Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Hate to make this "War and Peace", but I opened Win Task Manager/Processes to show me more information, after another failed attempt to download an update from windowsupdate.com. While svchost.exe shows 97-99% CPU usage, the "I/O Reads" and "I/O Read Bytes" for this process is ticking up exponentially, like the national debt. After about 10-15 minutes, the "I/O Read Bytes" is at 2.2 BILLION. The "I/O Reads" is at 2.6 million. But I've also noticed that lsass.exe and services.exe (both User Name - SYSTEM) are acting the same way in the "I/O Reads" and "I/O Read Bytes", though at a much slower pace. Lsass.com usually shows 0-3% for "CPU" usage, and services.com always shows 0%. I know the Sasser virus recently has done some things, but this problem has been with me since late last year - I'm just trying to correct it now, as I want to get DirectX9, and these Windows Updates are building up over time. Thanks again.

Carl: It's possible you've been affected by the *very* recent sasser worm. Even if not I would make absolutely sure your virus signatures are up to date, and do that virus scan again. Essentially I'd have you follow my most recent advice to Niels: a very up-to-date virus scan or two, and ensure that you have a firewall in place.

Good luck.

Hey there,
I am actually having a weird problem. Not all the symptoms are happening to my machine as everybody else's, the only one I have is when I first boot up, svchost is taking up to 98% usage on only my account (not SYTEM or others like that) and I can't go view anywebsite or anything. It's as if I'm not online at all. When I End Process of svchost.exe, everything works just fine and I can go online and everything. My PC doesn't reboot or anything when I shut it off. Maybe you can help me with this...I also have a problem with turning the firewall built into XP off, because when I do, my server won't work. (I am hosting from my PC) I do, however have a firewall through my router, and it's turned on, but only the port that I am hosting through is open.

Please help if possible, thanks.
-Wayne-

What AV software have you run lately? Your router should be enough of a firewall that you shouldn't need XP's. The svchost running in your account is really suspicious ... is it svc or scv?

Leo, This problem has been with me since Oct/Nov of 2003, so I don't think it can be the very recent Sasser worm. I have checked the box on the WinXP firewall, and I have NAV, I use LiveUpdate, I use NAV to scan all incoming and outgoing emails, and I run scans on my computer with NAV, Spybot and Ad-Aware regularly. This is strange as it only affects updates trying to make changes to WindowsXP (and the very related DirectX) from MSoft updating. I can download/load all other programs, both downloaded as well as purchased programs from CDs. Also, my computer downloads the updates fine with no 100% CPU usase from svchost while downloading the updates - but the svchost CPU usage goes to 100% when the updates start to apply themselves. Thanks again.

Have you tried a system file check? (http://ask-leo.com/archives/000074.html )

Sir,
My pc (Win XP)has recently been affected by the W.sasserworm but i have deleted the virus by updating the MS-0411 MS bulltein and running the patch.But now the PC has become little slow and if i look at the process the CPU performance is showing 80% but the system idle process is showing 82% why is this so.There is no RPC.exe running in my PC.I am using the windows firewall
and using norton corporation with latest updates.
How can i increase my PC speed?

regrads
Tamal

Leo, I tried the system file check (SFC) as you suggested, and the exact same thing happened as when I try to download and process an update - the "File Signature Verification" box says "Building File List..." and has just hung up there, and the svchost.exe file is at 100%. So, it's not just the Windows Update files, I presume there's a "larger" problem. So, I basically can't run SFC. Any other ideas?? At this point, would a repair or re-install be a wise course of action now?? Thanks again for your suggestions.

I am running Windows XP with service pack. I used to be able to network my three home computers but have not been able to for several months. I now know that the following error messages are related to the problem but can't find a fix anywhere. Help!

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 5/6/2004
Time: 10:36:32 AM
User: N/A
Computer: ATHLON2200
Description:
The Computer Browser service and The Messenger service depend on the Workstation service which failed to start because of the following error:
The service has returned a service-specific error code.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 5/6/2004
Time: 10:36:32 AM
User: N/A
Computer: ATHLON2200
Description:
The following boot-start or system-start driver(s) failed to load:
MRxSmb
Rdbss

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 5/6/2004
Time: 10:36:32 AM
User: N/A
Computer: ATHLON2200
Description:
The Workstation service terminated with service-specific error 2250 (0x8CA).

Tamal: I'm confused by your post. You're saying that your processor is both 80% idle AND 80% busy, which of course isn't possible. Can you maybe clarify a little?

To post a comment on "Svchost and Svchost.exe - Crashs, CPU maximization, viruses, exploits and more.", please return to that article's main page.