• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 56
  • Last Modified:

svchiost.exe using all my systems memory please help

see screenshot
svchost.png
0
frankbustos
Asked:
frankbustos
  • 11
  • 5
  • 5
  • +2
4 Solutions
 
omgangCommented:
Right click the svchost.exe process and choose Go To Service(s) from the context menu.  This will show you the running services associated with that process.  Hopefully you can identify the culprit.
OM Gang
0
 
John HurstBusiness Consultant (Owner)Commented:
SHCHOST controls many things. A very common cause of it consuming resources is malware.

Get a good commercial AV package, do a full scan and then follow that with Malwarebytes.
0
 
CompProbSolvCommented:
While it is generally a good idea to do the scanning that John recommended (and I wouldn't discourage it at all here), I'd want to identify exactly which process is using the memory (as suggested by omgang).

You can install Process Explorer from sysinternals to get more details about the individual processes.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dbruntonCommented:
I'll second Process Explorer as suggested by CompProbSolv.

Download from here https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

It may very well be Malware as suggested by John Hurst (and that would be my first thought) but you can use Process Explorer to identify the file or dll that is causing the problem quickly this way.
0
 
frankbustosAuthor Commented:
ok I downloaded process explorer and here is the results, please look at the attachedment.
0
 
frankbustosAuthor Commented:
sorry here is the screenshot
process-explorer.png
0
 
John HurstBusiness Consultant (Owner)Commented:
The screen shot was not very illuminating. Can you sort on CPU (not memory) and that will help you see what is using the memory.
0
 
frankbustosAuthor Commented:
how about now look at this one
process1.png
0
 
John HurstBusiness Consultant (Owner)Commented:
It seems to point to a virus on your machine (virus scanning running) and then an SVCHOST process I do not see an identifier for.

So back to an earlier post, the cause here appears to be malware.
0
 
frankbustosAuthor Commented:
ok i'll scan again and let you know the results.
0
 
frankbustosAuthor Commented:
it came back clean from malware.
malware.png
0
 
John HurstBusiness Consultant (Owner)Commented:
You may have some legacy software running

Try running System File Checker. SFC /SCANNOW from an admin command prompt.

More likely (given the above), you are going to need to back up and re-install Windows
0
 
frankbustosAuthor Commented:
I just did that a few days ago. I had windows 7 -32bit and I changed to 64bit. it's a clean system as it is.
0
 
John HurstBusiness Consultant (Owner)Commented:
Wow - very strange.

Try a new, test, Windows User Profile (Account). Log into the new Windows Account and test.
0
 
CompProbSolvCommented:
In first and third screenshots, SVCHOST was using 1.1-1.5G of RAM.  In the second one it is about a tenth of that.

Do you know what changed?
0
 
frankbustosAuthor Commented:
so I ended up formatting the hard drive and re-installing everything then after I installed office 2010 I noticed that svchost took over memory.
0
 
dbruntonCommented:
So, the problem still exists?

If so then try the Microsoft Malicious Removal Tool https://www.microsoft.com/en-nz/download/malicious-software-removal-tool-details.aspx and see what it finds on your system.
0
 
frankbustosAuthor Commented:
yes I did a scan with malware bytes and found Trojan.dropper.fav and pup.optional.downloadadmin I'm doing a scan now with hitman pro and then i'll try Microsoft and keep you posted.
0
 
CompProbSolvCommented:
Before doing a wipe and reinstall (or major attempts at resolving problems), I typically make a complete copy of the original drive.  It can be done with software or with fairly inexpensive (<$40) hardware tools.  That way I can always get back to where I started if needed.

I would also disconnect it from the internet and reboot.  You may be seeing some effects of it trying to do updates.

In addition to John's scanning suggestion, I'd use TDSSKiller:
https://support.kaspersky.com/viruses/disinfection/5350#block1
Click on "How to disinfect..." then "tdsskiller.exe".
It just looks for rootkits and is very quick to run.

I'd also boot in Safe Mode and see if the issue persists.  I've seen things of this sort that were resolved by disabling the WMI service.
0
 
frankbustosAuthor Commented:
I'm doing scans in safemode now, it seems to be working normal in safemode
0
 
frankbustosAuthor Commented:
Ok, I did scans in safemode and it's free of malware . I log back into normal mode and I see two svchost.exe starts piking up taking all of memory resources. ARGH
0
 
dbruntonCommented:
>>  it seems to be working normal in safemode

Something in your Startup is getting loaded then.  Read http://answers.microsoft.com/en-us/windows/forum/all/how-to-get-startup-folder-in-start-all-programs/d3f5486a-16c0-4e69-8446-c50dd35163f1 and the post by Steve Winograd on the location of Startup folders and see what is there.  This isn't necessarily all of the locations where Startup occurs but might help.
0
 
frankbustosAuthor Commented:
ok, so I narrowed it down. I went to services and I stopped services one by one. and everytime I stopped the service Windows Updates the memory goes down to normal and as soon as I start it, it goes back to using all memory. So it's a problem with windows updates because it just keeps saying checking for updates but never completes. How do I get updates using another method?
0
 
dbruntonCommented:
Have you got SP 1 installed and then the Rollup pack?

This https://support.microsoft.com/en-us/kb/3172605 talks about the Rollup pack and the SP 1 and gives you links to both.
0
 
CompProbSolvCommented:
There are numerous posts on EE about this.  The solution that usually works is to install some key updates and then use offline WSUS to download and install the other updates.

If you don't get a response with the detail or can't find them here, drop a note and I'll look.
0
 
dbruntonCommented:
frankbustos for identifying the problem, Update process hogging memory.
John Hurst for suggesting malware on machine.  Some malware was found.
dbrunton for suggestion Service Pack and Rollup pack to be installed.  Unknown if this was done.
CompProbSolv for asking for feedback so he could suggest other links to solve Windows Update problems.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 11
  • 5
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now