Solved

Virus increase CPU usage!

Posted on 2004-09-20
12
1,333 Views
Last Modified: 2012-05-05
Hi, What is the new virus that increase CPU usage all the time and how can I get rid from it using Norton anti-virus?

Thanks.
0
Comment
Question by:Abdu_Allah
12 Comments
 
LVL 4

Expert Comment

by:tekchic
ID: 12102391
Hi Abdu_Allah,

What process is taking up all the CPU usage?  Also here's a link where Norton can be guilty of doing the same: http://www.experts-exchange.com/Applications/Viruses/Q_20716363.html

.: tekchic :.
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102829
>What process is taking up all the CPU usage?
SVCHOST.EXE
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102845
>Norton can be guilty of doing the same.

Noway, I have installed Norton for more than 2 years, but this problem is new.
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 4

Accepted Solution

by:
tekchic earned 50 total points
ID: 12103996
Here are a few links I found regarding the 100% CPU cycles usage on SVCHOST.EXE.

http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

There's also the "Welchia Worm".....
According Symantec, it produces itself as:
%System%\Wins\Dllhost.exe, then copies itself to your system folder.  Then %System%\Dllcache\Tftpd.exe is cloned as %System%\Wins\svchost.exe

I know this is a basic question, but are all your Norton files up to date?  Personally, I don't think Norton catches "everything".  I use a mixture of both spyware removal tools and virus scanners.  An online one that's free that you might want to try is at http://housecall.antivirus.com.  It doesn't install to your machine, it just runs it online.  I've had it detect worms that Norton missed even after Norton was updated.

Good luck.
0
 
LVL 4

Expert Comment

by:gemchest
ID: 12119803
Hi Abdu_allah,

Do you have your indexing function switched on? cos if it's on and you've just install some big programs, your computer resource will shot like crazy and seems to be hanging up.

to switch this function off, goto control panel>administraive tools>services
switch off "indexing service" and change "startup type" to manual.

reboot the com and should be fine.

cheers,
Luis
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12120931
gemchest, "indexing service" is already off!

Without any doubt this is a virus and the norton can not see it!
This problem appear if I open the Internet connection and it is continue even if I disconnect.

Thanks.
0
 
LVL 6

Expert Comment

by:akboss
ID: 12137243
Try downloading this free A/V.
AVG
http://www.grisoft.com/us/us_dwnl_free.php

Shut norton down and run this one in safe mode after you have run the updater.

They are really good about getting updates out as fast or faster than norton has.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12142044
svchost is usuall a valid windows componant. But I'd check with PrcView (http://www.prcview.com)

This lets you see the path to the image that is running, very useful. The valid svchost runs from c:\windows\system32 the fake ones tend to run from c:\windows or another 'not system32' folder

If you do have a fake svchost and you AV didn't spot it then I'd change AV (or at least update it and try again)

As no one has mentioned it a good first check is stinger (http://vil.nai.com/vil/stinger). It's a free DL and check for the 30-50 latest 'popular' viruses. NAI update it very regularly so I DL it whenever I think it'll be useful.

If stinger and your chosen AV fail to notice anything then the chances are you don't have a virus.

A hijackthis log may help us to assist further.

acmp<><
0
 
LVL 1

Expert Comment

by:Pete Barr
ID: 12146064
how long is  a piece of string!
0
 
LVL 4

Expert Comment

by:tekchic
ID: 12147522
petebarr -- What the heck are you talking about?
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12262285
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question