none
SVCHOST.exe taking up the CPU(99%)

    Question

  • I have 3 windows server 2003 r2 installed, all are affected with this problem, suddenly the SVCHOST.exe takes a CPU upto 100%(never reduces less than 98%) i have to kill the process from my taskbar, then only the problem solves and then i have to restart the services which got stopped by ending that process.

    so my question is--- is it a virus? a malware?

    I hope it's not related to update because i have disabled and tried it, but still the problem occurs!

    please help as i will get  this problem daily (atleast 2 times) in all the servers. 

    Wednesday, August 22, 2012 11:38 AM

Answers

  • It's because of a worm conficker,

    Cleared the worm using http://support.microsoft.com/kb/962007

     

    Thanks

    Thursday, August 30, 2012 2:01 PM

All replies

  • Hi,

    Thank you for posting.

    The "SVCHOST.exe" process problem can be related to some third-party program in the system or virus infection.

    If the system is installed with anti-virus software, please perform system scan to confirm whether it is infected by virus.

    If the system turns out to be clean, the issue can be related to third-party program which launch itself automatically on system start-up.

    To narrow down the cause of the problem, we can use clean boot method to troubleshoot this issue:

    How to configure Windows XP to start in a "clean boot" state

    http://support.microsoft.com/kb/310353

    The article is for Windows XP. However, the steps can also apply to Windows Server 2003.

    Hope the information can be useful to you.

    Regards

    Kevin
    Thursday, August 23, 2012 8:55 AM
  • Hello. I have had this where it has been hardware, the cpu and case needed a clean, the system temps were really high.

    Another time i've had it been related to software which was resolved with a malwarebytes scan.

    the tool that i frequently use for troubleshooting this issue is:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Process explorer by sysinternals.

    Thursday, August 23, 2012 3:48 PM
  • Hi,

    Okay i will give a detailed view-

    I have a linux ubuntu server configured as gateway and with shorewall, i have 3 windows servers connected to the gateway which got infected with SVCHOST 100%.

    Now i did a trial and error method to know from where the problem is coming as-

    • I created a new windows server not connected to gateway or any of the other 3 servers ----> result: no Affect
    • I removed the gateway of all the 3 W servers and connected the new server to the gateway ----> result: SVCHOST.exe CPU 100%
    • One more interesting thing is that one of the W server went 100% CPU even though it is not connected to the gateway

    Suspecting: Something is affecting from the gateway to the windows server and then it is on it's own.


    I think it's definitely a trojan, because: i will find some trojans in Content.IE5, some unknown registry entries, all registry entries pointing to netsvcs and also pointing to some unknown dll file which does not exist

    Not able to detect the root trojan

    what may be the the problem, what is the solution? please help

    thank you


    Monday, August 27, 2012 6:30 AM
  • It's because of a worm conficker,

    Cleared the worm using http://support.microsoft.com/kb/962007

     

    Thanks

    Thursday, August 30, 2012 2:01 PM