svchost.exe 100% CPU

Discussion in 'malware problems & news' started by kof, Jan 13, 2007.

Thread Status:
Not open for further replies.
  1. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    what kind of worm does 100% svchost.exe process?

    the name & the removel tool, plz.
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    One "worm" can be Windows automatic updates, depending on your pc. Where is that svchost located?
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  4. webmedic

    webmedic Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    123
    Location:
    just curious how much info you can get into here a
    it can also be caused by using custom hosts files if they are to large.
     
  5. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    tnx u all :D
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Did you figure it out?
    If you still have problems, shoot!:)
     
  7. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    yep
    automatic updates
    tnx bro :thumb:
     
  8. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Startuplist
    expand running processes > expand (the various) svchost entries to reveal the dlls actually being employed

    this box has three svchost instances w\ 46, 76 and 77 dlls running respectively
    while I have a high confidence they are all legitimate, thats not always the case

    http://i10.tinypic.com/303e4pv.jpg

    were I suspicious Id compare them to known clean security benchmarks
    (which need to be updated as you add software and further dependent here on what is actually running)

    see > DLL injection
     
    Last edited: Jan 14, 2007
Loading...
Thread Status:
Not open for further replies.