Solved

svchost.exe hogging internet bandwidth

Posted on 2010-08-31
5
1,085 Views
Last Modified: 2013-12-06
I am working on an older Dell Dimension 4300 w/ WINDOWS XP that had a pretty bad Malware infection.  I thought I got it cleaned up but after leaving the system on overnight, i came in the next day and it is constantly uploading somthing at a steady 1MB per second.  I have ran all of my tools again and still does it.  

EDIT: I determined it was uploading by looking at out routers live bandwidth stats, and also Windows XP Task Manager.

I have all services disabled as well as startup programs.  If needed, I can post a Hijackthis log or whatever you need so we can figure this out.

Wanted to add that i just ended a svchost.exe prosess and now its not uploading.  

Like always, Thanks ahead of time for your help.
0
Comment
Question by:david1986
5 Comments
 

Author Comment

by:david1986
ID: 33570331
Hey All,

Here's an update on where we're at:

First off, if you Google "svchost.exe hogging internet bandwidth" there are lots of similar reports of problems.
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=svchost.exe+hogging+internet+bandwidth#hl=en&q=svchost.exe+hogging+internet+bandwidth&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=3318d71742fc0392

From all of our diagnostics, it certainly appears the issue is related to a malware infection disguising itself as svchost. The question is: How do we remove this infection?


Rebooting in safe mode with networking: The issue STILL occurs.

Killing various svchost.exe processes seems to solve the problem....but of course it reoccurs upon reboot.

Looking at the HiJackThis log, I don't see anything out of the ordinary...but once again I suspect this is due to the disguise of the malware.

Really appreciate the advice on this one!

-DAVID
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 500 total points
ID: 33570619
Search for svchost.exe and see if there is more than one. The legitimate svchost.exe should be in C:\Windows\System32 There may be a malicious svchost.exe in a different subfolder that could be deleted after you stop the process in task manager. It may also be a file that is restored from another copy with a different name, for example, a file in a temp folder ending with .tmp
0
 
LVL 22

Expert Comment

by:optoma
ID: 33570835
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

>If they dont run, redownload them but rename them prior to saving them
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33572609
Also run malwarebytes in safe mode and update it before running a full system scan:

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 

Author Closing Comment

by:david1986
ID: 33581857
worked great problem solved
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now