Check your SVCHOSTS- stolen bandwidth

Post your best Windows Tips, Shortcuts, Important add-ons, etc
Post Reply
Absolut Talent
Almighty Member
Posts: 2868
Joined: Mon Jan 07, 2002 12:30 pm

Check your SVCHOSTS- stolen bandwidth

Post by Absolut Talent »

taken from a private forum, which was taken from the TWL forums

If you check your task manager on a regular basis, you may be familiar with the process "svchost.exe". It's part of the windows os, and it's nothing to worry about. It's a process that can get called by any other program, so you will often have multiple instances of it running; I've seen as many as 4 at once.

However:

I found this process running in task manager:
scvhost.exe
notice that the 'v' and 'c' are transposed from the legitamate windows process. I looked it up on google and found this:
http://www.mynetwatchman.com/kb/securit ... forensics/

If you find "scvhost.exe" running on your computer, you should give that article a read.

It's sort of like a virus, but it does no dammage to your computer; It just hijacks your bandwidth and uses your comp as part of a distribution network. Virus detecters won't catch it because it doesn't contain any of the code that they recognize as "hostile".



My personal experience: I believe I've had this 'virus' running on my computer for a few months; Maybe more. The symptoms were basically random spikes in cpu usage, often followed by internet disconnects. The disconnects were happening about once per day, on average, but they increased to 5 or 6 times per day a few weeks ago.

I share a dsl line with my roomate (using a router). When the disconnects occured, we both would get disconnected at the same time. Cycling the power on the router would often work to get us reconnected. For that reason we had thought it was the routers fault.

About two weeks ago I noticed that, just before the disconnects occured, my computer was starting to chug. I checked the task manager and saw this "scvhost.exe" was chewing up all the processer power. I didn't recognize the misspelling at that time, so I just assumed it was a windows os process that was going wacky. There were 2 legitamate instances of svchost.exe running at the time, and in my mind I saw the one chewing up system resources as the 3rd instance of that process. So I forced it to close. The next day I had the same experience, and again found that process in task manager and forced it to close. Again it looked like the 3rd process of it's type (I still didn't see the misspelling).

A few days later, my girl friend is over and she starts up my comp. I yell from the bathroom for her to start up task manager and kill the 3rd instance of the "svchost.exe". She yells back, "There's only 2 instances of 'svchost.exe' but there is also one instance of 'scvhost.exe'. Should I kill that one?" So I kissed her all over, and then went and looked it up on google and found the article linked above.


BTW, since I've been in the habbit of killing that process as soon as windows starts, I've had almost no disconnects, and none of the random cpu usage spikes.

I hope this helps some of you out.
SoulBag
Post edited by SoulBag at 3/14/2003 8:05:46 PM



well my system is clean of this crap....hope all of yours are too. But I fear one will be affected by this
Post Reply