May 042011
 

SVCHost running at near 100%One of the office computers, an XP Pro system, started having problems last week locking up, usually right after starting internet explorer or bringing a running program to the foreground. We would pull up task manager and see that one of the svchost.exe processes was using nearly 100% of cpu cycles. If this process was killed then the computer would once again become usable except that killing svchost.exe has side effects. Many programs tuck their processes into svchost so killing it doesn’t just solve the problem, it will also cause other active programs to lock up when bring them to the foreground later.

I finally sat down to see if I could fix this problem. A preliminary Google search showed that Windows updater is a common cause of this problem. I tried a couple of the fixes with no luck, so started from scratch to examine the problem. The first thing I noticed is that somehow this computer is not running Microsoft Security Essentials (MSE). We run MSE as our antivirus program on our XP machines. I must have missed installing it on this computer. The quick scan brings up 2 viruses right away, Rogue:Win32/FakeYak and Trojan:DOS/Alureon.A.

Rogue:Win32/FakeYak was easily removed by MSE but Trojan:DOS/Alureon.A was immune to it. A Google search had multiple sites suggesting TDSS Rootkit Removing Tool (TDSSKiller.exe) from Kaspersky Labs. Sure enough, TDSSKiller made quick work of the virus. Running MSE again found and removed a third virus, TrojanDownloader:Win32/Karagany.A.

The only remaining oddity is that internet explorer will not pull up any website, displaying the error message, “”. I ran ipconfig and noticed that there were no dns servers listed. I checked proxy servers, none. I then checked the network settings, sure enough, the box was selected to specify dns servers but none were listed. Quick fix.

Hopefully this is then end of it. And time to make sure MSE is running on all the machines.

  3 Responses to “SVCHost.exe Stealing CPU Cycles – Slows Computer to Crawl”

  1. gary, I found this a couple of years ago, I had to kill it all the time on my laptops. do you know what it is?

  2. There are typically two causes for this:

    1. Unpatched XP box (really really unpatched) as this was a known bug from Microsoft and was fixed later in an update.

    2. Virus – which is more than likely if you have an XP computer with that many missing patches. Combofix, a program from BleepingComputer is amazing.

  3. Give me a call when you get bored, Tech Guy Gary… I need your tech help trying to figure out something here in my office. (Seriously – I was going to call yesterday but was slammed and didn’t get to it.) Thanks!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)