L
liu
I'm puzzled by the behavior of one svchost.exe process on my Windows
XP. It takes over CPU power (99%) when the system starts each time.
The memory usage is 70MB and after 3-5 minutes, it gives the CPU uage
back to the system. Then, in the middle of my using the PC, it would
take over the XP again, and the memory usage would increase to ~100MB
and CPU increases to above 90% to 99%. Basically the system halts for
another 5 or so minutes, then it releases the CPU and memory goes back
to ~70MB. If I stop the process, the audio would stop working (and
maybe some others).
By typing "tasklist /svc >c:\tasklist.txt, I got :
lsass.exe 1264 PolicyAgent, ProtectedStorage,
SamSs
svchost.exe 1444 DcomLaunch,
TermService
svchost.exe 1492
RpcSs
svchost.exe 1648 AudioSrv, BITS, Browser, CryptSvc,
Dhcp,
dmserver, ERSvc, EventSystem,
helpsvc,
HidServ, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, Schedule,
seclogon,
SENS, SharedAccess,
ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time,
winmgmt,
wscsvc, wuauserv,
WZCSVC
The last one seems to be the process in question. I checked by the
processors, and then look legit.
What is going on the background? How can I figure out what it is
doing? There has to be some kind of spyware/malware doing something in
the background.
Thanks for the help,
liu
XP. It takes over CPU power (99%) when the system starts each time.
The memory usage is 70MB and after 3-5 minutes, it gives the CPU uage
back to the system. Then, in the middle of my using the PC, it would
take over the XP again, and the memory usage would increase to ~100MB
and CPU increases to above 90% to 99%. Basically the system halts for
another 5 or so minutes, then it releases the CPU and memory goes back
to ~70MB. If I stop the process, the audio would stop working (and
maybe some others).
By typing "tasklist /svc >c:\tasklist.txt, I got :
lsass.exe 1264 PolicyAgent, ProtectedStorage,
SamSs
svchost.exe 1444 DcomLaunch,
TermService
svchost.exe 1492
RpcSs
svchost.exe 1648 AudioSrv, BITS, Browser, CryptSvc,
Dhcp,
dmserver, ERSvc, EventSystem,
helpsvc,
HidServ, lanmanserver,
lanmanworkstation,
Netman, Nla, RasMan, Schedule,
seclogon,
SENS, SharedAccess,
ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time,
winmgmt,
wscsvc, wuauserv,
WZCSVC
The last one seems to be the process in question. I checked by the
processors, and then look legit.
What is going on the background? How can I figure out what it is
doing? There has to be some kind of spyware/malware doing something in
the background.
Thanks for the help,
liu