Video Screencast Help
Security Community Blog

svchost process consuming a lot of space in Ram

Created: 21 Apr 2009 • 7 comments
Peter_007's picture
+1 1 Vote
Login to vote

svchost a windows process which used to take about 1200k of ram space now takes 7000k space .
I have not installed any third party software.
Kindly suggest any remedy.

Comments 7 CommentsJump to latest comment

Auusie's picture

use process explorer and see whats running under the svchost, it might be windows update which is casuing it but troublshoot

0
Login to vote
SAM_SHAIKH's picture

Yes,

Download Process Explorer from Microsoft website and then run it.

In the process, right click SVCHOST.exe process and go to properties. Look for the actual location of file.

It could be threat also.

Also check your registry entry HKLM>Software>Microsoft>Windows>CurrentVersion>Run

Look for any suspicious file.

If found submit it to https://submit.symantec.com/gold or https://submit.symantec.com/platinum

rgrds,
SAM

0
Login to vote
Ram Champion's picture

Processor explorer free sysinternals tools will help you to analyze the threads

0
Login to vote
Peter_007's picture

 it runs even after i disconnect network cable

0
Login to vote
BNH's picture

When a virus still runs after disconnecting from the network, it has some rootkit on it.
Run procmon and check what DLL hooks onto it.

Any unknown or looks suspicious DLL, do submit it to Symantec submission.
Else check the svchost file . See if it was run from a non-normal location ie c:\windows\system or c:\windows .
If yes, do submit it also.

-- Got new virus ? Try update your defs here : ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rap... --

0
Login to vote
Om_123's picture

try formatting the primary partition .Remember dont open the other partitions until you install symantecAV
then install Symantec Av and run run a virus check .I doubt other partitions may contain a virus.

0
Login to vote
Om_123's picture

try formatting the primary partition .Remember dont open the other partitions until you install symantecAV
then install Symantec Av and run run a virus check .I doubt other partitions may contain a virus.

0
Login to vote