svchost

[Guest]

Why are there 14 instances of svchost running on vista home basic?
Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/ It
first started with automatic update which I disabled . Then I suspected
Windows Defender and stopped that. Now when I try to manually update windows
the same thing happens. Frustating is not a strong enough word. Is there
anything I can do about this and still be able to update windows.

 

[Jabez Gan [MVP]]

Hi Rose,

Download and use Process Explorer to check what service is actually taking
up the resources.

Process Explorer:
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

 

[Andrew McLaren]

Why are there 14 instances of svchost running on vista home basic?
Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
It
first started with automatic update which I disabled . Then I suspected
Windows Defender and stopped that. Now when I try to manually update
windows
the same thing happens. Frustating is not a strong enough word. Is there
anything I can do about this and still be able to update windows.

Hi Rose,

In addition to Jabez's good reply ... "svchost.exe" is the generic service
container or "hosting" process, in Windows. Many services do not run as
processes in their own right; rather, they are hosted within an instance of
the generic svchost.exe. So, it is normal to see multiple instances of this
process running on a system.

However, it is not normal to have excess CPU utilisation. To see what
services are running in which instances of svchost.ese, go to a command
pormpt and run this command:

C:\>tasklist /svc

This will show you all running processes, along with the service names of
each service running inside each process. If you can match up the Process ID
of the svchost which is using excess CPU,with the services listed by
Tasklist, this will help you identify the particular service using up the
CPU.

Hope it helps,

 

[Mr. Arnold]

Why are there 14 instances of svchost running on vista home basic?
Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
It
first started with automatic update which I disabled . Then I suspected
Windows Defender and stopped that. Now when I try to manually update
windows
the same thing happens. Frustating is not a strong enough word. Is there
anything I can do about this and still be able to update windows.

Svchost.exe is the messenger for the O/S programs and non O/S programs.
Svchost.exe as part of its name implies host other programs. Svchost does
nothing on its own. It always does the bidding for other programs and only
provides the means for them to do something. Yes, multiple Svchost.exe(s)
can be running.

So, with that said, malware can use Svchost.exe on its behalf too, to
communicate and do things.

You can use something like Process Explorer to see what a given Svchost.exe
is hosting.

In PE, you go to Menu/View/Show Show Lower Pane/Show all Dll(s) and PE will
show everything a Svchost.exe or any program you see running and what that
program is hosting.

You can right-click a line in the upper pane for a running process and go to
Properties, where you'll see all the tabs where can get more information
about a running program. You can right-click in the lower-pane too to see
the properties of a program that is being hosted by a running program in the
upper pane.

You might not have malware running on the machine, but with the proper tools
you should be able to look around and see what is happening.

Note: If Svchost.exe is not running out of the Windows/System32 folder, then
it is a Trojan.

You can use CurrPorts (free) that does the same thing as Active Ports. AP
doesn't run on Vista.

Use the tools in the link and go look for yourself as to what is running on
the machine.

<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

 

[Guest]

Thank you all ,especially Mr. Arnold. With all of this information I should
be able to solve this annoying problem.