I have 3 windows server 2003 r2 installed, all are affected with this problem, suddenly the SVCHOST.exe takes a CPU upto 100%(never reduces less than 98%) i have to kill the process from my taskbar, then only the problem solves and then i have to restart the services which got stopped by ending that process.
so my question is--- is it a virus? a malware?
I hope it's not related to update because i have disabled and tried it, but still the problem occurs!
please help as i will get this problem daily (atleast 2 times) in all the servers.
- Moved by Mike Dos ZhangMicrosoft contingent staff Thursday, August 23, 2012 6:58 AM move to more appropriate forum (From:General Windows Desktop Development Issues)
Thank you for posting.
The "SVCHOST.exe" process problem can be related to some third-party program in the system or virus infection.
If the system is installed with anti-virus software, please perform system scan to confirm whether it is infected by virus.
If the system turns out to be clean, the issue can be related to third-party program which launch itself automatically on system start-up.
To narrow down the cause of the problem, we can use clean boot method to troubleshoot this issue:
How to configure Windows XP to start in a "clean boot" state
The article is for Windows XP. However, the steps can also apply to Windows Server 2003.
Hope the information can be useful to you.
Hello. I have had this where it has been hardware, the cpu and case needed a clean, the system temps were really high.
Another time i've had it been related to software which was resolved with a malwarebytes scan.
the tool that i frequently use for troubleshooting this issue is:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Process explorer by sysinternals.
Okay i will give a detailed view-
I have a linux ubuntu server configured as gateway and with shorewall, i have 3 windows servers connected to the gateway which got infected with SVCHOST 100%.
Now i did a trial and error method to know from where the problem is coming as-
- I created a new windows server not connected to gateway or any of the other 3 servers ----> result: no Affect
- I removed the gateway of all the 3 W servers and connected the new server to the gateway ----> result: SVCHOST.exe CPU 100%
- One more interesting thing is that one of the W server went 100% CPU even though it is not connected to the gateway
Suspecting: Something is affecting from the gateway to the windows server and then it is on it's own.
I think it's definitely a trojan, because: i will find some trojans in Content.IE5, some unknown registry entries, all registry entries pointing to netsvcs and also pointing to some unknown dll file which does not exist
Not able to detect the root trojan
what may be the the problem, what is the solution? please help
- Edited by nithin venugopal Monday, August 27, 2012 2:01 PM