svchost.exe hogging internet bandwidth

I am working on an older Dell Dimension 4300 w/ WINDOWS XP that had a pretty bad Malware infection.  I thought I got it cleaned up but after leaving the system on overnight, i came in the next day and it is constantly uploading somthing at a steady 1MB per second.  I have ran all of my tools again and still does it.  

EDIT: I determined it was uploading by looking at out routers live bandwidth stats, and also Windows XP Task Manager.

I have all services disabled as well as startup programs.  If needed, I can post a Hijackthis log or whatever you need so we can figure this out.

Wanted to add that i just ended a svchost.exe prosess and now its not uploading.  

Like always, Thanks ahead of time for your help.
david1986Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
tskelly082598Connect With a Mentor Commented:
Search for svchost.exe and see if there is more than one. The legitimate svchost.exe should be in C:\Windows\System32 There may be a malicious svchost.exe in a different subfolder that could be deleted after you stop the process in task manager. It may also be a file that is restored from another copy with a different name, for example, a file in a temp folder ending with .tmp
0
 
david1986Author Commented:
Hey All,

Here's an update on where we're at:

First off, if you Google "svchost.exe hogging internet bandwidth" there are lots of similar reports of problems.
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=svchost.exe+hogging+internet+bandwidth#hl=en&q=svchost.exe+hogging+internet+bandwidth&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=3318d71742fc0392

From all of our diagnostics, it certainly appears the issue is related to a malware infection disguising itself as svchost. The question is: How do we remove this infection?


Rebooting in safe mode with networking: The issue STILL occurs.

Killing various svchost.exe processes seems to solve the problem....but of course it reoccurs upon reboot.

Looking at the HiJackThis log, I don't see anything out of the ordinary...but once again I suspect this is due to the disguise of the malware.

Really appreciate the advice on this one!

-DAVID
0
 
optomaCommented:
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

>If they dont run, redownload them but rename them prior to saving them
0
 
Sudeep SharmaTechnical DesignerCommented:
Also run malwarebytes in safe mode and update it before running a full system scan:

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep
0
 
david1986Author Commented:
worked great problem solved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.