svchost.exe consuming 100% of system resources

[aceman817]

i have a system where svchost is consuming 100% of resources. even in safe mode. i tried scanning with mcafee's stinger which found nothing and i am doing a full virus scan now. the system has minimal spyware. any suggestions?

 

[Zolty]

minimal spyware is still spyware, you should get rid of it. The SVChost.exe has to do with your pc communicating on the internet. Also if you are using any bit torrent/ file sharing programs shut them down.

 

[amdskip]

What about this:

I have seen this on 2 computers now. Both xp home, one with sp2, one without. Both had Mcafee installed and up to date.

The virus has svchost.exe running at 50-100%, the XP start menu and taskbar are just gone. The computer thinks it is in safe mode so the windows installer won?t work. Mcafee is corrupted and will not run. You can still get to the start menu by tab and hitting enter. Copy and paste doesn?t work on the machines. Any ideas?

 

[aceman817]

amdskip,

my system also has mcafee install and the windows installer won't work. no viruses were found with avg and all the spyware is gone at this point.

 

[mechBgon]

Originally posted by: amdskip
What about this:

I have seen this on 2 computers now. Both xp home, one with sp2, one without. Both had Mcafee installed and up to date.

The virus has svchost.exe running at 50-100%, the XP start menu and taskbar are just gone. The computer thinks it is in safe mode so the windows installer won?t work. Mcafee is corrupted and will not run. You can still get to the start menu by tab and hitting enter. Copy and paste doesn?t work on the machines. Any ideas?

McAfee has a manual command-line scanner, here's instructions how to use it: link No installation needed. It doesn't provide real-time protection but it could help clean and diagnose. You can type the command string manually since copy & paste aren't working.

Another idea would be to slave the infected drive into another system and lower the boom on it from there. You would probably want to manually take Ownership of the C:\Documents and Settings\username directory so your other OS can scan inside of it, otherwise NTFS permissions/security won't let your other OS inside.

Anymore, I would use Kaspersky antivirus on my boom-lowering machine. When I went to fix my little sister's spyware/adware/downloader/Trojan-infested system, I started with her Norton Antivirus 2005, then the McAfee command-line scanner, then Kaspersky with the extended-databases option. Norton < McAfee < Kaspersky, in her case. 30-day trialware of Kaspersky.

That could also be worth a shot for you, aceman817, disable System Restore and use the McAfee CLI scanner in Safe Mode, then boot to normal mode and try the Kaspersky trialware in place of AVG. If it still won't install then I have further suggestions including some Registry keys to look at.

 

[aceman817]

i did a scan in safe mode with scanpm from mcafee and it didn't fine anything as didn't kaspersky. what are the keys to look at in the registry?

 

[mechBgon]

The Registry keys I was thinking of are the ones discussed in Symantec's writeup of W32.Elitper.E@mm: http://securityresponse.symantec.com/avcenter/venc/data/w32.elitper.e@mm.html

Look at section 17 of the Technical Details in particular, see how the malware adds a bunch of entries to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

to keep you from running stuff.

When you scanned with Kaspersky, what virus database set did you use: standard, extended, or SuperSecure? Were the scanners set to Maximum? Also, if any viruses were detected by anything, what were their names, because knowing the enemy helps here.

Also: do you have any suspicions on how the virus would've gotten in? Spit it out, man 😉

 

[xcelr8]

Wow, that's the same thing as happened to me. Do you knwo the name of that virus? All of the sudden svchost was at 50% and i couldn't end task or anything, i restarted and that's when i had all of my problems, and now i can't copy and paste either.

 

[mechBgon]

Were you doing any IM'ing? The loss of right-mouse-button functionality happens to be a family trait of Bropia worms, which spread using Windows/MSN Messenger. Did you click any suspicious links in an IM?

< / educated guess >

 

[xcelr8]

I only use aim, and i don't think i clicked any links last night. Would formatting fix the problem or would the worm still be there?

 

[PurdueRy]

SP2 + Updates?

 

[mechBgon]

Originally posted by: xcelr8
I only use aim, and i don't think i clicked any links last night. Would formatting fix the problem or would the worm still be there?

You could run Windows Setup, delete all the partitions, then exit Windows Setup and start over. Keep the computer un-networked entirely until you have Service Pack 2 installed so that it's got most of the vulnerabilties patched and the Windows Firewall enabled.

It's a bit worrisome that you have a virus that is not getting detected. Do you have any ideas how it might've happened... weird email attachment, new program you installed, or ???

 

[aceman817]

thanks for the suggestions guys. i did a repairitive install and that fixed the problem.