Whats going on

Windows XP Pro

Running sysinternals
Process Explorer
TCPView

Process explorer say CPU being eaten up (down to 0% available) by
svchost -k netsvcs (taking 50% or more)

But TCPView shows very little network activity.

frustrated wrote:
Windows XP Pro

Running sysinternals
Process Explorer
TCPView

Process explorer say CPU being eaten up (down to 0% available) by
svchost -k netsvcs (taking 50% or more)

But TCPView shows very little network activity.


If you run process explorer as administrator,
you can drill into the SVCHOST and see the name
of the service doing it. It will, of course, be
Windows Update wuauserv.

How many other services do you know of, that
spread that much joy to users ?

Paul

frustrated wrote:

Windows XP Pro

Running sysinternals
Process Explorer
TCPView

Process explorer say CPU being eaten up (down to 0% available) by
svchost -k netsvcs (taking 50% or more)

But TCPView shows very little network activity.

Of course, it's Windows Update service (wuauserv)
Have a look at this from January 2014:
http://windowsitpro.com/windows-xp/c...sue-windows-xp

and this:
https://blogs.technet.microsoft.com/...-exe-high-cpu/
(mind the wrap)

XP is dead. Let it die.

"frustrated" wrote

| Windows XP Pro
| svchost -k netsvcs (taking 50% or more)
|

Why are you enabling Windows Update on XP? There's
nothing to update. (Unless you're one of those trying
the kiosk trick.)

It sounds like you need to weed your services. See he

http://www.blackviper.com/

I'm currently running XP. I have about 15 services
running. WMI and WIA. (Because I use them.) DCOM
Server Process Launcher, because WMI needs it. Most
people won't need any of those. (WIA is used mainly for
scanning, as an alternative to TWAIN. WMI is a potential
security risk. I enable it because I use it in Windows
scripting. In general it's mostly only used by some
system info utilities.)

Other things I have running:
Shell hardware detection, 3rd-party firewall, security center,
Acrylic DNS server, themes, RPC (no choice with that one)
plug n' play, protected storage, network connections,
disk manager (not really necessary, but occasionally I
like to check Windows version of hard disk layout), event
log.

Nearly everything else is risky or unnecessary on a
standalone computer. You might need a slightly different
combination. For instance, if you don't use a fixed IP you
need DHCP. If you use remote desktop functionality then
you'll be forced to enable some risky things. If you network
your home computers you might need more services enabled.
But you should know why you have something enabled.
Many of the default services are risky because they're
designed for corporate workstations running on safe intranets.
That's why widespread attacks using DCOM ports are still
common.

George wrote:

frustrated wrote:

Windows XP Pro

Running sysinternals Process Explorer TCPView

Process explorer say CPU being eaten up (down to 0% available) by
svchost -k netsvcs (taking 50% or more)

But TCPView shows very little network activity.

Of course, it's Windows Update service (wuauserv)

And how do you know wuaserv is the process rolled under the instance of
svchost that the OP is looking at? You don't. The OP never said what
processes were rolled under the svchost process that the OP was looking
at. In Process Explorer the OP was using, looking at properties of a
svchost process has a TCP/IP tab to show what, if any, connections are
made by those rolled up processes.

https://en.wikipedia.org/wiki/Svchost.exe

There will typically be several svchost instances. Some will have
processes rolled into them that do networking. Some will not.

XP is dead. Let it die.

You very likely have some tools that are even older and no longer
covered by warranty. Those tools are dead. Discard them. Yeah, right.

In message , Mayayana
writes:
[]
need DHCP. If you use remote desktop functionality then
you'll be forced to enable some risky things. If you network
[]
Is that both ways round, or? I sometimes use TeamViewer to help others
(i. e. I see and manipulate _their_ desktops), especially a few blind
friends; however, I don't remote into my desktop here, or let anyone
else do so.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Bother," said the Borg, "we assimilated a Pooh."

"J. P. Gilliver (John)" wrote

| Is that both ways round, or? I sometimes use TeamViewer to help others
| (i. e. I see and manipulate _their_ desktops), especially a few blind
| friends; however, I don't remote into my desktop here, or let anyone
| else do so.

I don't know the details. I don't use anything like
that, for security reasons. I was just trying to list
some typical exceptions, to make it clear that there's
no set list of what services are necessary. I guess
you could look at what services you have running
and check whether TV still works with them disabled.
Since they don't have to call into your machine it
might be OK.

Or TV might even have its own libraries.
I had to install WinPCap for something or other. Maybe
it was for a sniffer. It installed a service without asking,
called "Remote Packet Capture Protocol (Experimental)"
The description is creepy:

"Allows to capture traffic on this machine from a remote machine."

Yet it lists no other services as dependencies. So I
guess it's some kind of standalone network driver.

On Wed, 28 Jun 2017 15:30:06 -0400, "Mayayana"
wrote:

"J. P. Gilliver (John)" wrote

| Is that both ways round, or? I sometimes use TeamViewer to help others
| (i. e. I see and manipulate _their_ desktops), especially a few blind
| friends; however, I don't remote into my desktop here, or let anyone
| else do so.

I don't know the details. I don't use anything like
that, for security reasons. I was just trying to list
some typical exceptions, to make it clear that there's
no set list of what services are necessary. I guess
you could look at what services you have running
and check whether TV still works with them disabled.
Since they don't have to call into your machine it
might be OK.

Or TV might even have its own libraries.
I had to install WinPCap for something or other. Maybe
it was for a sniffer. It installed a service without asking,
called "Remote Packet Capture Protocol (Experimental)"
The description is creepy:

"Allows to capture traffic on this machine from a remote machine."

Yet it lists no other services as dependencies. So I
guess it's some kind of standalone network driver.

Wireshark and a few others use it. Set it to load manually.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012