Solved

DcomLaunch using up ton of memory and TCP/IP connections

Posted on 2014-01-08
3
689 Views
Last Modified: 2014-01-15
Issue with an employee's pc getting very slow and unresponsive after a while.  Upon research I've found that the SVCHost process running the DCOM Launcher and TermServices is what is causing the issue.  It will start out using 200,000K after reboot and as you can see with the screen print can really start to hog the memory.  But what is more odd is all the TCPIP connections using all sorts of ports locally to HTTP ports.  I've run AVG Scan and Malawarebytes but nothing is showing up as bad.  Anyone have any ideas??  User is having to reboot every hour or so or his pc will just freeze up altogether.   Screen Print of Processes Running
0
Comment
Question by:VersaliftEast
  • 2
3 Comments
 
LVL 4

Expert Comment

by:Pradeep VIshwakarma
ID: 39767498
hi,

In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart.

Also do these to cleanup general corruption and repair/replace damaged/missing system files.

Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow
0
 

Accepted Solution

by:
VersaliftEast earned 0 total points
ID: 39771592
I had already done all that - still nothing.  

It ended up being #1 - Flash Player was being used to pull large amount of memory - had to stop the svchost running the DComLauncher process and uninstall Flash Player - it wouldn't allow uninstall without stopping the service.  Once service is stopped you only have 60 seconds to uninstall before XP would reboot itself.  

After that was fixed there was still a lot of TCPIP connections happening even with no apps on and still running with all the services disabled at startup.   So 2nd problem ended up being a Trojan virus that our Business AVG AV wasn't catching - BitDefender did tho.  

Everything seems to be back running ok now, altho monitoring the users machine still.
0
 

Author Closing Comment

by:VersaliftEast
ID: 39781805
Took 3 days to figure it out, but it is fixed.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Read about achieving the basic levels of HRIS security in the workplace.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now