- SVCHost.exe
- Posted by TwisterFreak on January 27th, 2004
Hi.
I have a problem, that i hope you guys could shed some light on.
A friend is running Win XP Home Edition. Quite a few months ago she
contracted the msblast.exe virus and the traditional shut down problem. I
ran fixblast, installed the patch and sorted that.
A week later she complained the PC was running real slow. I checked it out,
and in processes, svchost.exe was pushing the CPU to 100% constantly.
I ran a virus scan, which found nothing, spybot, and adaware found nothing.
In the end i wiped and installed WinXP Pro.
Now, two months later while installing a printer, i notice that the svchost
problem is back.
I ran usual tests but it remains.
I can end the process without any problems, but it starts itself up a few
minutes later.
Running msconfig.exe reveals nothing.
WinXP has all the critical patches installed.
I have no information on the hardware, sorry.
Any of you guys heard of this, and could perhaps help.
Cheers
Darren
- Posted by Unk on January 27th, 2004
You might want to read this:
Black Viper's Windows XP Home and Professional Services Configurations:
http://www.blackviper.com/WinXP/servicecfg.htm
On Tue, 27 Jan 2004 17:52:42 -0000, "TwisterFreak"
<twisterfreak1970REMOVE@REMOVEyahoo.co.uk> wrote:
- Posted by Frank on January 27th, 2004
Darren
I had an XP machine that was doing the same thing you describe. It was a
worm that created 2 files in its own directory.
"c:\windows\system32\wins\svchost.exe" and
"c:\windows\system32\wins\dllhost.exe". Norton AV couldn't remove the virus
or delete these files because they were protected from being modified or
deleted.
NOTE: svchost.exe and dllhost.exe are real OS files which reside under the
"c:\windows\system32" directory.
The only way I could remove the files was to disable "svchost.exe" and
"dllhost.exe" in the task manager. This brought up a screen that was
counting down to a system reboot. While the computer was counting down I
was able go into a DOS prompt and delete the "c:\windows\system32\wins"
directory.
By deleteing these bogus files I got rid of the virus and my CPU% dropped
back to normal. Again, don't delete the real OS files under the
"c:\windows\system32" directory.
Good Luck
Frank
"TwisterFreak" <twisterfreak1970REMOVE@REMOVEyahoo.co.uk> wrote in message
news:4016a564$0$28131$cc9e4d1f@news.dial.pipex.com ...
- Posted by Frank on January 27th, 2004
Darren
I had an XP machine that was doing the same thing you describe. It was a
worm that created 2 files in its own directory.
"c:\windows\system32\wins\svchost.exe" and
"c:\windows\system32\wins\dllhost.exe". Norton AV couldn't remove the virus
or delete these files because they were protected from being modified or
deleted.
NOTE: svchost.exe and dllhost.exe are real OS files which reside under the
"c:\windows\system32" directory.
The only way I could remove the files was to disable "svchost.exe" and
"dllhost.exe" in the task manager. This brought up a screen that was
counting down to a system reboot. While the computer was counting down I
was able go into a DOS prompt and delete the "c:\windows\system32\wins"
directory.
By deleteing these bogus files I got rid of the virus and my CPU% dropped
back to normal. Again, don't delete the real OS files under the
"c:\windows\system32" directory.
Good Luck
Frank
"TwisterFreak" <twisterfreak1970REMOVE@REMOVEyahoo.co.uk> wrote in message
news:4016a564$0$28131$cc9e4d1f@news.dial.pipex.com ...
- Posted by lsj7 on January 27th, 2004
Unk wrote:
thanks for the link.....
--
lsj7
Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard
