- Mokoa
- 10-08-2013, 10:56 PM
I have a Windows XP system with SP3 on it and beginning a few weeks back an issue manifested itself where an SVCHOST for NETSVCS seizes the CPU and throttles it at 99%. There is no malicious code involved. Complete scans were done with various anti-virus and anti-malware programs. Cleaners were used to clean out the various temporary file areas. I have done research but so far the remedies that I have tried have not helped. If anyone has experienced this issue and overcame it I would sure like to know how that was done.
- LNK
- 10-09-2013, 08:23 AM
It could be a rootkit. They can be incredibly difficult to get rid of. I'd go to the forums at bleepingcomputer.com or forums.malwarebytes.org and get some one-on-one help. Or whatever your favorite forum for that type of thing is.
Good luck.
Good luck.
- newalhobbyist
- 10-09-2013, 09:11 AM
I had the same problem. The computer got really slow. An independent repair shop said that they thought it was actually a known problem with the Celeron CPU. They said Celeron CPUs do go bad, resulting in those symptoms. As the motherboard was Dell-specific, they suggested a new computer.
- Gotyour6
- 10-09-2013, 09:59 AM
Disable windows update and see if that fixes it.
Make sure to reboot after.
Look for update.exe running as well.
Worst thing is format and reload
Make sure to reboot after.
Look for update.exe running as well.
Worst thing is format and reload
- jframe2
- 10-09-2013, 06:44 PM
All of the above comments are possibilities.
One way to check them out with little expense but you will lose all your programs, data, etc. Is to re-install the OS (Wxp) and then do all the updates (probably take approx half a day).
One way to check them out with little expense but you will lose all your programs, data, etc. Is to re-install the OS (Wxp) and then do all the updates (probably take approx half a day).
- guy fawkes
- 10-09-2013, 06:47 PM
- NiceAlpha
- 10-09-2013, 10:35 PM
Download and install Malwarebytes -> Update it
http://download.cnet.com/Malwarebyte...=dl&tag=button
Download Combofix http://www.bleepingcomputer.com/download/combofix/
I am also a fan of Spybot Search and Destroy http://www.safer-networking.org/ (Mainly because of their host file immunization which helps block thousands of known bad sites right in your host file so they never touch your computer)
Right click "My computer" ->System restore Tab. Turn off/delete your system restore points because tons of virii/rootkits hide in there and are not always scanned by virus/malware scanners
Open Windows Explorer -> Goto Tools Menu at the Top-> Folder Options -> View tab -> Advanced Settings window -> Choose show hidden files and folders -> Then hit OK
Start -> Run -> Type %WINDIR%\Temp -> Delete everything in C:\Windows\Temp
Start -> Run -> Type %TEMP% -> Delete everything under your personal temp files ( Lots of website downloaded files/trojans/viruii all like to hide in here)
You may not be able to delete everything out of these folders because they may be in use. That is ok
Disable your network card.
Ctrl+shift+ESC -> select the process -> End Process Tree. ( Also look for any other process that is strangely named. i.e. sdfhakjdhfi.exe or iloveyou.exe , end those )
Run Malwarebytes full scan. -> Delete anything it finds and reboot when it tells you to reboot.
When your computer comes back up -> Run ComboFix
That sounds like a Rootkit or Worm more than anything.
This combination approach will get rid of it unless its some 0 Day Exploit that is not detectable yet.
Also uninstall any suspicious toolbars you may have, Google and Yahoo types are OK still not a fan of them ( i am talking about like ebuddy or mywebsearch and crap like that)
Also if you have your windows xp sp3 CD.
Start -> Run -> CMD
in the command prompt -> type SFC /Scannow
this is the system file checker and will repair corrupted system files.
IF THINGS ARE STILL ACTING FUNNY.
I can give you more tips.
http://download.cnet.com/Malwarebyte...=dl&tag=button
Download Combofix http://www.bleepingcomputer.com/download/combofix/
I am also a fan of Spybot Search and Destroy http://www.safer-networking.org/ (Mainly because of their host file immunization which helps block thousands of known bad sites right in your host file so they never touch your computer)
Right click "My computer" ->System restore Tab. Turn off/delete your system restore points because tons of virii/rootkits hide in there and are not always scanned by virus/malware scanners
Open Windows Explorer -> Goto Tools Menu at the Top-> Folder Options -> View tab -> Advanced Settings window -> Choose show hidden files and folders -> Then hit OK
Start -> Run -> Type %WINDIR%\Temp -> Delete everything in C:\Windows\Temp
Start -> Run -> Type %TEMP% -> Delete everything under your personal temp files ( Lots of website downloaded files/trojans/viruii all like to hide in here)
You may not be able to delete everything out of these folders because they may be in use. That is ok
Disable your network card.
Ctrl+shift+ESC -> select the process -> End Process Tree. ( Also look for any other process that is strangely named. i.e. sdfhakjdhfi.exe or iloveyou.exe , end those )
Run Malwarebytes full scan. -> Delete anything it finds and reboot when it tells you to reboot.
When your computer comes back up -> Run ComboFix
That sounds like a Rootkit or Worm more than anything.
This combination approach will get rid of it unless its some 0 Day Exploit that is not detectable yet.
Also uninstall any suspicious toolbars you may have, Google and Yahoo types are OK still not a fan of them ( i am talking about like ebuddy or mywebsearch and crap like that)
Also if you have your windows xp sp3 CD.
Start -> Run -> CMD
in the command prompt -> type SFC /Scannow
this is the system file checker and will repair corrupted system files.
IF THINGS ARE STILL ACTING FUNNY.
I can give you more tips.
- Mokoa
- 10-19-2013, 12:28 AM
I have found and fixed this issue.
First of all, the issue was not caused by any malicious code. Several thorough scans were performed and no malicious code was detected. These scans included rootkits and the Avast! boot time scan.
As it turned out a cumulative update for Internet Explorer 8, that I did not have, was all that was needed...
http://www.microsoft.com/en-us/downl....aspx?id=40119
After installing this cumulative update last Saturday (10/12) and rebooting, this issue has not occurred again. I have been on the computer all week and waited for the issue to reappear and it never did, so it appears the bug has been eliminated.
The great thing about such matters is that along they way to the resolution you learn some things that you did not expect. Now I know about a great tool called nLite that is wonderful for streamlining Windows installs with updates, service packs and settings that allow you to customize Windows install CD's.
nLite Deployment Tool
First of all, the issue was not caused by any malicious code. Several thorough scans were performed and no malicious code was detected. These scans included rootkits and the Avast! boot time scan.
As it turned out a cumulative update for Internet Explorer 8, that I did not have, was all that was needed...
http://www.microsoft.com/en-us/downl....aspx?id=40119
After installing this cumulative update last Saturday (10/12) and rebooting, this issue has not occurred again. I have been on the computer all week and waited for the issue to reappear and it never did, so it appears the bug has been eliminated.
The great thing about such matters is that along they way to the resolution you learn some things that you did not expect. Now I know about a great tool called nLite that is wonderful for streamlining Windows installs with updates, service packs and settings that allow you to customize Windows install CD's.
nLite Deployment Tool
- SneakyCancer
- 10-20-2013, 12:29 AM
unfortunately you can only omit the upgrades for so long....then you will hog tie yourself. windows must be updated regularly... IE6-8 requires/d all updates to keep it running with tying up memory and cpu.
- jframe2
- 10-20-2013, 10:02 AM
Interesting fix. It may explain some things on an older laptop I have.
As previously said, Updates will continue and are required for most software/apps. So you may have a short-end game before the updates catch up with you again.
I got away from IE years ago and have moved to non-install apps when possible; have been a non-install firefox for years with few problems.
But on a 11 year old laptop you can only update/upgrade so long and you finally have to send it off to the Recycle bin.
Sometimes ya gotta buy new.
And remember it is all over for Windows XP. Move on to W7, it is here to stay.
As previously said, Updates will continue and are required for most software/apps. So you may have a short-end game before the updates catch up with you again.
I got away from IE years ago and have moved to non-install apps when possible; have been a non-install firefox for years with few problems.
But on a 11 year old laptop you can only update/upgrade so long and you finally have to send it off to the Recycle bin.
Sometimes ya gotta buy new.
And remember it is all over for Windows XP. Move on to W7, it is here to stay.
- NiceAlpha
- 10-20-2013, 03:32 PM
always do the windows updates....assuming you are running a legal version of windows. I don't even think about not updating.
- Mokoa
- 10-20-2013, 04:22 PM
My Windows XP is legitimate. The updates were not current because of another different issue I was experiencing with Windows Update that was preventing the updates from being installed. Things are fine for now. By the time the expire date for Windows XP arrives, I will have built my new Windows 7 computer and moved on.
- Sidewinder
- 10-21-2013, 07:44 AM
This particular problem has been around for a while.
It could be malware, or a rootkit, or it could be a known problem with Windows Update.
Take a look at this page.
Microsoft did finally release patches to fix the Windows Update problem.
It could be malware, or a rootkit, or it could be a known problem with Windows Update.
Take a look at this page.
Microsoft did finally release patches to fix the Windows Update problem.
- Wixchill
- 10-23-2013, 09:54 AM
Time to retire your XP setup...
- Unique_Carpenter
- 10-27-2013, 11:28 AM
Disagree on XP, I have a handfull of machines, and the XP-SP3 machine still cooks. It's a Dell over a decade old. Although it can only handle IE8, I have Chrome and Firefox on it. All my machines run the updates weekly and I use a top end virus protector on all. Just for mention, I just retired a Win 2000 machine simply cause I had no use for it. The point is, careful maintence, and attention to detail, and you get extended service way beyond expectations. Interestingly, same applies to hobby friends.