svchost.exe 100% CPU

Discussion in 'malware problems & news' started by kof, Jan 13, 2007.

Thread Status:
Not open for further replies.
  1. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    what kind of worm does 100% svchost.exe process?

    the name & the removel tool, plz.
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    One "worm" can be Windows automatic updates, depending on your pc. Where is that svchost located?
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,565
    Location:
    Ontario, Canada
  4. webmedic

    webmedic Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    123
    Location:
    just curious how much info you can get into here a
    it can also be caused by using custom hosts files if they are to large.
     
  5. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    tnx u all :D
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Did you figure it out?
    If you still have problems, shoot!:)
     
  7. kof

    kof Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    56
    yep
    automatic updates
    tnx bro :thumb:
     
  8. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Startuplist
    expand running processes > expand (the various) svchost entries to reveal the dlls actually being employed

    this box has three svchost instances w\ 46, 76 and 77 dlls running respectively
    while I have a high confidence they are all legitimate, thats not always the case

    http://i10.tinypic.com/303e4pv.jpg

    were I suspicious Id compare them to known clean security benchmarks
    (which need to be updated as you add software and further dependent here on what is actually running)

    see > DLL injection
     
    Last edited: Jan 14, 2007
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.