Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.
svchost.exe process using a lot of memory...
Hi experts, I have a desktop computer running Vista here that shows a "svchost.exe" process running that sometimes uses 500-600 megs of memory - that doesn't seem right. is there a way to find out what is going on there.... or if it's some kind of virus or something?
Thanks
Shawn
Thanks
Shawn
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
svchost runs on all machines. My machine right now is under 100 MB.
Scan for viruses using your own AV and then scan with Malwarebytes.
Scan for viruses using your own AV and then scan with Malwarebytes.
SVCHost.exe is precisely that 'a host for services' You will see a bunch of these.
one instance of svchost will have under it all the services that run under a specific logon account.
You can use sysinternals procmon and go to the PID of the svchost and see what it has launched and what the memory/cpu usage is to find the problematic service.
one instance of svchost will have under it all the services that run under a specific logon account.
You can use sysinternals procmon and go to the PID of the svchost and see what it has launched and what the memory/cpu usage is to find the problematic service.
I had that problem with my Vista laptop recently. The "svchost.exe" on mine included the Windows Update services. I finally 'fixed it' (until next time) by letting it run for about 24 hours until it found all the updates and installed them. It appears that it gets to about 500 Mbytes with total RAM usage about 95% and starts swapping out to disk which slows Everything down until it finally finishes. It was "back to normal" two days ago.
Windows Update is a major problem if you don't have the latest Windows Update Client/Agent installed.
I've had a network of 20 Win7 computers slow down to a crawl until I found the problem.
The latest Windows Update Client for Windows 7 is available here:
https://support.microsoft.com/en-us/kb/3065987
I've no idea what the latest for Vista is.
HTH,
Dan
I've had a network of 20 Win7 computers slow down to a crawl until I found the problem.
The latest Windows Update Client for Windows 7 is available here:
https://support.microsoft.com/en-us/kb/3065987
I've no idea what the latest for Vista is.
HTH,
Dan
Thanks guys/// I've run malwarebytes, Eset Online Scanner, RogueKiller, and panda online scanner... and each one found a few things and cleared them out. Dave and Dan - I think you might be on to something as I haven't did any Windows Uodates in a while. I launched that a few hours ago and it is suspiciously *still* saying:
"Downloading updates
Downloading 30 updates (0 KB total, 0% complete)"
I don't know if that's going to kick in anytime soon, or maybe like Dan suggested, my Windows Update client needs fixing...
Thanks
Shawn
"Downloading updates
Downloading 30 updates (0 KB total, 0% complete)"
I don't know if that's going to kick in anytime soon, or maybe like Dan suggested, my Windows Update client needs fixing...
Thanks
Shawn
Set Updates to Never. Turn the machine OFF. Start up, Set Updates to Automatic and they will start running. Leave overnight and there is a 95% or better success rate that they will be done in the morning.
Thanks John, I am doing this right now. It's been sitting on "Checking for updates" for the last 15 minutes.... will let it go for a while and see what happens.
Thanks
Shawn
Thanks
Shawn
As I said Shawn... last week it took 24 Hours for my Vista laptop to finish "Checking for updates" and install them. When I fired it up again yesterday, it took 15 minutes for it to settle down and act 'normally'. During that time 'svchost' went to almost 1.5 GB of RAM usage a couple of times. It ended up at less than 200KB after 15 minutes.
OK guys, I think I'm making progress. It found and ran all the pending updates (almost 30)... I gave it a day to settle down and sort itself out after that. Now the svchost.exe task is taking only 90 megs - a very good improvement.
Dan Craciun - do you think there is still a need for me to install a whole new Windows Update Client for Vista?
David Johnson - I am going to download and install "sysinternals procmon" and investigate what you recommended.
Thanks!
Shawn
Dan Craciun - do you think there is still a need for me to install a whole new Windows Update Client for Vista?
David Johnson - I am going to download and install "sysinternals procmon" and investigate what you recommended.
Thanks!
Shawn
Since yesterday was 'Update Tuesday', my Vista laptop is sitting there for the last 6 hours waiting for updates to magically appear.
On Windows 7 the new update client makes all the difference.
No more 3GB RAM used by svchost, no more 100% CPU usage for hours.
No more 3GB RAM used by svchost, no more 100% CPU usage for hours.
I'm up to 12 hours now with my Vista laptop. Only 50% CPU though abut 75% memory last time I checked.
Instead of accepting the fact that Microsoft is allowed to make your machines unusable for days every month, you could disable Automatic updates and use WSUS Offline or similar to keep your machines patched.
Hmm, I guess I spoke too soon... svchost.exe is back up now to almost 600 megs, sheesh. Maybe I will have to seek out the latest version of the update client for Windows Vista...
Shawn
Shawn
According to this page:
https://support.microsoft.com/en-ca/kb/949104
it would seem I've already got the latest version: 7.6.7600.256, dated 02/06/2012
Shawn
https://support.microsoft.com/en-ca/kb/949104
it would seem I've already got the latest version: 7.6.7600.256, dated 02/06/2012
Shawn
Thanks John... I'm really not keen to overhaul the Vista OS to something else. It's not that I'm so attached to Vista, it's just that I don't need the extra ordeal right now in trying to upgrade that desktop to something newer. It's a computer that I don't use all that often, so it's not especially crucial or pressing... and I've never really had a problem with Vista.
Thanks
Shawn
Thanks
Shawn
So don't use Automatic Updates anymore. Is there any policy in place that forbids you to use an offline updater?
Sorry for the long absence guys, I was sidetracked by something. I'm still having the same problem - a svchost.exe process using about 500 megs and 50% CPU when my Vista machine is running nothing else and basically just idle. David Johnson, I ran Process Explorer and I've attached the screenshot. The svchost.exe in question shows several processes - is there a way to hone in on which particular process is hogging all the juice?
Thanks
Shawn
ProcessExplorer.jpg
Thanks
Shawn
ProcessExplorer.jpg
Yeah: stop the Windows Update service (via the Services snapin or via cli, with 'net stop wuauserv').
Then you'll see that svchost process at 1% CPU.
Then you'll see that svchost process at 1% CPU.
Thanks Dan, I tried the on the Command Line - net stop wuauserv
... but it gave error msg "System error 5 has occurred. Access is denied"
I'm not sure what you mean by the "Services snapin".
Thanks
Shawn
... but it gave error msg "System error 5 has occurred. Access is denied"
I'm not sure what you mean by the "Services snapin".
Thanks
Shawn
You need to run the Command prompt as an administrator.
The services snapin is the visual tool. Right click on Computer, choose Manage and on the left, under "Services and applications" you'll find Services.
Or Control Panel->Administrative Tools->Services.
Or type on the run command in the start menu: services.msc
The services snapin is the visual tool. Right click on Computer, choose Manage and on the left, under "Services and applications" you'll find Services.
Or Control Panel->Administrative Tools->Services.
Or type on the run command in the start menu: services.msc
I have a Vista machine on my laptop that updated properly to June 19 and not since.
I have a backup of this machine made in January 2016 and updated to that point and it will no longer update.
I do not think Microsoft is much interested in a system that has 1% market share and falling. It really is time to move on.
I have a backup of this machine made in January 2016 and updated to that point and it will no longer update.
I do not think Microsoft is much interested in a system that has 1% market share and falling. It really is time to move on.
Thanks Dan, I stopped the service and it seemed to fix things - that svchost.exe process quieted right down. But I did a re-boot and now the same svchost.exe process is back up again to 600 megs/50% CPU, and checking services.msc, that Windows Update task is running again. Is it as simple as UNchecking the Windows Update process under the "Services" tab in the screen that comes up when I do a "msconfig"... so it won't re-launch whenever I do a reboot?
Thanks
Shawn
Thanks
Shawn
You're welcome.
@John: 1% of 500.000.000 computers makes 5.000.000 (5 million) computers.
Not negligible...
@John: 1% of 500.000.000 computers makes 5.000.000 (5 million) computers.
Not negligible...
I am glad you got your computer working and I was happy to assist.
I still think Vista is now past any redemption.
I still think Vista is now past any redemption.
Well, I spoke to soon guys.... I shut my machine down last night and booted it back up this morning and Windows Update is back running again - using 800 megs of RAM! In the Services snapin, it is now listed as "Manual" Startup Type. Double-clicking on that, it shows "Startup Type" as Disabled... so I don't know how it could have started up again. There's a button to STOP the service right now, so I'm going to click that. Hmm, now I see in the "Recovery" tab there, there's an option "Select the computers response if this service fails", and it shows 3 dropdown boxes - 1st failure, 2nd Failure, and Subsequent failures. 1st Failure says "Restart the service", and the other two say "Take no action". Could that be the culprit? I'm going to set that "1st Failure" to "Take No Action" also.
In the msconfig/services tab, it's back there listed again also. I'm going to try to uncheck it from that tab, and shut down and boot up again. Will let you know the progress...
Thanks
Shawn
In the msconfig/services tab, it's back there listed again also. I'm going to try to uncheck it from that tab, and shut down and boot up again. Will let you know the progress...
Thanks
Shawn
Premium Content
You need an Expert Office subscription to comment.Start Free Trial