Solved

Virus increase CPU usage!

Posted on 2004-09-20
12
1,311 Views
Last Modified: 2012-05-05
Hi, What is the new virus that increase CPU usage all the time and how can I get rid from it using Norton anti-virus?

Thanks.
0
Comment
Question by:Abdu_Allah
12 Comments
 
LVL 4

Expert Comment

by:tekchic
ID: 12102391
Hi Abdu_Allah,

What process is taking up all the CPU usage?  Also here's a link where Norton can be guilty of doing the same: http://www.experts-exchange.com/Applications/Viruses/Q_20716363.html

.: tekchic :.
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102829
>What process is taking up all the CPU usage?
SVCHOST.EXE
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102845
>Norton can be guilty of doing the same.

Noway, I have installed Norton for more than 2 years, but this problem is new.
0
 
LVL 4

Accepted Solution

by:
tekchic earned 50 total points
ID: 12103996
Here are a few links I found regarding the 100% CPU cycles usage on SVCHOST.EXE.

http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

There's also the "Welchia Worm".....
According Symantec, it produces itself as:
%System%\Wins\Dllhost.exe, then copies itself to your system folder.  Then %System%\Dllcache\Tftpd.exe is cloned as %System%\Wins\svchost.exe

I know this is a basic question, but are all your Norton files up to date?  Personally, I don't think Norton catches "everything".  I use a mixture of both spyware removal tools and virus scanners.  An online one that's free that you might want to try is at http://housecall.antivirus.com.  It doesn't install to your machine, it just runs it online.  I've had it detect worms that Norton missed even after Norton was updated.

Good luck.
0
 
LVL 4

Expert Comment

by:gemchest
ID: 12119803
Hi Abdu_allah,

Do you have your indexing function switched on? cos if it's on and you've just install some big programs, your computer resource will shot like crazy and seems to be hanging up.

to switch this function off, goto control panel>administraive tools>services
switch off "indexing service" and change "startup type" to manual.

reboot the com and should be fine.

cheers,
Luis
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12120931
gemchest, "indexing service" is already off!

Without any doubt this is a virus and the norton can not see it!
This problem appear if I open the Internet connection and it is continue even if I disconnect.

Thanks.
0
 
LVL 6

Expert Comment

by:akboss
ID: 12137243
Try downloading this free A/V.
AVG
http://www.grisoft.com/us/us_dwnl_free.php

Shut norton down and run this one in safe mode after you have run the updater.

They are really good about getting updates out as fast or faster than norton has.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12142044
svchost is usuall a valid windows componant. But I'd check with PrcView (http://www.prcview.com)

This lets you see the path to the image that is running, very useful. The valid svchost runs from c:\windows\system32 the fake ones tend to run from c:\windows or another 'not system32' folder

If you do have a fake svchost and you AV didn't spot it then I'd change AV (or at least update it and try again)

As no one has mentioned it a good first check is stinger (http://vil.nai.com/vil/stinger). It's a free DL and check for the 30-50 latest 'popular' viruses. NAI update it very regularly so I DL it whenever I think it'll be useful.

If stinger and your chosen AV fail to notice anything then the chances are you don't have a virus.

A hijackthis log may help us to assist further.

acmp<><
0
 
LVL 1

Expert Comment

by:Pete Barr
ID: 12146064
how long is  a piece of string!
0
 
LVL 4

Expert Comment

by:tekchic
ID: 12147522
petebarr -- What the heck are you talking about?
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12262285
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now