Hi / Bonjour *Timmay* :
Just recently I opened the task manager in Windows XP Professional to close
an unresposive program and I noticed that my CPU usage was not what it was
supposed to be (it is supposed to be next to none if nothing was going). I
checked all of my processes and I know what they all are and they are all
supposed to be running, but I noticed that one of the svchost.exe's and the
System process were still taking up cpu time even though I was not doing
anything, and my cpu usage was going between about 10% and 30%. I have done
multiple scans for spyware, adware, viruses. I have checked my USB devices
and they are not the cause. I am not a newbie at this, so I know what I am
doing and I have not seen this before. Any input would be helpful.
svchost or somethings like scvhost ???
Note - the real svchost do not appear in Msconfig/Startup
Startup name Process name Comment
scvhost svzhost.exe Add by a variant of SPYBOT worm !
scvhost.exe scvhost.exe Add by the trojan LOHAV-N!
Service Host svchost.exe Add by the TORVEL worm!
Service Host Driver svchost.exe Add by the trojan HITON!
Service Process SVCHOST.EXE Add by the virus DARKER!
etc.
You can have a better control of what's running in your PC with
Process Explorer :
http://www.sysinternals.com/Utilities/ProcessExplorer.html
Please note that if Heinz have 57 varieties ,W xp sp2 have 7 varieties of svchost :
C:\WINDOWS\System32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k DCOMLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
Those ones are mandatories :
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
then:
C:\WINDOWS\system32\svchost -k HTTPFilter
correspond to HTTP SSL service
C:\WINDOWS\system32\svchost -k LocalService
corrrespond to services such as WebClient
C:\WINDOWS\system32\svchost -k Network Service
correspond to services such as Client DNS
C:\WINDOWS\System32\svchost.exe -k imgsvc
correspond to Windows Image Acquisition (WIA)
For services configuration :
http://www.theeldergeek.com/services_guide.htm
Some links for security check up :
A )"Mini- antivirus" to be runned in safe mode:
1-TrendMicro : disable your AV before.
The "sysclean":
http://www.trendmicro.com/download/dcs.asp
+
The virus patterns :
http://www.trendmicro.com/download/pattern.asp
Put them in the same folder and launch the program.
2-Stinger :
http://vil.nai.com/vil/stinger/
3-Avast cleaner :
http://www.avast.com/eng/avast_cleaner.html
4-MS:
http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=fr
5-Kaspersky:
ftp://ftp.kaspersky.ru/utils/clrav.com
6-Anti Root-Kits
F-Secure (beta)
http://www.f-secure.com/blacklight/
B) Online scan:
1-Anti-trojan:
http://www.windowsecurity.com/trojanscan/
2-Anti-spy:
http://www.spywareguide.com/txt_onlinescan.html
http://store.ca.com/dr/v2/ec_main.e...lient=ComputerAssociates&sid=35715&CID=181432
3-Anti-virus:
www.trendmicro.com
No more idea.
Let us know.
--
Claude LaFrenière [MVP]
«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on / Bientôt sur
www.msmvps.com