Solved

Virus increase CPU usage!

Posted on 2004-09-20
12
1,321 Views
Last Modified: 2012-05-05
Hi, What is the new virus that increase CPU usage all the time and how can I get rid from it using Norton anti-virus?

Thanks.
0
Comment
Question by:Abdu_Allah
12 Comments
 
LVL 4

Expert Comment

by:tekchic
ID: 12102391
Hi Abdu_Allah,

What process is taking up all the CPU usage?  Also here's a link where Norton can be guilty of doing the same: http://www.experts-exchange.com/Applications/Viruses/Q_20716363.html

.: tekchic :.
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102829
>What process is taking up all the CPU usage?
SVCHOST.EXE
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12102845
>Norton can be guilty of doing the same.

Noway, I have installed Norton for more than 2 years, but this problem is new.
0
 
LVL 4

Accepted Solution

by:
tekchic earned 50 total points
ID: 12103996
Here are a few links I found regarding the 100% CPU cycles usage on SVCHOST.EXE.

http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html

There's also the "Welchia Worm".....
According Symantec, it produces itself as:
%System%\Wins\Dllhost.exe, then copies itself to your system folder.  Then %System%\Dllcache\Tftpd.exe is cloned as %System%\Wins\svchost.exe

I know this is a basic question, but are all your Norton files up to date?  Personally, I don't think Norton catches "everything".  I use a mixture of both spyware removal tools and virus scanners.  An online one that's free that you might want to try is at http://housecall.antivirus.com.  It doesn't install to your machine, it just runs it online.  I've had it detect worms that Norton missed even after Norton was updated.

Good luck.
0
 
LVL 4

Expert Comment

by:gemchest
ID: 12119803
Hi Abdu_allah,

Do you have your indexing function switched on? cos if it's on and you've just install some big programs, your computer resource will shot like crazy and seems to be hanging up.

to switch this function off, goto control panel>administraive tools>services
switch off "indexing service" and change "startup type" to manual.

reboot the com and should be fine.

cheers,
Luis
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12120931
gemchest, "indexing service" is already off!

Without any doubt this is a virus and the norton can not see it!
This problem appear if I open the Internet connection and it is continue even if I disconnect.

Thanks.
0
 
LVL 6

Expert Comment

by:akboss
ID: 12137243
Try downloading this free A/V.
AVG
http://www.grisoft.com/us/us_dwnl_free.php

Shut norton down and run this one in safe mode after you have run the updater.

They are really good about getting updates out as fast or faster than norton has.
0
 
LVL 6

Expert Comment

by:acmp
ID: 12142044
svchost is usuall a valid windows componant. But I'd check with PrcView (http://www.prcview.com)

This lets you see the path to the image that is running, very useful. The valid svchost runs from c:\windows\system32 the fake ones tend to run from c:\windows or another 'not system32' folder

If you do have a fake svchost and you AV didn't spot it then I'd change AV (or at least update it and try again)

As no one has mentioned it a good first check is stinger (http://vil.nai.com/vil/stinger). It's a free DL and check for the 30-50 latest 'popular' viruses. NAI update it very regularly so I DL it whenever I think it'll be useful.

If stinger and your chosen AV fail to notice anything then the chances are you don't have a virus.

A hijackthis log may help us to assist further.

acmp<><
0
 
LVL 1

Expert Comment

by:Pete Barr
ID: 12146064
how long is  a piece of string!
0
 
LVL 4

Expert Comment

by:tekchic
ID: 12147522
petebarr -- What the heck are you talking about?
0
 
LVL 3

Author Comment

by:Abdu_Allah
ID: 12262285
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

1 Experts available now in Live!

Get 1:1 Help Now