Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Consuming 100% CPU with many dllhost and svchost instances


  • Please log in to reply

#1
julez

julez

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I'm not sure if I have\had an infection or just some problem with Windows 7 but really appreciate any help you could give me. I believe I may have been infected with some kind of virus or malware. I have been running Windows 7 RC with F-Secure anti-virus. I have been working with it for a few months and all has been OK. The other day I noticed that the system was responding much slower than usual and I noticed that CPU utilisation was at 100%. Looking into this I noticed that processes like dllhost.exe and svchost.exe were consuming an entire core's worth of CPU (25%). Things like bringing up the volume control or showing all running processes for users took minutes to appear if at all. I have disconnected the network now to prevent any virus "talking back to home".

I have followed the initial instructions of the malware and spyware cleaning guide as follows (software and updates were all copied over using USB stick from another PC):
  • TFC - Ran this and rebooted as it prompted and the above issues seem resolved now. Still continued with other steps in case traces were left elsewhere
  • System Restore - New restore point created manually as program did not run on Win7
  • ERUNT - Run as instrcuted
  • Malwarebytes - Run as instructed and logs attached
  • Virus Scan - Run with F-Secure and then F-Secure uninstalled and replaced with Avast and updated. No viruses. I have also scanned using AVG and avast from Linux
  • Windows Updates - Was up to date prior to infection (right up to latest windows defender update) and have not updated as did not want PC on network
  • Reboot test - As stated above TFC seemed to stop the issue OK. Some occasional logons have since taken up to 5 minutes to proceed beyond "logging in" message (usually this has been instant). I have not seen this behaviour before now but all seems OK after login. Looking in eventviewer the only clue seems to be a check for windows licence may take some time.
  • RootRepeal - Unable to run as not 64 bit compatible. I am most concerned that there is a root kit behind all this. Is there anything else I can run to detect these on 64 bit systems?
  • OTL log - attached

Any help you can provide would be appreciated.

Thanks,

Julez

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP