none
svchost.exe (LocalSystemNetworkRestricted) using 45% Mem - virus?

    Pertanyaan

  • Here's a screen picture showing details: https://skydrive.live.com/redir.aspx?cid=7915bbaf8fa8141b&resid=7915BBAF8FA8141B!220&parid=7915BBAF8FA8141B!196

    Problem is that normally during the last months when all programs are closed the CPU gadget would show 0-2 % CPU usage and 35-45% mem usage. And during some background task performance a little more CPU usage. The mem usage hardly ever goes over 50%.

    But as shown on picture 85% mem is reserved and it seems to be svchost.exe (LocalSystemNetworkRestricted) and when looking up its PID number it says: AudioEndpointBuilder, hidserv, Netman, PcaSvc, SysMain, TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc

    Also when opening defragmentationprogram it is clearly not running, so it can't be that.

    It will probably be gone after reboot. But can't it be closed without reboot?

    17 Februari 2012 20:32

Jawaban

  • The problem soon arose again: 4GB and 85% mem reserved! It is obviously very familiar as there are plenty of topics about it already. There's a website offering a fixtool but after scan it's not very clear and applies for payment. Another website suggests kaspersky cleanup and antimalware. I already got MSE running. But I tried this kaspersky thing. It had to be installed in safe mode. It came up with nothing. And I couldn't find it in the uninstall list.

    Process Monitor shows a list of subprograms involved.

    ....

    Just restored from a stable System Image Backup.


    18 Februari 2012 19:02

Semua Balasan

  • Use a tool like Process Explorer or Process Monitor from sysinternals to see what's going on.  It could be that some kind of background service hosted in one of the SVCHost processes is hogging memory.  Then disable the process from running at startup by unchecking it's box on the startup tab of msconfig if you seem to figure out that it is something not needed.  If it is a service, then go to services and change the startup type to disabled from the properrties of the service if you find that you don't need it. 

    17 Februari 2012 22:04
  • Process Monitor shows a very long list of regedit stuff. Process Explorer shows a kind of directory list with sub-programs and there are PID numbers, CPU usage and something called private bytes and working set.

    I've rebooted PC now but next time it happens I can try these. (Looks complicated)

    18 Februari 2012 2:32
  • The problem soon arose again: 4GB and 85% mem reserved! It is obviously very familiar as there are plenty of topics about it already. There's a website offering a fixtool but after scan it's not very clear and applies for payment. Another website suggests kaspersky cleanup and antimalware. I already got MSE running. But I tried this kaspersky thing. It had to be installed in safe mode. It came up with nothing. And I couldn't find it in the uninstall list.

    Process Monitor shows a list of subprograms involved.

    ....

    Just restored from a stable System Image Backup.


    18 Februari 2012 19:02
  • You just gave up way too quickly.  It is actually quite easy to figure out these kinds of issues if you know what to look for.  The private working set is your memory, while the other number corresponds to CPU usage.  Some programs in general take up a lot of CPU and/or memory.  Mostly the hoggers are either AV programs or other security programs.  Now it is very different when you have malware running, but as long as you know the list of processes that normally run on your system, you can learn to recognize the illegitimate ones.  So think before you just go restoring stuff unless you really don't want to deal with the issue at hand.  I love troubleshooting because it gives me something to do, but other folks on here probably aren't as crazy as me. 
    19 Februari 2012 3:09
  • Not having time to looking into "machine code" is not the same as giving up.

    It didn't bother MSE that 85% mem was gone with no program on the run.

    19 Februari 2012 4:38
  • Well I'm sorry you feel that way.  But those numbers are relatively easy to decipher. 
    20 Februari 2012 1:29
  • Hi guys,

    I got the same problem with Local system network restricted that it chews up my CPU to 80% for doing nothing at the startup on my win 7.

    I found out the reason is because of the Superfetch service which pre-loads apps when u start the computer up. Check it out here : http://en.wikipedia.org/wiki/Windows_Vista_I/O_technologies#SuperFetch

    There's likely a chance that there 's a conflict in one of those drivers or dll files of the apps. For my particular laptop is my wireless card's driver.

    So jump into services.msc >> Superfetch >> stop then disable it may help u get away with it.

    Hope that helps

    Cheers

    Ken

    17 April 2012 12:09
  • Well, This seem to have solved my problem.
    06 Juni 2013 11:13