How to fix high CPU Usage by SVCHOST.exe Problem?
Recently I have noticed that my laptop has been crawling and when I looked at the processes via Task Manager, I see that SVCHOST.exe is eating around 50% of CPU power even when the computer is idle. Something is wrong!
Are you in the same boat as me?
The first thing I did (just out of curiosity) is to kill that process using end task and I got a prompt.The prompt lead me to the real program behind SVCHOST.exe running. Do note that there are a lot of these jobs running simultaneously on your computer. They are just aliases for many different programs in Windows and are not the same.
I killed the “DCOM Server Process Launcher” windows service and XP recommends that I restart my computer (it even had a shutdown prompt in 1 minute). I canceled that warning and searched in Google to some solutions to this problems.
As I read in forums, and other blog posts, I learned that many people are experiencing this too.
Turn off or reinstall Windows Update
This is the most common solution I got but I crossed this one out because they are talking about a different windows service behind the svchost.exe.
As I browsed further, I got another solution that possibly, my computer is infected and they recommended that I use two programs.
I have experienced both of these programs and I really would suggest that you use MalwareBytes first before using ComboFix. MalwareBytes has an easy interface (click to scan, and click to fix) while Combofix requires some additional input via notepad (you have to create that file with the correct inputs) before it can help you. Basically, Malwarebytes is for the average user and Combofix is for the more advanced user. [Click here for a sample post that shows you how to use ComboFix]
MalwareBytes Detects Malware in my Laptop
When I did a scan from Malware Bytes, it detected that I have malware. I was surprised because I thought it already got cleaned of Trojans and Viruses.
Here is what has been found by MalwareBytes
C:\WINDOWS\system32\drivers\lvqll.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
I had them removed and poof, my svchost.exe high usage problem was gone.
I was really impressed by MalwareByte’s performance. I would suggest that everyone download this program and scan your computer. You will not know what could be hiding in your computers. 🙂
If you got hit by the siszyd32.exe virus, I recommend you visit this post.