SVCHOST.EXE

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello all, hope you are all well!

I have a problem, my system is XP and has been running very slow recently. I have looked in system performance and the CPU usage has been running at 100% during most of the way through the runtime of the computers operation.

I have done various scans (virus, maleware, spyware etc) with nothing to report. I notice SVCHOST.EXE in "system" can be taking up most of the CPU (60,000-100,000k) There are three of them running, one under the USER NAME "system" and two under the USER NAME "network service". Can anybody relate to thise issue and assist. Having checked this out i realise these are filrs relating to windoes dll. files.

Thanks in avance.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

yeah it is... what you need to be careful with is that trojans and viruses exist with the same name...

http://support.microsoft.com/kb/314056

 

Have a look at this page to see if it helps.

Lots of links there for info.

Harry

 

Nice find there from Zimbo. The M$ page mentions 'tasklist', however that is only available on XP Pro. If you have 'Home' then the Sysinternals ProcessExplorer util will get you the info as to which instance of svchost is which!

Harry.

 

the trick is to find out where the svchost.exe is coming from i.e. folder location...

 

If you use Tasklist you need to know what verions of svchost you are using and what services are running.

XP: Tasklist.exe - Get a List of Processes From the Command Line

Windows 2000 users can run this program by clicking Start / Run and type "command" or "cmd" and press enter. From the MS-DOS prompt, type "tlist -s" and press enter.

Windows XP users can run this program by clicking Start / Run and type "command" or "cmd" and press enter. From the MS-DOS prompt, type "tasklist /svc" and press enter.

Source - computerhope

If this does not work then you can download an application for the tasklist here

When you run it, you will be able to see what services are being controlled by svchost.exe's, then you can disable the services which you do not need to use. By default, XP sets to automatic many services which are not generally needed.

I hope this helps

 

Have a look in C:\Windows\softwareDistribution or alterantive you could try Windows Defender!?

A way around that annoying pop up message error is to disable the automatic upadtes with wuaUserv

 

When did this start to happen, have you installed any software or hardware recently?

If you have done everything in Harry's great link I would seriously consider a re-installation of the OS, including wiping the partition and starting from scratch. Then before you do anything else like connect it to the Internet, install your AV software, then immediately install SP2 if you haven't got it bundled with your install CD. Then connect it to the net and go straight to Windows update and download any other critical updates.

You can never be sure that some malware or virus is still not lurking around somewhere.

 

At work I was having the same issues and after 3 days of pure troubleshooting I was able to narrow it down to the windows updates.

Basically what would happen is windows would go out and try to download updates but then it keeps on getting errors and never resolves anything. For my situation I did the windows updates manually and the svchost.exe went down to 0%. How ever this issue has been reported to Microsoft before and they don't have a fix for it yet. Which I find weird because this issue has been happening for over a year now.

Also like Zimbo said there a few svchost.exe processes which you will have to find out to which that processes is linked. This could also mean that for you this is an entirely different issue like a virus, torjans, malware, etc.

My advice to you would be to do the windows update and if thats not the case well then you have eliminate one possibility.

Good Luck buddy.

 

svchost.exe <~ I was in trouble with it. When I use a firewall It always require to connect to Interet. So, I blocked it and everything ok (up till now )

 

I have the same problem at work, like Theprof says, it is due to a corrupt windows update file. It is not on all of the PC's but just the odd few, the ones that had thoses updates.

You can download a hotfix SVCHOST file that stops the error message from being displayed but all the really does is turn off the Windows Update service. Once the users does a cold reboot and syncs with the network, the window update service is reactivated so the error message comes back.

The other way was to format the HD and RIS it.
But when your working in a Hospital and the Doctors or Nurses want a quick repair, it's not the best solution!

Has anyone here used the tasklist Command?

 

Another way to get around that annoying message of SVCHOST is to stop the the updates going to that PC. It's not a fix, but if your at work and customers are phoning in with this problem.

Then you could set up a group Policy on the network so the computers with the SVCHOST message are put into the group policy and the Window updates are disabled until a solution can be found.

It works for customers who just want a quick fix.

 

i have no less than 5 of these running on my system at the moment.

Nice find on tasklist though. didnt know about that one.

 

We have these at work - not the 100% CPU faults but various application messages such as "the memory cannot be read". And it happens to a large number of PCs on the 15th of every month (update day...)

Our fix wich works temporarily is to:

1) Bounce the PC till the update service is started
2) Stop the service
3) delete the contents of c:\windows\systemdistribution
4) start the service
5) bounce and check event viewer

Works but still havent got an overall solution

 

i know this is a bit of an old post but we had this problem when microsoft updates was launched, pc's would just hang with cpu at 100&#37; for the first 5 mins after boot, we just had to change the settings back to windows update instead of microsoft updates and this seemed to solve the problem, all systems had nod32 with wilders settings.

 

Thanks Thomas I will relay this to the manager at work.

There is a fix for the SVCHOST error, however it doesn't always work!

What about the other problem of Windows updates?

After rebuilding a PC from the RIS server and downloading the 71 updates from Microsoft. The Hardware wizard pops up and asks to install new hardware for an unknown PCI component.
If you choose add and it's search's the HD it finds nothing if you choose browse CD, it shows nothing for file extension.

The only way around it was to disable the device.

It has popped up on every PC that has had those updates, Intel 915GAG and gigabyte mobo's. It's so annoying!

 

SVCHOST is the generic WIndows Sevrice Hosting process. Its used to host a collection of processes from DLLs under one 'process', making it easier to manage them.

Its normal for there to be multiple instances of SVCHOST running - for instance, at present, I'm running a new (2 week old) install of XP Pro, SP2, with bare minimum of software installed and I have four instances running.

However, it is true that, because of the complexity of the SVCHOST process it can be difficult to ascertain exactly what is causing a system slowdown/instability issues.

Also, lots of Malware has been known to hide behind the Svchost banner - usually easily spotted by a slightly different process name (scvhost, svhost, scv_host etc). One telltale sign of Malware masquerading as legitimate SVCHOST processes is svchost.exe residing in a directory other than the System32 Directory.

Scan your system for Malware and see if removing any crap that the scan finds makes any difference.

If not, its possible that the Windoze Update issue mentioned earlier is affecting you - NEVER run automatic updates using Windows' built-in Auto-Update feature, irrespective of the M$ gumph - a decent tech should always patch manually on a regular basis. On more than one occasion I've seen organisations not running SMS (when they really should be) or even WSUS (when there is NO excuse for them not to be) try to automate patch deployment by just turning on Auto-Updates for all their boxes.

This should never be done in a corporate network and, since I assume everyone here is either in the IT industry already or trying to get into it :wink you should follow the same general practices you do at work on your home LANs. I patch every month, regular as clockwork - usually three or four days after 'Patch Tuesday'. Doing this manually helps me avoid the stupid instability issues that often plague updates when they are first released, and allows me to track back much more easily when i suspect that one of them has FUBARed a machine.