Vista: high svchost disk usage, sluggishness, strange behavior

Vista: high svchost disk usage, sluggishness, strange behavior (unsolved)

My grandmother's Vista laptop is extremely sluggish. Internet access is slow (~60 Kbps) even though this is on a cable line, and my Linux netbook is getting good (~300 Kbps) speed on the same network. Also, svchost.exe is using an incredible amount of disk I/O, something like 500 MB in the past few minutes. I disabled indexing and prefetch and that sped the computer up a bit, but the hard drive will not stop grinding. So I'm beginning to suspect infection.

So far:

- Kaspersky Rescue Disk detected a couple of apparent false positives, something about finding a mailer trojan in some of the games that HP preinstalled on the computer.

- Norton Antivirus (she has a subscription for it) found nothing at all, though it did give a warning about svchost's huge I/O use.

- Rootkit Revealer failed to run (couldn't start the necessary service even as admin), and Gmer caused a BSOD.

I'm starting to get more than a bit perplexed. There should be a reason for the sluggishness and disk usage by svchost, but nothing seems to give. Am I looking at some kind of trojan or rootkit, or am I chasing phantoms here?

 

Disable the Windows Vista SuperFetch Service and see if that helps.

http://www.howtogeek.com/howto/windows-vista/how-to-disable-superfetch-on-windows-vista/

 

I did that already. As I said, it sped up the machine a little bit, but did not put a dent in the overall disk I/O usage.

 

svchost is used for tons of things, so, no advice until you find out what is actually running and uses svchost. Event Viewer, Process Explorer or whatever...

(One guess would be .NET "optimization" which runs after some security updates and recompiles tons of crap.)

 

Try doing a scan with Dr.Web Cureit in Safe Mode. After that do a scan with SuperAntiSpyware Portable in Safe Mode.

 

Thanks. And weird, there's a lot less disk thrashing in safe mode... I wonder if some third-party thing is acting up.

Edit: okay, according to Process Explorer TrustedInstaller.exe is eating up rather a lot of disk I/O time. Judging from the rate at which it's reading/writing, I think it may be the culprit.

Edit 2: Aaaand solved. In a fit of exasperation, I ran PC Decrapifier and removed several hundred megabytes of preinstalled HP garbage, including stuff that was apparently running some background services... Voila, no more thrashing. Incredible, I had no idea that the preinstalled rubbish situation was that bad with HP.

Edit 3: Oops, not solved. Hard drive started thrashing again after a reboot and hasn't stopped yet.

 

By constantly rebooting, you are not exactly improving the situation. Unless you let the task (whatever it is) finish, you will never get rid of this.

TrustedInstaller.exe is used for checking for new updates, also may be related to searching Problem Reports and Solutions (clear that stuff in actions center) etc.

 

@ Gullible Jones

Hi you could use this

This application requires the .NET 2.0 framework and should work on XP (SP2), Vista and Windows 7!

I don't have NET & it works just fine on my XP/SP2 Don't know why, but it does

Hope you track it down.

 

Is Windows Defender enabled?

 

Yeah, Windows Defender is enabled. Can that cause thrashing? I didn't want to disable it because I don't know how strong Norton 2011 is against spyware

doctornotor: point taken. Though the thrashing lasted longer after boot than is normal for Linux or XP, or what I've seen of Vista for that matter.

 

If you have scheduled scans, then yes...

(On a side note, I managed to create the same under Linux by scheduling full S.M.A.R.T. diagnostics of disks with smartd and completely forgetting about it. Do not thing that Windows does such checks though.)

 

Just as a test I would try to disable it and reboot. Then after the reboot check and see if the svchost usage is down and if the sluggishness went away. You would not notice the svchost disk usage going down or any sluggishness gone till a reboot.