SVCHOST taking up to 99% CPU - continuation

G

Guest

I placed the following question earlier in the day:
When I turn on the computer one of the copies of svchost takes over and
starts using up to 99% of the CPU. There is, of course, a virus that attaches
to this process and starts spinning wheels and makes the use of the computer
impossible. All I can do is to press the “end process†button in Task
Manager. The result is that then I can use the computer but I loose the use
of sound.
I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my computer and
all of them say my computer does not have a virus.
Is there a way to intercept the loading of processes and figure out what is
and where this parasite is? So far deleting all cookies, deleting all
Internet temporary files, deleting the MRU list does not produce any results.
I will appreciate any help very much.

=====================================================

Note: I use Windows XP professional.
After several responses that I appreciate very much, one of them suggested
to look into the registry, and these are the results:
There are only two entries in the registry for svchost, both under
HKEY_LOCAL_MACHINE.
In the second instance, it has an entry in the data side, netsvcs, with a
long list of probably sub-processes that this task (process) handles. This
list is so long, that I was not able to display, to read or to select so that
I can copy elsewhere for later analysis. By now I am convinced that one of
these sub-processes is the culprit of the hogging. If this list can be
displayed for study it will determine the “bad guyâ€. This bad guy can then be
disabled, fixed, repaired.
I will appreciate any further help very much.
 
J

Jeff

Svchost is used by many programs. Try turning off automatic updates. When
you do manual check for updates the programs more or takes over the computer
resources for a few minutes, I assume with automatic update it is doing this
as well.
 
J

Jim Byrd

Hi CLP - You most likely don't have malware or a virus or, if you do, it's
almost certainly not the cause of the svchost.dll problem, and while I never
discourage people from cleaning up malware on their machine (see my Blog,
addy below in my Signature), the approach you're talking about is highly
unlikely to solve the svchost.dll problem you are currently dealing with.

This is a known problem, apparently in the Catalog scan sequence processing
in the Windows Update process. I posted for you earlier a procedure that I
worked out during an hour and a half over the phone with one of MS's third
level technicians (after four previous calls to get to the right person,
which has been tested fairly extensively and which has worked for all those
people who have tried it who have provided feedback. Here's one example
from the responses received so far:



"I have applied Jim Byrd's suggested fix on a number of my affected
computers. This is my methodology and my results.


I have conclusively identified 23 computers [out of 389 total domain
computers] affected with the behavior described in KB 932494. Of the 23 I
applied the hotfix described in KB 916089 to 10 keeping the other 13 as a
control group. As I mentioned before, the hotfix achieved a 0% effective
rate. Then I selected 8 computers, 4 in the hotfix group and 4 in the
control group and applied the Byrd solution. Of the 8 eventually all
achieved nominal performance. I say eventually because 2 computer [both in
the control group] required me to delete AccountDomainSis, PingID and
SusClientId from the Registry and /resetauthorization before they would
check in with the WSUS server.


So either the Byrd solution is good for me or I haven't yet taken a broad
enough sampling. Since I intend to apply the solution to the rest of my
affected computers, should I find a clunker I'll let you know."



There is a fix forthcoming as I noted at the end of that previous post, but
it may be awhile coming. In the meantime, I'd advise you to follow the
steps I gave earlier, getting help if you need it to do so. However, you
are certainly free to ignore this advice.

--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/



In Computer logon password <[email protected]>
typed:
|| I placed the following question earlier in the day:
|| When I turn on the computer one of the copies of svchost takes over
|| and starts using up to 99% of the CPU. There is, of course, a virus
|| that attaches to this process and starts spinning wheels and makes
|| the use of the computer impossible. All I can do is to press the
|| "end process" button in Task Manager. The result is that then I can
|| use the computer but I loose the use of sound.
|| I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my
|| computer and all of them say my computer does not have a virus.
|| Is there a way to intercept the loading of processes and figure out
|| what is and where this parasite is? So far deleting all cookies,
|| deleting all Internet temporary files, deleting the MRU list does
|| not produce any results. I will appreciate any help very much.
||
|| =====================================================
||
|| Note: I use Windows XP professional.
|| After several responses that I appreciate very much, one of them
|| suggested to look into the registry, and these are the results:
|| There are only two entries in the registry for svchost, both under
|| HKEY_LOCAL_MACHINE.
|| In the second instance, it has an entry in the data side, netsvcs,
|| with a long list of probably sub-processes that this task (process)
|| handles. This list is so long, that I was not able to display, to
|| read or to select so that I can copy elsewhere for later analysis.
|| By now I am convinced that one of these sub-processes is the culprit
|| of the hogging. If this list can be displayed for study it will
|| determine the "bad guy". This bad guy can then be disabled, fixed,
|| repaired.
|| I will appreciate any further help very much.
 
R

Rock

I placed the following question earlier in the day:
When I turn on the computer one of the copies of svchost takes over and
starts using up to 99% of the CPU. There is, of course, a virus that
attaches
to this process and starts spinning wheels and makes the use of the
computer
impossible. All I can do is to press the “end process†button in Task
Manager. The result is that then I can use the computer but I loose the
use
of sound.
I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my computer and
all of them say my computer does not have a virus.
Is there a way to intercept the loading of processes and figure out what
is
and where this parasite is? So far deleting all cookies, deleting all
Internet temporary files, deleting the MRU list does not produce any
results.
I will appreciate any help very much.

=====================================================

Note: I use Windows XP professional.
After several responses that I appreciate very much, one of them suggested
to look into the registry, and these are the results:
There are only two entries in the registry for svchost, both under
HKEY_LOCAL_MACHINE.
In the second instance, it has an entry in the data side, netsvcs, with a
long list of probably sub-processes that this task (process) handles. This
list is so long, that I was not able to display, to read or to select so
that
I can copy elsewhere for later analysis. By now I am convinced that one of
these sub-processes is the culprit of the hogging. If this list can be
displayed for study it will determine the “bad guyâ€. This bad guy can then
be
disabled, fixed, repaired.
I will appreciate any further help very much.
Click to expand...

Why are you creating a new post on something you just posted today? Post to
the original thread so there is some continuity.
 
M

mikeyhsd

another virtual spanking from our resident net nanny.




(e-mail address removed)



I placed the following question earlier in the day:
When I turn on the computer one of the copies of svchost takes over and
starts using up to 99% of the CPU. There is, of course, a virus that
attaches
to this process and starts spinning wheels and makes the use of the
computer
impossible. All I can do is to press the “end process†button in Task
Manager. The result is that then I can use the computer but I loose the
use
of sound.
I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my computer and
all of them say my computer does not have a virus.
Is there a way to intercept the loading of processes and figure out what
is
and where this parasite is? So far deleting all cookies, deleting all
Internet temporary files, deleting the MRU list does not produce any
results.
I will appreciate any help very much.

=====================================================

Note: I use Windows XP professional.
After several responses that I appreciate very much, one of them suggested
to look into the registry, and these are the results:
There are only two entries in the registry for svchost, both under
HKEY_LOCAL_MACHINE.
In the second instance, it has an entry in the data side, netsvcs, with a
long list of probably sub-processes that this task (process) handles. This
list is so long, that I was not able to display, to read or to select so
that
I can copy elsewhere for later analysis. By now I am convinced that one of
these sub-processes is the culprit of the hogging. If this list can be
displayed for study it will determine the “bad guyâ€. This bad guy can then
be
disabled, fixed, repaired.
I will appreciate any further help very much.
Click to expand...

Why are you creating a new post on something you just posted today? Post to
the original thread so there is some continuity.
 
G

Guest

To Jim Byrd:
Dear Jim:
I do appreciate your help, but my expertise level is not good enough to
tackle such an involved procedure. I feel very uncomfortable doing things I
do not understand.
I apologize, but I am afraid of getting into a big problem I cannot resolve
and will put me very far behind on my dead lines.
I thank you very much for your help.
In the meanwhile I am getting by when I “end process†of the copy of svchost
that is hogging the machine.

Thank you,
Al
Jim Byrd said:
Hi CLP - You most likely don't have malware or a virus or, if you do, it's
almost certainly not the cause of the svchost.dll problem, and while I never
discourage people from cleaning up malware on their machine (see my Blog,
addy below in my Signature), the approach you're talking about is highly
unlikely to solve the svchost.dll problem you are currently dealing with.

This is a known problem, apparently in the Catalog scan sequence processing
in the Windows Update process. I posted for you earlier a procedure that I
worked out during an hour and a half over the phone with one of MS's third
level technicians (after four previous calls to get to the right person,
which has been tested fairly extensively and which has worked for all those
people who have tried it who have provided feedback. Here's one example
from the responses received so far:



"I have applied Jim Byrd's suggested fix on a number of my affected
computers. This is my methodology and my results.


I have conclusively identified 23 computers [out of 389 total domain
computers] affected with the behavior described in KB 932494. Of the 23 I
applied the hotfix described in KB 916089 to 10 keeping the other 13 as a
control group. As I mentioned before, the hotfix achieved a 0% effective
rate. Then I selected 8 computers, 4 in the hotfix group and 4 in the
control group and applied the Byrd solution. Of the 8 eventually all
achieved nominal performance. I say eventually because 2 computer [both in
the control group] required me to delete AccountDomainSis, PingID and
SusClientId from the Registry and /resetauthorization before they would
check in with the WSUS server.


So either the Byrd solution is good for me or I haven't yet taken a broad
enough sampling. Since I intend to apply the solution to the rest of my
affected computers, should I find a clunker I'll let you know."



There is a fix forthcoming as I noted at the end of that previous post, but
it may be awhile coming. In the meantime, I'd advise you to follow the
steps I gave earlier, getting help if you need it to do so. However, you
are certainly free to ignore this advice.

--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/



In Computer logon password <[email protected]>
typed:
|| I placed the following question earlier in the day:
|| When I turn on the computer one of the copies of svchost takes over
|| and starts using up to 99% of the CPU. There is, of course, a virus
|| that attaches to this process and starts spinning wheels and makes
|| the use of the computer impossible. All I can do is to press the
|| "end process" button in Task Manager. The result is that then I can
|| use the computer but I loose the use of sound.
|| I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my
|| computer and all of them say my computer does not have a virus.
|| Is there a way to intercept the loading of processes and figure out
|| what is and where this parasite is? So far deleting all cookies,
|| deleting all Internet temporary files, deleting the MRU list does
|| not produce any results. I will appreciate any help very much.
||
|| =====================================================
||
|| Note: I use Windows XP professional.
|| After several responses that I appreciate very much, one of them
|| suggested to look into the registry, and these are the results:
|| There are only two entries in the registry for svchost, both under
|| HKEY_LOCAL_MACHINE.
|| In the second instance, it has an entry in the data side, netsvcs,
|| with a long list of probably sub-processes that this task (process)
|| handles. This list is so long, that I was not able to display, to
|| read or to select so that I can copy elsewhere for later analysis.
|| By now I am convinced that one of these sub-processes is the culprit
|| of the hogging. If this list can be displayed for study it will
|| determine the "bad guy". This bad guy can then be disabled, fixed,
|| repaired.
|| I will appreciate any further help very much.
Click to expand...
 
S

Sharon Franks

Email this guy (e-mail address removed) he has an automated automatic fix tool that
will make all the changes for you and fix your problem.


--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



Computer logon password said:
To Jim Byrd:
Dear Jim:
I do appreciate your help, but my expertise level is not good enough to
tackle such an involved procedure. I feel very uncomfortable doing things
I
do not understand.
I apologize, but I am afraid of getting into a big problem I cannot
resolve
and will put me very far behind on my dead lines.
I thank you very much for your help.
In the meanwhile I am getting by when I "end process" of the copy of
svchost
that is hogging the machine.

Thank you,
Al
Jim Byrd said:
Hi CLP - You most likely don't have malware or a virus or, if you do,
it's
almost certainly not the cause of the svchost.dll problem, and while I
never
discourage people from cleaning up malware on their machine (see my Blog,
addy below in my Signature), the approach you're talking about is highly
unlikely to solve the svchost.dll problem you are currently dealing with.

This is a known problem, apparently in the Catalog scan sequence
processing
in the Windows Update process. I posted for you earlier a procedure that
I
worked out during an hour and a half over the phone with one of MS's
third
level technicians (after four previous calls to get to the right person,
which has been tested fairly extensively and which has worked for all
those
people who have tried it who have provided feedback. Here's one example
from the responses received so far:



"I have applied Jim Byrd's suggested fix on a number of my affected
computers. This is my methodology and my results.


I have conclusively identified 23 computers [out of 389 total domain
computers] affected with the behavior described in KB 932494. Of the 23
I
applied the hotfix described in KB 916089 to 10 keeping the other 13 as a
control group. As I mentioned before, the hotfix achieved a 0% effective
rate. Then I selected 8 computers, 4 in the hotfix group and 4 in the
control group and applied the Byrd solution. Of the 8 eventually all
achieved nominal performance. I say eventually because 2 computer [both
in
the control group] required me to delete AccountDomainSis, PingID and
SusClientId from the Registry and /resetauthorization before they would
check in with the WSUS server.


So either the Byrd solution is good for me or I haven't yet taken a broad
enough sampling. Since I intend to apply the solution to the rest of my
affected computers, should I find a clunker I'll let you know."



There is a fix forthcoming as I noted at the end of that previous post,
but
it may be awhile coming. In the meantime, I'd advise you to follow the
steps I gave earlier, getting help if you need it to do so. However, you
are certainly free to ignore this advice.

--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/



In Computer logon password <[email protected]>
typed:
|| I placed the following question earlier in the day:
|| When I turn on the computer one of the copies of svchost takes over
|| and starts using up to 99% of the CPU. There is, of course, a virus
|| that attaches to this process and starts spinning wheels and makes
|| the use of the computer impossible. All I can do is to press the
|| "end process" button in Task Manager. The result is that then I can
|| use the computer but I loose the use of sound.
|| I have used Pc-cillin, Spyware, McCafee, Ad-aware to scan my
|| computer and all of them say my computer does not have a virus.
|| Is there a way to intercept the loading of processes and figure out
|| what is and where this parasite is? So far deleting all cookies,
|| deleting all Internet temporary files, deleting the MRU list does
|| not produce any results. I will appreciate any help very much.
||
|| =====================================================
||
|| Note: I use Windows XP professional.
|| After several responses that I appreciate very much, one of them
|| suggested to look into the registry, and these are the results:
|| There are only two entries in the registry for svchost, both under
|| HKEY_LOCAL_MACHINE.
|| In the second instance, it has an entry in the data side, netsvcs,
|| with a long list of probably sub-processes that this task (process)
|| handles. This list is so long, that I was not able to display, to
|| read or to select so that I can copy elsewhere for later analysis.
|| By now I am convinced that one of these sub-processes is the culprit
|| of the hogging. If this list can be displayed for study it will
|| determine the "bad guy". This bad guy can then be disabled, fixed,
|| repaired.
|| I will appreciate any further help very much.
Click to expand...
Click to expand...
 
R

Rock

Sharon Franks said:
Email this guy (e-mail address removed) he has an automated automatic fix tool
that will make all the changes for you and fix your problem.
Click to expand...

<snip>

Seems like someone is impersonating Sharon again. I wonder who that could
be? To the OP, I would avoid this advice.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SVCHOST taking up to 99% CPU 13
Svchost hogging the CPU up to 99% 3
SVCHOST file running 99% 7
svchost takes 99% of CPU 1
svchost.exe using 99% of CPU 9
Svchost using up all my cpu 21
svchost runs at 99% cpu 3
Auto updates, svchost and 99% CPU 4

Top