It is currently Mon Aug 21, 2017 12:01 am


svchost

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

svchost

Postby robym6 » Mon May 19, 2014 5:02 am

I've recently noticed that one or a few svchost.exe instances have been eating up a significant amount of memory and CPU. Could this be a symptom of malware? I've run a malwarebytes full scan and have realtime mcafee AV protection with nothing being detected, so maybe I'm just being paranoid?

I've gone through the services window and disabled anything that I could determine is unnecessary.
User avatar
robym6
Senior Geek
Senior Geek
 
Posts: 118
Joined: Tue May 25, 2004 1:00 am
Location: California

Thanks given:1
Thanks received:0
Top

Re: svchost

Postby Gecko » Mon May 19, 2014 11:54 am

The most common reason for svchost.exe to be using lots of memory and/or CUP is windows update. The second most common reason is Windows registry having too many invalid entries and broken shortcuts. Malware/virus infection is the third most common reason.

I would suggest that you first try to manually run a windows update check at http://update.microsoft.com/microsoftupdate if that doesn't resolve the problem then we can look into the registry and malware.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: svchost

Postby robym6 » Tue May 20, 2014 8:16 am

No important updates, only two optional updates--bing bar and bing desktop--that I don't want to install.

Occasionally, Data Execution Prevention stops one of the svchost processes if that's important to know...
User avatar
robym6
Senior Geek
Senior Geek
 
Posts: 118
Joined: Tue May 25, 2004 1:00 am
Location: California

Thanks given:1
Thanks received:0
Top

Re: svchost

Postby Gecko » Tue May 20, 2014 2:51 pm

robym6,

The Data Execution Prevention brings up other possibilities into the mix and a couple of questions.

What version of windows are you running?
Did you install any new programs around the time this started?
Do you notice any program that doesn't work after the Data Execution Prevention?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: svchost

Postby robym6 » Wed May 21, 2014 3:29 am

Vista Home Premium SP2

Adobe Flash Player 13 Plugin, Adobe Reader X (10.1.10), LAME v3.99.3 (mp3 encoder for Audacity), Microsoft Office File Validation Add-In, and ToneSync for Windows are the most recently installed programs. I've attached the list.

I noticed that Perk Desktop Rewards is in the startup list; I've disabled it, but it doesn't show up in the Programs and Features list.

I do not notice anything that stops working after the Data Execution Prevention.
Attachments
program list.jpg
program list.jpg (133.85 KiB) Viewed 6584 times
User avatar
robym6
Senior Geek
Senior Geek
 
Posts: 118
Joined: Tue May 25, 2004 1:00 am
Location: California

Thanks given:1
Thanks received:0
Top

Re: svchost

Postby Gecko » Wed May 21, 2014 2:28 pm

First lets see if there is any information about the Faulting application in the Event Viewer.
Open Event Viewer by clicking the Start button, clicking Control Panel, clicking System and Maintenance, clicking Administrative Tools, and then double-clicking Event Viewer.
Once in the Event Viewer click on Applications on the left and look for any red or yellow icons, double click them to see the details. Copy the first paragraph in the description section of the error or warning details into your next reply.

I looked into the Perk Desktop Rewards reference but there is not a lot of information out there, some sites say it's a trojan others say it for monitoring your internet connection.
Have you run a full scan with McAfee?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: svchost

Postby robym6 » Thu May 22, 2014 9:52 am

I've gone into the event viewer and clicked on application which is under windows logs. The most recent 4 errors (red icons) are:
The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

The next is a warning (yellow icon):
wuaueng.dll (724) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 276074496 (0x0000000010749000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (19340 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Then there are many errors with bonjour service with varying descriptions such as:

Task Scheduling Error: m->NextScheduledSPRetry 6661
Task Scheduling Error: m->NextScheduledEvent 6661
Task Scheduling Error: Continuously busy for more than a second

Then there is this:
Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x2a425e19, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x005a8378, process id 0xfd4, application start time 0x01cf73fa5ded1fd5.

and this:
Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x2a425e19, faulting module Flash32_12_0_0_77.ocx, version 12.0.0.77, time stamp 0x5314f58e, exception code 0xc0000005, fault offset 0x005b1cf2, process id 0x1910, application start time 0x01cf73d7a84ecd35.

There are many others but these are the most recent in the last couple days.
User avatar
robym6
Senior Geek
Senior Geek
 
Posts: 118
Joined: Tue May 25, 2004 1:00 am
Location: California

Thanks given:1
Thanks received:0
Top

Re: svchost

Postby Gecko » Thu May 22, 2014 1:17 pm

The wuaueng.dll is a module belonging to Microsoft Windows Update. Perhaps reregistering the .dll will solve the problem.
To register the Wuaueng.dll file, follow these steps:
1. Click Start, click Run, type regsvr32 Wuaueng.dll, and then click OK.
2. When you receive the following message, click OK:
DllRegisterServer in Wuaueng.dll succeeded.

Also the exception code 0xc0000005 in the other errors is often related to bad ram.
Try downloading and running Memtest86 to test your ram.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: svchost

Postby robym6 » Fri May 30, 2014 8:33 am

Sorry for the delay, I finally got around to doing this. I re-registered the .dll file but didn't notice anything change. I downloaded Memtest86 and ran it, no errors were found. Having restarted my computer after running Memtest86, I don't seem to see the svchost.exe instances hogging memory or cpu.
User avatar
robym6
Senior Geek
Senior Geek
 
Posts: 118
Joined: Tue May 25, 2004 1:00 am
Location: California

Thanks given:1
Thanks received:0
Top

Re: svchost

Postby Gecko » Fri May 30, 2014 8:51 pm

Glad it's not happening anymore.
Maybe it was the registering the dll and it took a reboot to resolve it, don't know as log as it's fixed
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 3 guests

cron