Help!

Svchost.exe using 50% of CPU - help 2

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  split from 'Passwords' in Laptops and Mobiles  
Author Message
VirginiaBlend



Joined: Jun 03, 2010
Posts: 3



PostPosted: Thu Jun 03, 2010 10:37 pm    Post subject: Svchost.exe using 50% of CPU

Hey there Lockergnome!

I hope you guys can help me solve this issue.

I booted up my PC today to play some Alpha Protocol and I noticed the game was freezing sporadically to the point of unplayability.

I tried some fixes and used Task Manager to see how performance was when I noticed that my CPU usage was at a constant 50% even with no programs running.

I narrowed the culprit down to Svchost.exe which seems to be constantly using that 50%.

Any help on how to fix this issue would be greatly appreciated! Very Happy

Edit: Here is a screenshot of the issue using Processes Explorer and the Task Manager.



 <<-- click to expand
Back to top
Philocalist



Joined: Jun 21, 2004
Posts: 291

Location: Sunny Newcastle, UK

PostPosted: Fri Jun 04, 2010 12:00 pm    Post subject:

Wish I had a categoric answer to this: unfortunately I don't ... and I frequently have the same problem. Currently, there are FOURTEEN instances of SVCHOST running on my PC, which is quite normal (for me), all without problem.
Occasionally, one goes haywire, like yours. I've never fully pinned down what causes this, so hopefully someone a bit smarter will be along shortly to enlighten us? Very Happy
Meanwhile, 2 observations: I've often noticed that this MAY be linked to an AV software malfunction (I'm using Vipre, which works very well apart from an occasional 'hang'). Second, all I normally do is right-click within Task Manager on the offending instance of SVCHOST, and terminate the process.
So far, it solves the immediate problem of high CPU usage without impacting on anything else, but I'll re-iterate, I have no real idea what is the cause Rolling Eyes
Back to top
Hel



Joined: Jun 04, 2010
Posts: 1



PostPosted: Fri Jun 04, 2010 1:18 pm    Post subject:

It's not clear from your screenshot what processes loaded through SVCHOST eates up your memory. Double click on process in Process Explorer then go to Services tab, my guess is that some of this services works incorrectly. You will need either disable it (if you don't need this service) or reinstall it (if it is driver or some application) or install hotfix (if it is some Windows process).

Hope you could find some helpful info here h**p://www.file.net/process/svchost.exe.html
Back to top
VirginiaBlend



Joined: Jun 03, 2010
Posts: 3



PostPosted: Fri Jun 04, 2010 6:29 pm    Post subject:

Well I used Processes Explorer to find out how many sub processes were running under Svchost and there were only 2. I disabled the offender by going through Run -> services.msc and the problem seemed to be solved. Then later that evening when trying to visit a webpage and Firefox redirected me to some kind of myspace/facebook page.

Virus time yay Evil or Very Mad

Let Malwarebytes Anti-Malware Spybot S&D and Windows Malicious software tool run over night and sure enough I did have a trojan,

Malware log:
Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\LAuima.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\~TM86.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Had Malware remove and I thought everything was fixed. Now the Svchost issue has popped up again and I am getting strange errors within windows.

Trying to upload images results in a hourglass icon but nothing happens. Same issue in VLC when trying to load subtitles.

Going to do some research on this Holti Trojan.
Back to top
VirginiaBlend



Joined: Jun 03, 2010
Posts: 3



PostPosted: Fri Jun 04, 2010 9:55 pm    Post subject:

Update.

After Removing the trojan I thought everything was fine....

Now about 4 hours later Svchost is back and taking up 50% of my CPU and my computer is generally acting screwed up.

I.E. I was using VLC player and tried to load some subtitles into a movie but no matter how many times I clicked "Load subtitles" the windows browser to open the file never popped up. Same thing using Imgur and some other apps get random failures when opening. Winrar, Itunes etc.

So at this point I'm very confused and kinda lost


The process under Svchost that's taking all my CPU now is RCP (Remote Procedure Call)

Even under services.exe I have no ability to disable it.

I'm not sure why this jumped from Dcom Service Process Launcher to RCP....or why its taking 50% of my CPU power.
Back to top
Philocalist



Joined: Jun 21, 2004
Posts: 291

Location: Sunny Newcastle, UK

PostPosted: Sat Jun 05, 2010 8:24 am    Post subject:

Ref your issue with subtitles etc.
I had a similar problem recently, turned out to be a missing dll file ( which I think vanished on removal of a trojan) that affected the relative codec ..... .
Back to top
drwho07



Joined: Nov 29, 2007
Posts: 2296

Location: Central FL, USA

PostPosted: Sun Jun 06, 2010 5:12 pm    Post subject:

If you'll just do some research, you'll find that many other necessary services in your PC absolutely rely on RPC to work. Never mess with it.
You'll KILL your computer if you do.

On XP there are about 20 services that do not need to run, on the average home computer. On Vista and Win-7 that total goes up to almost 40, services that do not need to run. You can find the entire list of services on the "Black viper" web site.

He gives one list of services to disable under the heading of "SAFE to disable".

Having several to many instances of Service Host running is absolutely normal.

Keeping trojans off of your PC is as simple as running AVG 9.0 FREE and Spybot Search & Destroy. Set AVG to update every day at an hour that you'll have your PC on-line and update and run a scan with Spybot S&D every week. They post the latest updates on Wednesday, each week.
Just having Spybot S&D on your computer avails you Nothing, unless you keep it updated and run weekly. Don't forget to "Immunize" each time you get an update.

Spyware Blaster is another great program that can protect your PC from ever getting infected with malware.

I also use Malware Bytes to disinfect a badly infected PC.

Keeping any PC clean of malware is easy, but Disinfecting a PC that's already compromised by malware is another matter all together.

Good Luck,
Doc Cool
Back to top
ward29800



Joined: Jun 12, 2010
Posts: 1



PostPosted: Sat Jun 12, 2010 7:16 pm    Post subject: Getting rid of Trojan for good

You really have to delete all your Windows restore files to get rid of a trojan. It continually regenerates itself. Once the restore function is turned off, the files are erased and you can start over by turning the restore function back on.
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5924

Location: Brooklyn, NY

PostPosted: Sun Jun 27, 2010 2:26 pm    Post subject:

Read this topic and post the HijackThis log here when ready.
Back to top
AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum