svchost !! performance performance ,

[magj]

Hi!

I have installed SP2 on my laptop,
After that, Every time I Connect or Disconnecting to/from the internet my
computer SLOWS DOWN TO DEATH for about 1-2 mins. Nothing works except
programs that already are open, Even Taskmanager (Ctrl+Alt+Del) it appears
after 2 min.s -

This Happens EveryTIME and I checked that nothing's wrong ,

in the process section of TaskManager I see a SVCHOST process that USES the
whole CPU for more than 90 seconds during this time everything IS Frozen
Specially Taskbar .
How do I know which Service is doing what?!!

There is no fragmentation. Pagefile, Ram Shortage or such a problem
(Diskeeper (r)....... - less than 60% of Pagefile used - more than 50% of
ram is free)


Any help would be appreciated,
Thanks in Advanced

 

[David H. Lipman]

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt345.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point



* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html







| Hi!
|
| I have installed SP2 on my laptop,
| After that, Every time I Connect or Disconnecting to/from the internet my
| computer SLOWS DOWN TO DEATH for about 1-2 mins. Nothing works except
| programs that already are open, Even Taskmanager (Ctrl+Alt+Del) it appears
| after 2 min.s -
|
| This Happens EveryTIME and I checked that nothing's wrong ,
|
| in the process section of TaskManager I see a SVCHOST process that USES the
| whole CPU for more than 90 seconds during this time everything IS Frozen
| Specially Taskbar .
| How do I know which Service is doing what?!!
|
| There is no fragmentation. Pagefile, Ram Shortage or such a problem
| (Diskeeper (r)....... - less than 60% of Pagefile used - more than 50% of
| ram is free)
|
|
| Any help would be appreciated,
| Thanks in Advanced
|
| --
| Regards,
| Sincerely,
| magj
|
|

 

[magj]

hi!
Dear David,

Thanks for your help but a question:
I have Mcafee(r) with up to date VD.
Spybot Search&destroy

is it possible to be a parasite or such an stuff ?

thanks in advance for your help

--
Regards,
Sincerely,
magj

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt345.zip

Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM .

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of
your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform
using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore
preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point



* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html







| Hi!
|
| I have installed SP2 on my laptop,
| After that, Every time I Connect or Disconnecting to/from the internet
my
| computer SLOWS DOWN TO DEATH for about 1-2 mins. Nothing works except
| programs that already are open, Even Taskmanager (Ctrl+Alt+Del) it
appears
| after 2 min.s -
|
| This Happens EveryTIME and I checked that nothing's wrong ,
|
| in the process section of TaskManager I see a SVCHOST process that USES
the
| whole CPU for more than 90 seconds during this time everything IS Frozen
| Specially Taskbar .
| How do I know which Service is doing what?!!
|
| There is no fragmentation. Pagefile, Ram Shortage or such a problem
| (Diskeeper (r)....... - less than 60% of Pagefile used - more than 50%
of
| ram is free)
|
|
| Any help would be appreciated,
| Thanks in Advanced
|
| --
| Regards,
| Sincerely,
| magj
|
|

 

[David H. Lipman]

Yes. SVCHOST is the target of many infectors. Both viral and non-viral.

What is the version of McAfee ?
What is the ENGINE version ?
What is the DAT revision ?

--
Dave




| hi!
| Dear David,
|
| Thanks for your help but a question:
| I have Mcafee(r) with up to date VD.
| Spybot Search&destroy
|
| is it possible to be a parasite or such an stuff ?
|
| thanks in advance for your help
|
| --
| Regards,
| Sincerely,
| magj

 

[Guest]

EVERYTHING is possible.

Spyware/Virus Removal and Prevention:
http://www.fixyourwindows.com/windowsxpsolutions.htm
(Links to online virus scans on the same page)

Good Luck!

 

[magj]

Hi

Version 8.0 build 8.0.41
engine version: 4.4.0
DAT version: 4.0.4418 (created 1/5/2005)

thanks in advance for your help

 

[Miss Mae]

I thought svchost.exe files were legit processes and that scvhost.exe was
the worm to lookout for.

Are these being confused here or am I missing something?

 

[David H. Lipman]

You missed something.

SVCHOST.EXE is the target of many infectors using that name. Either to directly infect the
MS version or place the same named file, which is in fact a Trojan, in a different
directory.

The other fact is that many infectors, viral and non-viral, mill use altered versions of
this name.

If the platform is a Win9x/ME platform and you have the file SVCHOST.EXE then that Win9x/ME
PC "is" infected.

On NT based platforms you can't be sure if it is legitimate or not so it is *better* to be
prudent if SVCHOST.EXE appears to be acting "funny".

--
Dave




| I thought svchost.exe files were legit processes and that scvhost.exe was
| the worm to lookout for.
|
| Are these being confused here or am I missing something?
| --
| Miss Mae
|
| | > Yes. SVCHOST is the target of many infectors. Both viral and non-viral.
| >
| > What is the version of McAfee ?
| > What is the ENGINE version ?
| > What is the DAT revision ?
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | hi!
| > | Dear David,
| > |
| > | Thanks for your help but a question:
| > | I have Mcafee(r) with up to date VD.
| > | Spybot Search&destroy
| > |
| > | is it possible to be a parasite or such an stuff ?
| > |
| > | thanks in advance for your help
| > |
| > | --
| > | Regards,
| > | Sincerely,
| > | magj
| >
| >
|
|

 

[magj]

Hi


As Dave told, svchost is Generic Host Process for Win32 Services, if you
check the processes which are already running or your system you will see
many svchost's if you are running an NT based system (xp,2000)

but my problem is that I don't know if there is a way to find out each
SVCHOST is exactly which service,

thanks for your attention

--
Regards,
Sincerely,
magj

 

[magj]

I tried to check which service is running on svchost By checking the Process
ID of that or by other means but got nothing useful
I checked to see which process has started this Process tried to shutdown
all the services to see which is that service which is Consuming my
resources

is there anyway to FIND OUT that this SVCHOST is which service? using
process ID , threads or ....?!

thanks in advance,

 

[magj]

Hi

Version 8.0 build 8.0.41
engine version: 4.4.0
DAT version: 4.0.4418 (created 1/5/2005)

thanks in advance for your help

 

[David H. Lipman]

The DAT files are slightly out of date as Wednesday v4419 was posted. However, I think that
plays very little in this discussion.

--
Dave




| Hi
|
| Version 8.0 build 8.0.41
| engine version: 4.4.0
| DAT version: 4.0.4418 (created 1/5/2005)
|
| thanks in advance for your help
|
| --
| Regards,
| Sincerely,
| magj
|
|
|
| | > Yes. SVCHOST is the target of many infectors. Both viral and non-viral.
| >
| > What is the version of McAfee ?
| > What is the ENGINE version ?
| > What is the DAT revision ?
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | hi!
| > | Dear David,
| > |
| > | Thanks for your help but a question:
| > | I have Mcafee(r) with up to date VD.
| > | Spybot Search&destroy
| > |
| > | is it possible to be a parasite or such an stuff ?
| > |
| > | thanks in advance for your help
| > |
| > | --
| > | Regards,
| > | Sincerely,
| > | magj
| >
| >
|
|

 

[magj]

now It just updated the DAT to 4.0.4419 - 1-12-2005


Regards
magj

 

[David H. Lipman]

None that I no of :-(

However that does not mean that a method does not exist.

--
Dave




|
| I tried to check which service is running on svchost By checking the Process
| ID of that or by other means but got nothing useful
| I checked to see which process has started this Process tried to shutdown
| all the services to see which is that service which is Consuming my
| resources
|
| is there anyway to FIND OUT that this SVCHOST is which service? using
| process ID , threads or ....?!
|
| thanks in advance,
|
|
| --
| Regards,
| Sincerely,
| magj
|
|
|
|
|
|
| | > You missed something.
| >
| > SVCHOST.EXE is the target of many infectors using that name. Either to
| > directly infect the
| > MS version or place the same named file, which is in fact a Trojan, in a
| > different
| > directory.
| >
| > The other fact is that many infectors, viral and non-viral, mill use
| > altered versions of
| > this name.
| >
| > If the platform is a Win9x/ME platform and you have the file SVCHOST.EXE
| > then that Win9x/ME
| > PC "is" infected.
| >
| > On NT based platforms you can't be sure if it is legitimate or not so it
| > is *better* to be
| > prudent if SVCHOST.EXE appears to be acting "funny".
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | I thought svchost.exe files were legit processes and that scvhost.exe
| > was
| > | the worm to lookout for.
| > |
| > | Are these being confused here or am I missing something?
| > | --
| > | Miss Mae
| > |
| > | | > | > Yes. SVCHOST is the target of many infectors. Both viral and
| > non-viral.
| > | >
| > | > What is the version of McAfee ?
| > | > What is the ENGINE version ?
| > | > What is the DAT revision ?
| > | >
| > | > --
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | hi!
| > | > | Dear David,
| > | > |
| > | > | Thanks for your help but a question:
| > | > | I have Mcafee(r) with up to date VD.
| > | > | Spybot Search&destroy
| > | > |
| > | > | is it possible to be a parasite or such an stuff ?
| > | > |
| > | > | thanks in advance for your help
| > | > |
| > | > | --
| > | > | Regards,
| > | > | Sincerely,
| > | > | magj
| > | >
| > | >
| > |
| > |
| >
| >
|
|

 

[coolhand2005]

Thank you, magj and David, for clearing this up for me. I hope you find
a solution to your computer's sluggish performance magj!