svchost process consuming a lot of space in Ram
Created: 21 Apr 2009 | 7 comments
svchost a windows process which used to take about 1200k of ram space now takes 7000k space .
I have not installed any third party software.
Kindly suggest any remedy.
blog entry Filed Under:
About Security Community Blog
The Security Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Security community. Any authenticated Connect member can contribute to this blog. Filter by:
Blog Tags
Endpoint Protection (AntiVirus) 11.x Data Loss Prevention (Vontu) Tip/How to Endpoint Protection Small Business Best Practice Messaging Gateway 10.x Installing Basics Reporting Configuring Symantec Information Manager General Symantec Mobile Security 9.x and Earlier Features Security Risks Network Access Control Critical System Protection Upgrade Symantec Protection Suites (SPS) Control Compliance Suite Endpoint Encryption 12.x
Comments
use process explorer and see
use process explorer and see whats running under the svchost, it might be windows update which is casuing it but troublshoot
Yes, Download Process
Yes,
Download Process Explorer from Microsoft website and then run it.
In the process, right click SVCHOST.exe process and go to properties. Look for the actual location of file.
It could be threat also.
Also check your registry entry HKLM>Software>Microsoft>Windows>CurrentVersion>Run
Look for any suspicious file.
If found submit it to https://submit.symantec.com/gold or https://submit.symantec.com/platinum
rgrds,
SAM
Download
Processor explorer free sysinternals tools will help you to analyze the threads
it runs even after i
it runs even after i disconnect network cable
When a virus still runs after
When a virus still runs after disconnecting from the network, it has some rootkit on it.
Run procmon and check what DLL hooks onto it.
Any unknown or looks suspicious DLL, do submit it to Symantec submission.
Else check the svchost file . See if it was run from a non-normal location ie c:\windows\system or c:\windows .
If yes, do submit it also.
-- Got new virus ? Try update your defs here : ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rap... --
try formatting
try formatting the primary partition .Remember dont open the other partitions until you install symantecAV
then install Symantec Av and run run a virus check .I doubt other partitions may contain a virus.
try formatting
try formatting the primary partition .Remember dont open the other partitions until you install symantecAV
then install Symantec Av and run run a virus check .I doubt other partitions may contain a virus.
Would you like to reply?
Login or Register to post your comment.