Inusual activity from" svchost.exe"

  • Thread starter Thread starter Hugo Vandenbroele
  • Start date Start date
H

Hugo Vandenbroele

I made an upgrade of the firmware of my Linksys router (WRT54G). I
experienced two problems:
1.- a problem of low connection speed that I could solve with a tip of the
Cisco-Linksys site (adapting the MTU=maximum transmission unit to 1450)
2.- a increased activity on the internet, without any connection,
especifically an increase on the "svchost.exe activity (Generic Host process
for Win32 Services). I have continuously an activity of download and or
upload on the internet of +/- 25 kbps. With Zone Alarm Pro I detected that
it was this process and with DUMeter I measured this value.
I have installed apart from the Zone Alarm Pro the Norton AV 2004 both
updated to the latest situation.
I never before saw this activity. I run the AV scan without any problems.
I installed the WXP SP2 recently without any problems.
Is this normal?
 
You really should NOT have to modify the MTU on a Router unless you are on DSL and using
PPPoE. Then the MTU value should be set to 1492.

I also suggest that you set the Advanced page ( often http://192.168.1.1/Filters.htm ) to
block both TCP and UDP ports 135~139 and 445.

If the following finds infectors and cleans them, I suggest restoring your MTU value on the
Router.

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt202.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html


* * * Please report your results ! * * *

Dave






| I made an upgrade of the firmware of my Linksys router (WRT54G). I
| experienced two problems:
| 1.- a problem of low connection speed that I could solve with a tip of the
| Cisco-Linksys site (adapting the MTU=maximum transmission unit to 1450)
| 2.- a increased activity on the internet, without any connection,
| especifically an increase on the "svchost.exe activity (Generic Host process
| for Win32 Services). I have continuously an activity of download and or
| upload on the internet of +/- 25 kbps. With Zone Alarm Pro I detected that
| it was this process and with DUMeter I measured this value.
| I have installed apart from the Zone Alarm Pro the Norton AV 2004 both
| updated to the latest situation.
| I never before saw this activity. I run the AV scan without any problems.
| I installed the WXP SP2 recently without any problems.
| Is this normal?
|
|
 
Dave

I tried all the solutions but without results.
My sistem is virusclean protected with Norton Antivirus, ZoneAlarmPro and
Adaware.All up to dated but the problem remains.
I have constantly an activity of the svchost.exe files (7 items) with a data
transfer measured of +/- 20 kbps.
On the other end my systems seems working normally but......
I will contact my ISP to see if they cahnged something.
regards

Hugo
 
Back
Top