5 instantances of svchost.exe hogging up my ram

message from D Botsford on 3 Jun 2004
I have Windows XP Professional with all patches in place - or at least
according to the Windows Update site.
I have Norton Antivirus 2004, fully updated.
I run Pest Patrol constantly.

And I have 5 instances of svchost.exe, including one that is using 17
megs!!!!, running on my machine.

Please help - I'm having to reboot all the time to get things done.

Thanks,
Diana
 
roger replied to D Botsford on 03 Jun 2004
Hi,

You want to see what's using SVChost.exe because Spyware or a Trojan
can use SVChost.exe on their behalf; google for Process Explorer
(free) to look at the processes that are using SVChost.exe.

BTW, if svchost.exe is not running out of the system32 directory, it's
a Trojan.

A Description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314056

Good luck
 
D Botsford replied to roger on 3 Jun 2004
Thanks - I did find 2 instances of svchost.exe outside of /system32 and
deleted them and rebooted by the same situation is going on.

I'm downloading the Process Explorer software now but I don't know how to
judge if something is wrong once I get a report.

I find 17 megs dedicated to an instance of svchost.exe to extreme. Would
appreciate any guidance!

Diana
"roger" <sergiorogerdon'tspam@yahoo.com> wrote in message
news:lk8vb0dvn2mlhu9g94pe4q0b249rgnpt3j@4ax.com...
 
Chuck replied to D Botsford on 3 Jun 2004
Diana,

If you want to know more about the many processes running on your computer, get
Process Explorer (free) from
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml . Provides way more
information than Task Manager. You can look at any process and see what modules
it contains, and who wrote or distributed each module. And graph its memory and
CPU usage.

But if you found extra copies of svchost.exe, you better do a spyware / virus
scan.

How current is your virus protection? Try these free online virus scans, to
complement your current protection:
http://www.bitdefender.com/scan/license.php
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/
http://security.symantec.com/ssc/home.asp
http://housecall.trendmicro.com/housecall/start_corp.asp

Now check for, and learn to defend against, additional carriers of infection.
Have you downloaded these programs before? Download them again, as many are
revised frequently, to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.

First, download LSP-Fix and WinsockXPFIx from http://www.cexx.org/lspfix.htm ,
and CWShredder from http://www.majorgeeks.com/download4086.html . All are
free.

Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.

Now check for, and remove, spyware. Get HijackThis
http://www.majorgeeks.com/download.php?det=3155 and Spybot S&D
http://www.safer-networking.org/index.php?page=download . Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log. http://forums.spywareinfo.com/index.php?showtopic=227
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
http://forums.net-integration.net/
http://forums.spywareinfo.com/
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
D Botsford replied to Chuck on 5 Jun 2004
Worked great - I'm now running ad-aware, sybot and Win Patrol. They found a
ton of junk and cleaned things up. I have 4 instances running but using far
less resources. I'm happy.
Thank you!
Diana

"Chuck" <none@example.net> wrote in message
news:dcevb01g6jkqeu5jukji01c04fce25v2h2@4ax.com...
<diana_botsford@hotmail.com>
http://www.cexx.org/lspfix.htm ,
 
Chuck replied to D Botsford on 5 Jun 2004
Excellent, Diana. Thanks for the update.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
roger replied to D Botsford on 03 Jun 2004
Hi,

Perform a scan using updated ad-aware and spybot:
Ad-aware
http://www.lavasoftusa.com/support/download/

Spybot S&D
http://www.safer-networking.org/index.php?lang=en&page=download

Also get a second opinion about viruses performing an online scan at
any of these sites:
Trend Micro HouseCall:
http://housecall.antivirus.com/pc_housecall/

Panda Active Scan:
http://www.pandasoftware.com/products/activescan/

RAV AntiVirus Online Virus Scan
http://www.ravantivirus.com/scan/

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/license.php

svchost.exe is used by diverse programs, once you get a list of these
programs, check their names in the Web and you may find whether they
are legit or not.

I have a svchost.exe of 21 megs, and it is OK. You may get more
information, like how much it writes to disk, by pressing Ctrl + Alt +
Del and going to Task Manager > View > Select columns
and selecting I/O writes and I/O reads

Armed with all this information, you could detect inconsistencies in
the programs.

Good luck
 

Archived message: 5 instantances of svchost.exe hogging up my ram (Microsoft XP)
 
Note: To make this discussion more readable on the page the original messages have been edited to remove most of the references and quoting.