Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Consuming 100% CPU with many dllhost and svchost instances


  • Please log in to reply

#1
julez

julez

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I'm not sure if I have\had an infection or just some problem with Windows 7 but really appreciate any help you could give me. I believe I may have been infected with some kind of virus or malware. I have been running Windows 7 RC with F-Secure anti-virus. I have been working with it for a few months and all has been OK. The other day I noticed that the system was responding much slower than usual and I noticed that CPU utilisation was at 100%. Looking into this I noticed that processes like dllhost.exe and svchost.exe were consuming an entire core's worth of CPU (25%). Things like bringing up the volume control or showing all running processes for users took minutes to appear if at all. I have disconnected the network now to prevent any virus "talking back to home".

I have followed the initial instructions of the malware and spyware cleaning guide as follows (software and updates were all copied over using USB stick from another PC):
  • TFC - Ran this and rebooted as it prompted and the above issues seem resolved now. Still continued with other steps in case traces were left elsewhere
  • System Restore - New restore point created manually as program did not run on Win7
  • ERUNT - Run as instrcuted
  • Malwarebytes - Run as instructed and logs attached
  • Virus Scan - Run with F-Secure and then F-Secure uninstalled and replaced with Avast and updated. No viruses. I have also scanned using AVG and avast from Linux
  • Windows Updates - Was up to date prior to infection (right up to latest windows defender update) and have not updated as did not want PC on network
  • Reboot test - As stated above TFC seemed to stop the issue OK. Some occasional logons have since taken up to 5 minutes to proceed beyond "logging in" message (usually this has been instant). I have not seen this behaviour before now but all seems OK after login. Looking in eventviewer the only clue seems to be a check for windows licence may take some time.
  • RootRepeal - Unable to run as not 64 bit compatible. I am most concerned that there is a root kit behind all this. Is there anything else I can run to detect these on 64 bit systems?
  • OTL log - attached

Any help you can provide would be appreciated.

Thanks,

Julez

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP