max the window (it will be half screen) and type tasklist /svc and you will see the list of what each item is running and what it is running.

Leo, please help with the following annoying problem, related to svchost, that no other 'expert' seems to understand. Since a couple of month svchost started a life of its own scanning all of the ports on my modem/router for days at an end. It did not do this before and takes up CPU-time, is visible in de Zone-Alarm firewall window (no check anymore on in/outgoing processes).
System XP-SP2, firewall, virus scan in place (AVG) and performing several full-system checks without succes. Also hitman-pro brings no relief. How to stop this irratic behavior.
Thanks for your attention, Bob.

I have the svchost taking from 70 to 90% cpu resources, and I use the task manager to end it and work fine through the session. But lately it's happening all the time. I have the latest Anti virus protection updates from Mcafee, I have the firewall enabled for all my connections. System is xp with sp2 and the update page shows no necessary updates are available for my system. I ran a registry mechanic software to make sure no problems are in the registry. I use the tweaks to speed up user clean up and shutting down. I use Boot vis from Microsoft to speed up system boot. In spite of all this, svchost loads and takes all my CPU time. please any solution?

thanks , sally
me@sallyahmed.com
http://www.sallyahmed.com/

Leo: I've been meaning to thank you for the hint about Svchost.exe issue on W2K. Now, after having updated my pc to XP, one of the copies of svchost.exe turned back to it's malaware tendences, taking over the 100% of my cpu AGAIN. Microsoft support helped me to hunt and fix this problem: now I pass this through to you all.
Although the following steps maith be a particular case, I hope it helps the same way that helped me.

- log on the pc as administrator

- Download SysInternals Process Explorer and run it
- Identify which one of the svchost copies is causing the issue

-Click on start, and run "msconfig"

- over the "services" tab, click on "hide all microsoft services"

- Disable the rest of services

- click on the "start up" tab

- click on "disable all"

- Reboot the system

- Make sure the svhost.exe is not taking over the 100% of the cpu (for now)

- Run process explorer again

- run "msconfig" again

- Enable one by one the process and services until the problem shows up again. Don forget reboot the pc with every service enabled.

- Once the svchost copy takes the cpu resources again, you've just found the "guilty" service, so scan it or put it on quarantine.

For my case, a process that controls a HP printer spool was the root cause. Once disabled, the problem was solved at last.

Good Luck Riders.... Thanks again LEO.

ALex

Following is what I tried and didn't work:
1. Patches from MS.
2. Looking for the svchost instance causing problems. The one for RPC seemed like an culprit always.
4. Then saw MSWord and Google Toolbar running in SVCHOST. Thought about uninstalling MS Office before I tried this.

What worked for me:
1. I saw mdm.exe intermittently would take up a part of the processor usage. I disabled the mdm.exe using ProcessExplorer and everything is nice and easy. No more trouble.

Please let me know if someone can confirm that suspending MDM.exe worked for you guys.

Regards
KM

Wierd. When we configure a system at our office for a client there is no problem. They get the brand new computer and boot onto their network they get the svchost.exe error. They have an automatic installation routine setup in the login.bat file for symanatec, I'm wondering if something is going on there, but it only seems to be for one specific user, and it's a brand new machine, but this user has had trouble with another notebook before! It only happens on this one client's network and only this user!!

To post a comment on "Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.", please return to that article's main page.