SVCHOST running at 99%

  • Thread starter Thread starter Robert
  • Start date Start date
R

Robert

Hello,

I'm running w2k pro and when I open taskmanager it shows
the following svcs running:

system idle system explorer
smss csrss qttask
winlogon svchost cfd
services spoolsv olfsnt40
lsass packethsvc realplay
svdhost 3cmlink vptray
defwatch svchost tgcmd
mdm rtvscan ctfmon
nvsvc32 regsvc 3cshtdwn
winmgmt mstask taskmgr

svchost is constantly taking between 60-99% of my
processor. I checked for a couple of .dll files the
knowledgebase mentions, but I didn't have those on my
system. I also ran klez scan from symantec.

I'm running sp3 with 768mb ram and plenty of HD space
available.

Any suggestions?

Thanks!
- Rob
 
Go to McAfee and/or Trend and perform an online scan of your platform. The 'svchost' is the
target of many infectors.

Report back your results.

Dave



| Hello,
|
| I'm running w2k pro and when I open taskmanager it shows
| the following svcs running:
|
| system idle system explorer
| smss csrss qttask
| winlogon svchost cfd
| services spoolsv olfsnt40
| lsass packethsvc realplay
| svdhost 3cmlink vptray
| defwatch svchost tgcmd
| mdm rtvscan ctfmon
| nvsvc32 regsvc 3cshtdwn
| winmgmt mstask taskmgr
|
| svchost is constantly taking between 60-99% of my
| processor. I checked for a couple of .dll files the
| knowledgebase mentions, but I didn't have those on my
| system. I also ran klez scan from symantec.
|
| I'm running sp3 with 768mb ram and plenty of HD space
| available.
|
| Any suggestions?
|
| Thanks!
| - Rob
 
You could have a worm. Worms get by the antivirus s/w by
replacing legitimate system files such as svchost with
their files. I have found several worms after seeing
high cpu utilization for "innocuous" tasks. Run
antivirus scan on your winnt system32 directory.
 
Hi Dave,

I ran the online scan from Trend - it found 3 infected
files and a worm - it cleaned them all. While I was
connected doing the scan, right after it found
the "nachia" worm - the system started to perform
normally. When I rebooted, the same problem happened
again. I am now re-running the scan. Is it possible that
something other than a virus is causing this problem?

Thanks for your help!
- Rob

-----Original Message-----
Go to McAfee and/or Trend and perform an online scan of
Click to expand...
your platform. The 'svchost' is the
 
Rob:

You have to patch the system for the RPC/RPCSS Buffer Overflow Vulnerability....

http://support.microsoft.com/default.aspx?scid=kb;en-us;824146

This will prevent re-infection. A good AV package is a MUST !

Dave



| Hi Dave,
|
| I ran the online scan from Trend - it found 3 infected
| files and a worm - it cleaned them all. While I was
| connected doing the scan, right after it found
| the "nachia" worm - the system started to perform
| normally. When I rebooted, the same problem happened
| again. I am now re-running the scan. Is it possible that
| something other than a virus is causing this problem?
|
| Thanks for your help!
| - Rob
|
|
| >-----Original Message-----
| >Go to McAfee and/or Trend and perform an online scan of
| your platform. The 'svchost' is the
| >target of many infectors.
| >
| >Report back your results.
| >
| >Dave
| >
| >
| >
| message
| >| >| Hello,
| >|
| >| I'm running w2k pro and when I open taskmanager it
| shows
| >| the following svcs running:
| >|
| >| system idle system explorer
| >| smss csrss qttask
| >| winlogon svchost cfd
| >| services spoolsv olfsnt40
| >| lsass packethsvc realplay
| >| svdhost 3cmlink vptray
| >| defwatch svchost tgcmd
| >| mdm rtvscan ctfmon
| >| nvsvc32 regsvc 3cshtdwn
| >| winmgmt mstask taskmgr
| >|
| >| svchost is constantly taking between 60-99% of my
| >| processor. I checked for a couple of .dll files the
| >| knowledgebase mentions, but I didn't have those on my
| >| system. I also ran klez scan from symantec.
| >|
| >| I'm running sp3 with 768mb ram and plenty of HD space
| >| available.
| >|
| >| Any suggestions?
| >|
| >| Thanks!
| >| - Rob
| >
| >
| >.
| >
 
Back
Top