nasty svchost.exe

**BigGreen** · 06-10-2006, 12:33 PM

In my task manager I show several svchost.exe tasks running but one in particular appears to be malicious/compromised. The line on it is as follows svchost.exe (image name), System (user name), 54 (cpu), 21, 544k (mem usage) and CPU usage is at 100%. It's that 33-55 range on the cpu value that has me most concerned (well, the 100% cpu usage as well).

Essentially, I'm wondering how to locate and remove that specific svchost.exe. Whatever it is seems to have my command prompt shortcut frozen/inoperable as well, so I'd really like to find this thing and get it the hell off my comp.

**Beretta726** · 06-10-2006, 04:15 PM

it's probably spyware. AD-Aware SE personal and SpyBot are good removal tools. Microsoft also has a free removal program. Always a good idea to run more than one spyware protection program. Running the virus scan wouldn't hurt either. TrendMicro has a program called CWshredder. It finds alot of the things that the other programs don't.

**guest589745** · 06-10-2006, 05:37 PM

I have 7 svchost.exe 's on my PC right now and have no idea how/what one to get rid of.

Bump.

**oldman** · 06-10-2006, 05:55 PM

This is NOT spyware this is a process used by the Windows OS.

At any one time you could have 5-10+ running at the same time there is nothing wrong with it and if you kill them off you will shut down your PC.

download and run http://www.safer-networking.org/ S&D

And

http://www.lavasoft.de/software/adaware/

and you will clear out anything bad. Update and run at least once per week and you will keep your PC's running faster and cleaner.

also run a firewall like zonealarm will help block auto-install .exe files that you will get hit with by going to malicious websites.

~Old

**BigGreen** · 06-11-2006, 02:04 AM

thanks all for the advice so far. Here's the deal:

I've run ad-aware, spybot search and destory, spysweeper AND norton antivirus scans (all in safe mode) as well as the online scan of housecall and still nothing. While running in safe mode, task manager shows normal processes: ie, system idle taking up most of the cpu and total cpu usage at 3-25% as things boot up. Under "normal" log on conditions (not safe mode) I show normal process distribution (for lack of a better term) for thirty to forty seconds, then suddenly it shoots up to 100% CPU usage with it split almost exclusively between "system" (NOT system idle, as should be the case and IS in safe mode) and a random svchost. Clearly something isn't right, but whatever that something is seems to slip under the radar of all of those fine spyware programs.

I don't fileshare on this comp at all (I keep a crappy, older comp for that sole purpose) and the only thing that's happened in the last year with this one is a few days ago an email with an executable attachment was sent to my school email, which automatically opens such attachments when you open the email (huge problem at the school that they intend to fix) through the off campus web based email. Since these problems started a day or so after that opening, i assume that's the issue, but still the programs pick up nada.

Any further suggestions?

**oldman** · 06-11-2006, 05:34 AM

If your anti-spy and such is not finding anything I am guessing you have some sort of Trojan than got in and has already done damage and removed itself or is in a hidden process. Since you are on XP have you tried doing a restore to a prior point when you know this was not happening.

Some of these are next to impossible to find. Sorry hard to do long distance but you could always bring to a PC repair and see if they can flush it out.

~Old

**Prada** · 06-11-2006, 06:21 PM

Personally I am a big fan of AVG Antivirus by Grisoft

**StoneGRMI** · 06-11-2006, 06:57 PM

Microsoft® Live OneCare is a great new all-in-one Antivirus/adware/system checkup/firewall that I have been using for about a month. I have no complaints yet.

**BigGreen** · 06-12-2006, 12:02 AM

To all: thanks for all the advice. I ended up becoming so frustrated that I spent the afternoon wiping out my hard drive and starting over from scratch altogether. Now that the task is done (having sorted through missing individual drivers and downloading those) it's like having a brand new computer. I can NOT believe how smooth this thing is now. It was a llllong afternoon, but this thing has not run this well in MONTHS. That said, to ensure this doesn't happen again, I've made sure ALL of my MS updates are up to snuff, and I plan on running ad-aware and spybot far more frequently.