SVCHOST? Please help

[kyo]

recently my comp started to act up very strange, i aint' sure if this is some kinda virus infection or worms..
everytime i boot my comp, connect to the net (DSL, no rounter, using windows built in connection), after 10-15, my comp start to lag as its the CPU/Memory are being used fully and i'm like can't do nothing at this point, even browsing the web is a problem, so is normal window browsing, basically everything..
so i ctrl+alt+del, the task manager says in performance says my CPU Usage is always at 100% and i wonder why..
then i find out from the Processes page this program "SVCHOST.EXE" is taking 99% of the system resource and is possibly making all the lag..
I tried formatted the comp and after a few days it comes back again.. perhaps this is due to some kinda internet worms/virus..?
any answer will be greatly appreciated..
thanks in advance

 

[mikecel79]

Sounds like it could be a worm. There's a few out there that look like the svchost.exe file. Have you run a virus scan on your machine? Do you have anti-virus software installed? Are you using a firewall at all?

 

[kyo]

i had an anti-virus (norton) and firewall (zone alarm) but for some reason they get infected too
Norton will automatcally shut down when i run it..

is there any good program to fix this?
also i'm getting stupid pop ups occasionally.. probably are spywards..(window msg box pops up, not IE)

 

[Thor86]

Do a Google search on "freednshost". Damn hijackwares...

 

[NogginBoink]

SVCHOST is a container process in which services run. You can stop services one at a time till you find the culprit or find the sc.exe utility that lists which services are running in which PID (process ID) to narrow it down.

What did you change before problems started?

 

[n0cmonkey]

Either do an online virus scan or boot from an antivirus disk to do a scan.

 

[mcinal]

check your registry for programs running at startup- the last time i had this problem that was the resolution.

 

[DGath]

I do tech support and I've been removing this virus a lot lately. I believe it's an agobot variant. Get rid of it by killing the svchost.exe process in task manager. I know, there is like 6 of them, but just start killing them and you'll get to a point where you can delete the svchost.exe file from c:\windows\system32\drivers\. When killing svchost, if you kill the wrong one, it will pop up and say windows is shutting down in 60 seconds, a trick to abort that is go to start > run > shutdown -a. If you have an antivirus program, my method is kill svchost and then do a quick scan on the system32 directory and the antivirus program I use (Sophos-antivirus) has no problem detecting and removing it.

good luck

 

[NogginBoink]

Originally posted by: DGath
I do tech support and I've been removing this virus a lot lately. I believe it's an agobot variant. Get rid of it by killing the svchost.exe process in task manager. I know, there is like 6 of them, but just start killing them and you'll get to a point where you can delete the svchost.exe file from c:\windows\system32\drivers\. When killing svchost, if you kill the wrong one, it will pop up and say windows is shutting down in 60 seconds, a trick to abort that is go to start > run > shutdown -a. If you have an antivirus program, my method is kill svchost and then do a quick scan on the system32 directory and the antivirus program I use (Sophos-antivirus) has no problem detecting and removing it.

good luck

Killing svchost at random is a quick way to make your box unstable.

Determine which service is consuming CPU usage. Determine the PID of the offending process from task manager. Then run SC QUERYEX from a command prompt and determine which services are running in that process. Stop them one at a time until you've determined which service is being affected. Then do further research to determine what the problem might be based on that information.