Solved

svchost.exe hogging internet bandwidth

Posted on 2010-08-31
5
1,139 Views
Last Modified: 2013-12-06
I am working on an older Dell Dimension 4300 w/ WINDOWS XP that had a pretty bad Malware infection.  I thought I got it cleaned up but after leaving the system on overnight, i came in the next day and it is constantly uploading somthing at a steady 1MB per second.  I have ran all of my tools again and still does it.  

EDIT: I determined it was uploading by looking at out routers live bandwidth stats, and also Windows XP Task Manager.

I have all services disabled as well as startup programs.  If needed, I can post a Hijackthis log or whatever you need so we can figure this out.

Wanted to add that i just ended a svchost.exe prosess and now its not uploading.  

Like always, Thanks ahead of time for your help.
0
Comment
Question by:david1986
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Author Comment

by:david1986
ID: 33570331
Hey All,

Here's an update on where we're at:

First off, if you Google "svchost.exe hogging internet bandwidth" there are lots of similar reports of problems.
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=svchost.exe+hogging+internet+bandwidth#hl=en&q=svchost.exe+hogging+internet+bandwidth&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=3318d71742fc0392

From all of our diagnostics, it certainly appears the issue is related to a malware infection disguising itself as svchost. The question is: How do we remove this infection?


Rebooting in safe mode with networking: The issue STILL occurs.

Killing various svchost.exe processes seems to solve the problem....but of course it reoccurs upon reboot.

Looking at the HiJackThis log, I don't see anything out of the ordinary...but once again I suspect this is due to the disguise of the malware.

Really appreciate the advice on this one!

-DAVID
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 500 total points
ID: 33570619
Search for svchost.exe and see if there is more than one. The legitimate svchost.exe should be in C:\Windows\System32 There may be a malicious svchost.exe in a different subfolder that could be deleted after you stop the process in task manager. It may also be a file that is restored from another copy with a different name, for example, a file in a temp folder ending with .tmp
0
 
LVL 22

Expert Comment

by:optoma
ID: 33570835
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

>If they dont run, redownload them but rename them prior to saving them
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33572609
Also run malwarebytes in safe mode and update it before running a full system scan:

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 

Author Closing Comment

by:david1986
ID: 33581857
worked great problem solved
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question