svchost.exe hogging my CPU - Page 3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: svchost.exe hogging my CPU

Thanks...it's a little clearer now - but to understand it better, I'll have
to experiment like you suggested with the Command Prompt.


Quoted text here. Click to load it



Re: svchost.exe hogging my CPU

David H. Lipman wrote:
Quoted text here. Click to load it

You know, I have mentioned Process Explorer to numerous posters in
various NG(s). It's only been twice in all that time that someone took
PE and was able to spot something. Those two were skilled professionals
that could tack down the culprit. One was a Web admin that used PE to
find malware, that everything she used couldn't find it. The other one
was a person who used PE to track down something MS had done to send
svchost.exe out of control.

Now, I am going back to watching Amreican Chopper. Paul Sr. and Jr. are
in another heated argument and are ready to kill each other on who has
control of the shop. ;-)

Duane :)

Re: svchost.exe hogging my CPU

I'm using PE and have found that svchost.exe is only in my system32 folder.
Also, all the processes associated with the out of control svchost are
legitimate.


Quoted text here. Click to load it



Re: svchost.exe hogging my CPU

-Nisko- wrote:
Quoted text here. Click to load it

That may not be so as malware can be made to look legit. However, you
may be right too that everything is legit.

You can go to the svchost.exe in question and right-click it and go to
Properties and look from there. You can look at the information on the
Thread tab and see what processes within the SVchost.exe is sucking the
CPU within SVChost.exe. You can also look around on some other tabs as
well, like the Service tab and see what services the svchost.exe is
hosting. The service tab told another poster as to what service that
made svchost.exe spin out of control with high CPU usage.

Duane :)

Re: svchost.exe hogging my CPU


Quoted text here. Click to load it

Please explain the thread tab - and how to use it.  I'm not familiar with it
yet.



Re: svchost.exe hogging my CPU

-Nisko- wrote:
Quoted text here. Click to load it

The thread tab shows how much a programs gets of the cpu usage and
processing time on the CPU. A program runs on a processing thread a
slice of time for program execution on the CPU.

An exe program hosts other programs such as DLL(s). In a case of
svchost.exe, it's a multi threaded hosting application, which means
svchost.exe runs on the main thread. However svchost.exe and other
programs exe like Explorer spawns child threads to allow other programs
they are hosting to run on their own thread,  while it runs.

An exe program may or may not host other programs such as DLL(s). An exe
program may or may not spawn child threads to allow other programs it is
hosting to run.

The Thread tab shows what program is getting processing time within
svchost.exe, how much cpu usage it's using and how much it's switching
between its thread and the thread the host exe is running on.

If you see high CPU usage and/or high Context Switching, that may be a
clue as to what is sucking up CPU usage within the host exe.

That's about as simple as I can explain it. ;-)

Duane :)


Re: svchost.exe hogging my CPU



| You know, I have mentioned Process Explorer to numerous posters in
| various NG(s). It's only been twice in all that time that someone took
| PE and was able to spot something. Those two were skilled professionals
| that could tack down the culprit. One was a Web admin that used PE to
| find malware, that everything she used couldn't find it. The other one
| was a person who used PE to track down something MS had done to send
| svchost.exe out of control.
|
| Now, I am going back to watching Amreican Chopper. Paul Sr. and Jr. are
| in another heated argument and are ready to kill each other on who has
| control of the shop. ;-)
|
| Duane :)

I was given as notebook with a nasty non-viral malware infection.

A DLL was hooked into Winlogon Notify and the key was protected by the malware.
Deleting
the key was useless as the DLL was able to recreate its self with a new name and
the kry was
altered to the new DLL upon reboot.

ProcessExplorer was able to find the DLL that was running and it allowed me to
kill that DLL
process which then allowed me to delete the Winlogon Notify key and to clean up
the
notebook.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: svchost.exe hogging my CPU


Quoted text here. Click to load it
It would help me learn a little more about how to use PE if you explained
the above process in more detail.  Thanks..



Re: svchost.exe hogging my CPU



| It would help me learn a little more about how to use PE if you explained
| the above process in more detail.  Thanks..
|

I can't.  That was over a year ago.  My ability to explain it would fall short
of my ability
to demonstrate it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: svchost.exe hogging my CPU

Quoted text here. Click to load it

I think I now understand what I have to do with PE to find the root cause of
svchost using so much of my CPU.  When I have the problem, I should open PE
and hover the cursor over the instance of svchost.exe that has the high
usage.  Doing this opens a popup (light yellow) window that shows all the
Services tied to it.  All I need to know now is how to see the CPU usage
associated with each Service - and I've found my culprit.  Assuming that
Service is on Automatic, I can then set it to Manual or Disable depending on
whether I need it or not.

1.  Can you instruct me on how to see the CPU usage for each Service?

2.  Next to each Service is a short definition and it tells what happens if
you disable it.  Is there another place I can go to get a better 'layman's'
description of each Service?

3.  If I set a Service to Manual, and a needed Service tries to start, does
a window pop up asking the user if he wants to start it?

Thanks..........



Re: svchost.exe hogging my CPU

I should have said that I'm learning a lot from ALL you guys!!!
Thanks........


Quoted text here. Click to load it



Re: svchost.exe hogging my CPU

On this special day, -Nisko- wrote:

Quoted text here. Click to load it

Maybe you are suffering from the same bugged component as "dewey" -
namely the script scanner of McAfee. Turn it off and check if it is
better.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away, just so,
at no cost.

Re: svchost.exe hogging my CPU

Thanks - but I don't understand what you mean by 'dewey' and the script
scanner.  Please tell me what to shut off and how to do it.  I have been
running McAfee for several years now.  This problem just appeared about a
week ago.



Quoted text here. Click to load it



Re: svchost.exe hogging my CPU

On this special day, -Nisko- wrote:

Quoted text here. Click to load it

He posted in alt.comp.anti-virus (see the subject "McAfee v11 is
killing my computer") and reported a similar problem. He identified the
McAfee script scanner (against malicious scripts in web pages and
mails) as the culprit, at least in *his* case.

I thought you had been hit by the same bug.

"peacekeeper" sent a reply to this thread, but sadly, it was below a
signature separator, which will make it invisibale to some readers. I'll
quote it here.


(quote)Just an Update a major patch is coming through this week . I have
seen the fixes and they cover most issues with vs11 and firewall.
including some installing annoyances Tony (end of quote)

HTH


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away, just so,
at no cost.

Re: svchost.exe hogging my CPU

Thanks...now I understand.  The McAfee scrip isn't causing my problem.


Quoted text here. Click to load it



Re: svchost.exe hogging my CPU


Quoted text here. Click to load it

Yes.  Dell Latitude.



Re: svchost.exe hogging my CPU

-Nisko- wrote:
Quoted text here. Click to load it
This is what I would do. It won't cost you a thing. Go to start\run.
Type in services.msc. Find the service called Automatic Updates. Change
the setting to disabled. Aplly setting. Now stop the service. Reboot the
computer and see if this fixes your problem. If it does, report back and
I'll explain what you need to do to update Windows for services patches,
etc.

Re: svchost.exe hogging my CPU

Quoted text here. Click to load it

OK, I did this and restarted.  Runs OK now - but the proof that the problem
is fixed will be over time.  What do I have to do to update Windows for
Service patches in the meantime?  Thank you.........



Re: svchost.exe hogging my CPU


Quoted text here. Click to load it

Well, Automatic Updates is Disabled and I just rebooted - same problem.  I
know some Service is trying to start over and over again and is using up my
CPU.  I just can't figure out what it is.  My only other recourse that I can
see is to set all my Automatic Services to Manual - one at a time - until
they are all Manual or I find the culprit.



Re: svchost.exe hogging my CPU



| Rather than piss around with trying to figure out why you're having the
| problems you are, you may wish to consider backing up your data and
| flatten and rebuild your system.

It may be prudent at this time !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline