1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SVCHOST.EXE

Discussion in 'Software' started by Weemez, Jan 13, 2007.

  1. Weemez

    Weemez Kilobyte Poster

    372
    1
    0
    Hello all, hope you are all well!

    I have a problem, my system is XP and has been running very slow recently. I have looked in system performance and the CPU usage has been running at 100% during most of the way through the runtime of the computers operation.

    I have done various scans (virus, maleware, spyware etc) with nothing to report. I notice SVCHOST.EXE in "system" can be taking up most of the CPU (60,000-100,000k) There are three of them running, one under the USER NAME "system" and two under the USER NAME "network service". Can anybody relate to thise issue and assist. Having checked this out i realise these are filrs relating to windoes dll. files.

    Thanks in avance.
     
    Certifications: HNC Computing A+ N+ ICND1
    WIP: ICND2
  2. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    yeah it is... what you need to be careful with is that trojans and viruses exist with the same name...

    http://support.microsoft.com/kb/314056
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  3. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Have a look at this page to see if it helps.

    Lots of links there for info.

    Harry
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Nice find there from Zimbo. The M$ page mentions 'tasklist', however that is only available on XP Pro. If you have 'Home' then the Sysinternals ProcessExplorer util will get you the info as to which instance of svchost is which!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    the trick is to find out where the svchost.exe is coming from i.e. folder location...
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  6. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    If you use Tasklist you need to know what verions of svchost you are using and what services are running.

    XP: Tasklist.exe - Get a List of Processes From the Command Line

    Windows 2000 users can run this program by clicking Start / Run and type "command" or "cmd" and press enter. From the MS-DOS prompt, type "tlist -s" and press enter.

    Windows XP users can run this program by clicking Start / Run and type "command" or "cmd" and press enter. From the MS-DOS prompt, type "tasklist /svc" and press enter.


    Source - computerhope

    If this does not work then you can download an application for the tasklist here

    When you run it, you will be able to see what services are being controlled by svchost.exe's, then you can disable the services which you do not need to use. By default, XP sets to automatic many services which are not generally needed.

    I hope this helps:biggrin
     
    Certifications: Comptia A+
    WIP: Comptia N+
  7. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214

    Have a look in C:\Windows\softwareDistribution or alterantive you could try Windows Defender!?8)

    A way around that annoying pop up message error is to disable the automatic upadtes with wuaUserv
     
    Certifications: Comptia A+
    WIP: Comptia N+
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    When did this start to happen, have you installed any software or hardware recently?

    If you have done everything in Harry's great link I would seriously consider a re-installation of the OS, including wiping the partition and starting from scratch. Then before you do anything else like connect it to the Internet, install your AV software, then immediately install SP2 if you haven't got it bundled with your install CD. Then connect it to the net and go straight to Windows update and download any other critical updates.

    You can never be sure that some malware or virus is still not lurking around somewhere.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    At work I was having the same issues and after 3 days of pure troubleshooting I was able to narrow it down to the windows updates.

    Basically what would happen is windows would go out and try to download updates but then it keeps on getting errors and never resolves anything. For my situation I did the windows updates manually and the svchost.exe went down to 0%. How ever this issue has been reported to Microsoft before and they don't have a fix for it yet. Which I find weird because this issue has been happening for over a year now.

    Also like Zimbo said there a few svchost.exe processes which you will have to find out to which that processes is linked. This could also mean that for you this is an entirely different issue like a virus, torjans, malware, etc.

    My advice to you would be to do the windows update and if thats not the case well then you have eliminate one possibility.

    Good Luck buddy.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  10. tuvanit

    tuvanit Nibble Poster

    98
    0
    14
    svchost.exe <~ I was in trouble with it. When I use a firewall It always require to connect to Interet. So, I blocked it and everything ok (up till now :D)
     
    Certifications: 70-270, 70-290
    WIP: MCSA 2003
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I had the same problem, I tried downloading the patches as .exe files and install them individually but still got the same problem with svchost.exe taking up100% of the CPU usage.

    I was pushed for time so ended up wiping the PC and reinstalling XP etc and fully patched it. Problem sorted but I would have liked to have found a fix for it. :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  12. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    I have the same problem at work, like Theprof says, it is due to a corrupt windows update file. It is not on all of the PC's but just the odd few, the ones that had thoses updates.

    You can download a hotfix SVCHOST file that stops the error message from being displayed but all the really does is turn off the Windows Update service. Once the users does a cold reboot and syncs with the network, the window update service is reactivated so the error message comes back.

    The other way was to format the HD and RIS it.
    But when your working in a Hospital and the Doctors or Nurses want a quick repair, it's not the best solution!

    Has anyone here used the tasklist Command?
     
    Certifications: Comptia A+
    WIP: Comptia N+
  13. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    Another way to get around that annoying message of SVCHOST is to stop the the updates going to that PC. It's not a fix, but if your at work and customers are phoning in with this problem.

    Then you could set up a group Policy on the network so the computers with the SVCHOST message are put into the group policy and the Window updates are disabled until a solution can be found.

    It works for customers who just want a quick fix.:biggrin
     
    Certifications: Comptia A+
    WIP: Comptia N+
  14. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    i have no less than 5 of these running on my system at the moment.

    Nice find on tasklist though. didnt know about that one.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  15. steveh2001

    steveh2001 Byte Poster

    204
    3
    22
    We have these at work - not the 100% CPU faults but various application messages such as "the memory cannot be read". And it happens to a large number of PCs on the 15th of every month (update day...)

    Our fix wich works temporarily is to:

    1) Bounce the PC till the update service is started
    2) Stop the service
    3) delete the contents of c:\windows\systemdistribution
    4) start the service
    5) bounce and check event viewer

    Works but still havent got an overall solution :(
     
    Certifications: A+,N+,CommVault,MCSA/MCSE 2003,VCP 4.1.
    WIP: ?
  16. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    i know this is a bit of an old post but we had this problem when microsoft updates was launched, pc's would just hang with cpu at 100&#37; for the first 5 mins after boot, we just had to change the settings back to windows update instead of microsoft updates and this seemed to solve the problem, all systems had nod32 with wilders settings.
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  17. UCHEEKYMONKEY
    Honorary Member

    UCHEEKYMONKEY R.I.P - gone but never forgotten. Gold Member

    4,140
    58
    214
    Thanks Thomas I will relay this to the manager at work.

    There is a fix for the SVCHOST error, however it doesn't always work!

    What about the other problem of Windows updates?

    After rebuilding a PC from the RIS server and downloading the 71 updates from Microsoft. The Hardware wizard pops up and asks to install new hardware for an unknown PCI component.
    If you choose add and it's search's the HD it finds nothing if you choose browse CD, it shows nothing for file extension.

    The only way around it was to disable the device.

    It has popped up on every PC that has had those updates, Intel 915GAG and gigabyte mobo's. It's so annoying!:blink
     
    Certifications: Comptia A+
    WIP: Comptia N+
  18. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    SVCHOST is the generic WIndows Sevrice Hosting process. Its used to host a collection of processes from DLLs under one 'process', making it easier to manage them.

    Its normal for there to be multiple instances of SVCHOST running - for instance, at present, I'm running a new (2 week old) install of XP Pro, SP2, with bare minimum of software installed and I have four instances running.

    However, it is true that, because of the complexity of the SVCHOST process it can be difficult to ascertain exactly what is causing a system slowdown/instability issues.

    Also, lots of Malware has been known to hide behind the Svchost banner - usually easily spotted by a slightly different process name (scvhost, svhost, scv_host etc). One telltale sign of Malware masquerading as legitimate SVCHOST processes is svchost.exe residing in a directory other than the System32 Directory.

    Scan your system for Malware and see if removing any crap that the scan finds makes any difference.

    If not, its possible that the Windoze Update issue mentioned earlier is affecting you - NEVER run automatic updates using Windows' built-in Auto-Update feature, irrespective of the M$ gumph - a decent tech should always patch manually on a regular basis. On more than one occasion I've seen organisations not running SMS (when they really should be) or even WSUS (when there is NO excuse for them not to be) try to automate patch deployment by just turning on Auto-Updates for all their boxes.

    This should never be done in a corporate network and, since I assume everyone here is either in the IT industry already or trying to get into it :wink you should follow the same general practices you do at work on your home LANs. I patch every month, regular as clockwork - usually three or four days after 'Patch Tuesday'. Doing this manually helps me avoid the stupid instability issues that often plague updates when they are first released, and allows me to track back much more easily when i suspect that one of them has FUBARed a machine.
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...