Solved

svchost.exe hogging internet bandwidth

Posted on 2010-08-31
5
1,111 Views
Last Modified: 2013-12-06
I am working on an older Dell Dimension 4300 w/ WINDOWS XP that had a pretty bad Malware infection.  I thought I got it cleaned up but after leaving the system on overnight, i came in the next day and it is constantly uploading somthing at a steady 1MB per second.  I have ran all of my tools again and still does it.  

EDIT: I determined it was uploading by looking at out routers live bandwidth stats, and also Windows XP Task Manager.

I have all services disabled as well as startup programs.  If needed, I can post a Hijackthis log or whatever you need so we can figure this out.

Wanted to add that i just ended a svchost.exe prosess and now its not uploading.  

Like always, Thanks ahead of time for your help.
0
Comment
Question by:david1986
5 Comments
 

Author Comment

by:david1986
ID: 33570331
Hey All,

Here's an update on where we're at:

First off, if you Google "svchost.exe hogging internet bandwidth" there are lots of similar reports of problems.
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=svchost.exe+hogging+internet+bandwidth#hl=en&q=svchost.exe+hogging+internet+bandwidth&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=3318d71742fc0392

From all of our diagnostics, it certainly appears the issue is related to a malware infection disguising itself as svchost. The question is: How do we remove this infection?


Rebooting in safe mode with networking: The issue STILL occurs.

Killing various svchost.exe processes seems to solve the problem....but of course it reoccurs upon reboot.

Looking at the HiJackThis log, I don't see anything out of the ordinary...but once again I suspect this is due to the disguise of the malware.

Really appreciate the advice on this one!

-DAVID
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 500 total points
ID: 33570619
Search for svchost.exe and see if there is more than one. The legitimate svchost.exe should be in C:\Windows\System32 There may be a malicious svchost.exe in a different subfolder that could be deleted after you stop the process in task manager. It may also be a file that is restored from another copy with a different name, for example, a file in a temp folder ending with .tmp
0
 
LVL 22

Expert Comment

by:optoma
ID: 33570835
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

>If they dont run, redownload them but rename them prior to saving them
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33572609
Also run malwarebytes in safe mode and update it before running a full system scan:

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 

Author Closing Comment

by:david1986
ID: 33581857
worked great problem solved
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question