svhost, lsass und scheiss :(

M

mito

beyond noob
Veteran
svhost has been running steadily at 30%
I also have this lsass.exe running.

I thought it was that Sasser worm.

I have NOD32 patched to the butt, but it can't find any virus.

What's going on?


If I kill svchost.exe, that NT Authority shutdown window appears with a 45 second countdown, which I abort with "shutdown /a".

Am I infected or not?

HILFE!!!!!!

(I'm running NTProcessExplorer, and svchost is C:\WINDOWS\system32\svchost -k rpcss......)
 
Last edited by a moderator:
Well, a little googling (and from personal experience) suggests that disabling the SSDP Discovery Service (if you haven't allready) solves that problem (assuming you're 100% clear of any viruses). I often disable this service along with certain others because in certain conditions that use excessive amounts of CPU cycles.

I'd offer more, but i've got to go...Good luck!
 
mito said:
Am I infected or not?
Click to expand...
Probably not. Those are normal windows processes. lsass.exe is not related to the Sasser worm in any way other than that it exploited a vulnerability in that file to infect. It is responsible for logon and user credentials. Svchost.exe is just that: A host process for windows services and executables ran as services. Use Process Explorer to find more detail about what's eating those CPU cycles.

My guess would be a misbehaving service (possibly from a driver or even the AV-software itself), but if you distrust your computer, do check with a standalone AV-application that can be downloaded on a different computer and run from Safe Mode (like Cureit or whatever other your preference might be).
 
Sobek said:
Well, a little googling (and from personal experience) suggests that disabling the SSDP Discovery Service
Click to expand...

if I disable ssdp (uPnP), will my computer stop recognizing usb devices?


after I reboot my computer, there's no svchost eating my CPU.
but after a day, when I get back from work, there it is.........
 
I've had the SSDP service disabled since about 3 months after XP SP2 first came out, and everything functions as perfectly as can be expected. Devices still detect fine, install fine and operate fine.

Might be a good idea to check out TheElderGeeks' XP service guide, it's a fantastic resource.

http://www.theeldergeek.com/ssdp_discovery_service.htm

http://www.theeldergeek.com/s.htm (scroll down just a bit for an entire service listing) ;)

I doubt it's the sole cause of your problem, Virii or Spyware are almost always the culprit these days for high CPU usage on an otherwise normal process.
 
Turning off ssdp will disable uPnP, which means (among other things) applications that need to open and forward listening ports on your router won't be able to.

So if you suddenly find yourself unable to connect to someone over IM, or VoIP, or your bittorrent stops working, or other weirdness starts happening with Internet apps, then you need to remember to turn it back on.
 
Svchost is a host app, that runs other stuff. You should look in the registry with regedit, in HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, at Software/Microsoft/Windows/CurrentVersion/Run, export the key and delete everything that looks suspicious. If you break anything, just boot in safe mode and double-click the exported reg file to restore everything.
 
Frank said:
Svchost is a host app, that runs other stuff. You should look in the registry with regedit, in HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, at Software/Microsoft/Windows/CurrentVersion/Run, export the key and delete everything that looks suspicious. If you break anything, just boot in safe mode and double-click the exported reg file to restore everything.
Click to expand...

Good one. I remember doing that in the past............
 
mito said:
Good one. I remember doing that in the past............
Click to expand...
Well, other than that there's only the stuff in your startup folder in the start menu, AFAICS, unless you did catch something sneaky and nasty. ;)

There are lots of extended process explorers who can show you exactly what is causing the trouble. But the ones I use are part of expensive development suites, so I can't help you there.
 
it turned out to be the video drivers....... I uninstalled and reinstalled them.

now there's not more svchost wasting cpu cycles.
 
You must log in or register to reply here.

Similar threads

Unknown Soldier
Windows Unprotected 'Survival Time' is Now 40 Minutes
Replies
13
Views
2K
suryad
S
Back
Top