svchost.exe eating up cpu (99%)

[paulC1986]

hi guys me posting agen lol i have a problem that i think is quite common with windows xp sp2  every so often for no apparent reason one of the svchost.exe processes running in task manager window is really hammering my cpu and makes it impossible to do anything else until its finished doing whatever it is its doing. now my mate says that svchost.exe is a service host and aloows many other vital windows processes to function such as sound etc. combined with my low internet speed is this a virus? is there any way i can  look into whats is using the host and see if the process is legit eg windows update or summat?

my specs are

amd sempron 2400+

512 ddr ram (400mhz)

3dfx nvidia geforce 6200 pci graphics card( a b*tch to get working)

d-link gigabit ethernet card

running windows xp sp2

(yes i know its rubbish but i am a poor student who wastes his money on partying lol)

[Junerian]

Hmmm almost sounds like a virus but I'm not sure someone else ere can help you out though I'm sure. Try running a virus scan is my only advice 

[paulC1986]

dammit lol its times like this i wish id bought a mac............. just kidding lol

[Voltageman]

Sounds like a virus/trojan/spyware...

If you boot into safe mode, does it still use the same resources?

Try running multiple online scans if you can.  It is possible whatever virus/trojan you have may not be detected by your AV, or it has disabled it somehow.

http://www.sysinfo.org/startuplist.php?filter=svchost.exe Check that link out, if may help you better determine the problem.

[paulC1986]

cheers again, difficult to tell as it only happens periodically thx for article link:)

[ShankeD]

Is the process running from the system32 folder. If its not then you probably want it off your system.

[paulC1986]

im not quite sure how u do that

do ineed a thrid party program to look cos i can onlysee the task manager details

[paulC1986]

interestingly i have just plugged into a different socket on the router and i am now running faster. however i am in safe mode so any trojan/spyware/viruses wont be running. so my svchost doesn't glitch. hmm ill post again with speed in normal running mode

heres my safemode stats  Your connection is: 512 Kbps or 0.5 Mbps

You downloaded at: 63 kB/s

You are running: 9 times faster than 56K and can download 1 megabyte in 16.25 second(s)

Member Ident:Username:paulC1986 CompID:7535454292

Test Time:: 2007/05/08 - 6:05pm

Test Browser and OS info: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

Test ID: GUX9VW364 (if this is a screenshot go to testmy.net to see if this is fake)

Diagnosis ^info^: May need help : running at only 18.98 % of your hosts average (ntl.com)

This was tested from a 579 kB file and took 9.265 seconds to complete

[paulC1986]

ive got the bugger!!! right i installed process explorer to examine the process tree of  the svchost.exe in question(luckilly it was running at 99percent  cpu so i found the right one. the pid of the svchost in question is PID1396.

the sub processes running within it are all from system 32 and are all legit processes, i checked by disabling the process, my theme  went back to  a very retro looking windows and a few other things went wrong

coz id just killed processes that were needed. there is one process path cwindowspchealthhelpctrpchsvc.dll  im fairly certain this is the culprit and was wondering if anyone has any idea how i get rid of it do i delete  or what?

[paulC1986]

scratch that i think if got it  i was reading around and it appears that this is the reusult of a memory leak  the hostile thread is ntdll.dll!RtlAllocateHeap+0x18c

i also read that this is a normal sytem thread related to windows update , solution disable windows updates. i will keep my eyes open for a patch fix and let you guys know from here

[organ_shifter]

svchost.exe stresses the cpu when looking for updates. It's a common thing and is very noticeable on single core cpu's. It also uses a hefty amount of RAM when doing so.

Normally, if you have updates set to "Check for updates but let me choose whether to download or install them", it performs the task when you first boot up your system.

If you have updates set to "Install updates automatically (recommended)", it checks on boot up as well as the schedule you have specified.

Note: Be sure that the process isn't scvhost.exe (notice it's scv not svc). I was infected with that virus before and just decided to format/fresh install. It was very annoying and hard to get rid of.

[paulC1986]

thanks for all the help guys top site i will be spreading the good word

[ghostmaster]

Thread revival,

just to let you know, MS released a fix for this problem today.  We discovered it happening in our building, I had to reimage 4 computers yesterday because of it, only for MS to release this update today. crap...

http://support.microsoft.com/kb/927891

[ghostmaster]

I can confirm that this update seems to work.  So far so good...