A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Performance and Maintainance of XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)



 
 
Thread Tools Display Modes
  #46  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


Ads
  #47  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #48  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #49  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #50  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #51  
Old April 18th 04, 01:41 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #52  
Old April 18th 04, 01:43 PM
cquirke (MVP Win9x)
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -

  #53  
Old April 18th 04, 01:43 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #54  
Old April 18th 04, 01:43 PM
cquirke (MVP Win9x)
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -

  #55  
Old April 18th 04, 01:44 PM
Rocket J. Squirrel
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Interesting sig ("Running Windows-based av..."). Could you explain why you
feel that way?

Rocky

"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

snip


  #56  
Old April 18th 04, 01:51 PM
Philip Herlihy
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354

Thanks - I'll look into these possibilities!

--
####################
## PH, London
####################
"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -



  #57  
Old April 18th 04, 01:51 PM
Philip Herlihy
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354

Thanks - I'll look into these possibilities!

--
####################
## PH, London
####################
"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -



  #58  
Old April 18th 04, 01:51 PM
Philip Herlihy
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354

Thanks - I'll look into these possibilities!

--
####################
## PH, London
####################
"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -



  #59  
Old April 18th 04, 01:51 PM
Philip Herlihy
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354

Thanks - I'll look into these possibilities!

--
####################
## PH, London
####################
"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -



  #60  
Old April 18th 04, 01:51 PM
Philip Herlihy
external usenet poster
 
Posts: n/a
Default SVCHOST & LSASS hogging CPU, no virus found. I'm completely stuck! (detailed)

Xref: kermit microsoft.public.windowsxp.help_and_support:482799 microsoft.public.windowsxp.perform_maintain:171354

Thanks - I'll look into these possibilities!

--
####################
## PH, London
####################
"cquirke (MVP Win9x)" wrote in message
...
On Wed, 14 Apr 2004 18:46:38 +0100, "Philip Herlihy"

Thanks, Carey. I'm very grateful for the suggestion, but it didn't work.


The machine has XP Home with SP1 (I should have specified this) and the
patch is apparently pre-SP1 (an error-message said it could only be

applied
if no SPs were already there.


Two things come to mind:

1) There are new (April 2004) patches involving LSASS and DCOM

Seek and apply these - in case what is happening is an exploit of the
newly-announced holes involving these things.

2) Malware use of SVCHost

Malware can either use the "real" SVCHost to shell themselves (so that
firewalls set to allow the "real" SVCHost allows the malware too) or
can drop thier own "SVCHost" files that are running.

CoolWebSearch is a common, frequently-updated commercial malware that
exploits a wide range of holes and attack methods, often including
SVCHost. There's a web site and utility dedicated to killing CWS;
Google for it (merjin) and check it out - they document the variations
and evolve the killer tool to manage the matest ones.


As usual, I'd start with a formal virus check to exclude traditional
malware, then drill down to commercial malware through Windows using
AdAware, Spybot, and the dedicated CWS killer.



-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 01:30 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.