svchost.exe 100% CPU usage!?!?

[ExtremeFragFest]

can anyone help me here? I have a small problem..

My Windows Xp Shuttle Machine is at 100% CPU Usage for some reason and svchost.exe is causeing it

in my processes it shows alot of those svchost.exe's and

one of them always has over 50% Cpu and it shows 100% Cpu usage


Here's a link to the picture
http://www.pingthiss.com/hard/svchost.JPG


and every time i try to end the process a box pops up and says something about i have to restart my pc blah blah unexpted error.


someone must know about it.

 

[hulksterjoe]

I'd say you've got a virus.. there are a number of them that will do this..

Take a close look is it sVChost or sCVhost.exe if its the later then its100% you've got a worm..

but you still may have spyware or a virus causeing it if it isnt that name

 

[ExtremeFragFest]

Hrm i am scaning with House call from trend micro... I just formated 3 days ago lol.

 

[Phoenix86]

The worm you likely have is because you are connected to the internet w/o a firewall. If you reforma you machine and connect it to some ISPs connections you will get some worms within minutes. That means if you didn't patch in those few minutes your infected. Of course, that also means by the time you get to the windows update site your already screwed.

If you have an always on connection I strongly recommend a seperate firewall. I use a hardware firewall/router and it's much easier than jacking around with local firewall software like windows built in firewall or 3rd part apps. That will allow you to connect an unprotected box so you can get it patched since the security is external to tha machine.

 

[ExtremeFragFest]

Well.. I do have spare machine here at the house..

specs:

1u rackmount
40gig Maxtor HDD
900Mhz Duron
128meg Ram
cd-rom
floppy


My ISP Is Ameritech DSL

I have a dynamic IP.

If any one can help me or tell me how to setup a firewall/router with that box or something.. please let me know. thanks

Also if i install a firewall on this machine will it stop the 100% usage?

and is it bad to run this system with 100% usage for a long period of time? I am at work right now useing a comcast net connection thanks

 

[hulksterjoe]

The firewall will stop the wrom getting out but because the worm will still be running.. it may not be connecting any longer but its not gone..

You could always just try and run zone alarm as a firewall. .Software firewall arent always best.. you could just buy a cable dsl router and those have firewalls built in like the linksys
befsr11 -single port or the befsr41 router/w 4 port swithc

 

[ExtremeFragFest]

At home i have a Link-sys 4 port router.. here at work we have a Link sys like.. 24 port router.. but i might wana turn my extra home PC into a router.firewall anyway.

 

[Phoenix86]

If you have a linksys router, the BEFSRxx models, that should have stopped the worm... That makes me think a PC on the inside of the network is infected, and that's where you got it from. That, or the router is setup incorrectly and the ports the worm uses are forwarded. Either way, that router, out of the box, will stop that type of attack.

 

[Ranma_Sao]

1st. Setup Windows Firewall
2nd. Visit Windows Update
3rd. Run a virus scan after these two things occur (Up to date virus scanner)

 

[ExtremeFragFest]

I am at work and i fixed the 100% usage problem and now 2 pc's on my network at work are having a window that pops up talking about RPC machine must shutdown save all work blah blah blah..


Its on my machine and one of the machines next to me..


Also when i try to run nortan anti virus it opens.. and 5-6 seconds later it closes.. please help.

 

[Phoenix86]

Disconnect the machines from the network.

Download the patch from MS's site and the removal tool from symantec.com(on an unaffected machine, or one that will stay connected long enough). Then burn it to a CD and take it to the affected PCs.

Run the removal tool, patch the machines, then put them back on the network.

 

[hulksterjoe]

goto symatec or mcafee and run an online scan

 

[ExtremeFragFest]

Originally posted by hulksterjoe
goto symatec or mcafee and run an online scan

I disabled System restore and went into safe mode and i am scaning with nortan anti virus 2k4 and its scaning as we speak.. i am on a PC thats not infected.

 

[ExtremeFragFest]

Originally posted by Phoenix86
Disconnect the machines from the network.

Download the patch from MS's site and the removal tool from symantec.com(on an unaffected machine, or one that will stay connected long enough). Then burn it to a CD and take it to the affected PCs.

Run the removal tool, patch the machines, then put them back on the network.

What Patch and what removal tool?


What if i dont have a valid cd-key when i installed xp? lol does that affect anything...

 

[hulksterjoe]

Goto www.windowsupdate.com and download ALL of the critical updates

then go to and run the free scan
http://us.mcafee.com/root/mfs/default.asp?cid=9914

find out what viruses you have and then

use the correct virus removal tool
http://securityresponse.symantec.com/avcenter/tools.list.html


As for the xp license if windowsupdate wont let you run the patch because your using an illegal copy.. then

HELP ENDS HERE....

 

[Phoenix86]

Originally posted by hulksterjoe
As for the xp license if windowsupdate wont let you run the patch because your using an illegal copy.. then

HELP ENDS HERE....

Yep.

 

[eloj]

>and is it bad to run this system with 100% usage for a long period of time?

Man, I hate people like you. Your non-protected crap of a windows box is probably spewing IIS probes and worms all over the internet as we speak, and your biggest "problem" is whether or not 100% CPU is bad for _your stuff_?

>What if i dont have a valid cd-key when i installed xp?

That's just iceing on the cake. Fucking great.

People like you are why I have a daily activity report from my boxen looking like this:

/etc/cron.daily/webalizer:
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
Error: Skipping oversized log record
[...]

Those are attempts to infect an IIS installation with some worm or another (I can't even be bothered to look up their names any more)

Please get THE FUCK OFF THE INTERNET. Pretty please?

 

[ExtremeFragFest]

wow i did not ask for your stupid ass to come here and post stupid shit.. i was asking for HELP not someone to come here and insult me now dont fuckin post in my thread..


Mod please delete this thread because of assholes like. eloj


I have a valid HOME cd-key But i perfer professonial. does it mater to you? i dont care if it does but oh well..

 

[odoe]

Everyone here was extremely helpful to you. There was no need for flaming. Your first mistake was using an invalid cd-key for winxp pro. This limits the amount of updates you can use from the Windows update site and thus leaves you open to certain security risks. You would also want to keep that under your hat, as the use of illegal cd-keys, which is warez is frowned upon here.