Re: [CGUYS] Help! Debugging svchost.exe
It's Automatic Updates. For some reason, I'm seeing this a lot on our laptops this month, but I don't know why. I've turned off AU, and it's notification that you may be at risk!, off. So, that's not a bug that's a feature! Sadly, yes. You can't say MS is without a sense of irony. * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
Thanks John--I hadn't had time to look into the cause yet. -Original Message- The Patch Watch section of the latest Windows Secrets newsletter had this to say about the svchost.exe bug: * Finally, a real 'svchost.exe' fix * For those of you who've suffered from *svchost.exe*, which is used by Microsoft Update, going wild and taking 100% of your workstation's CPU resources, help is at hand. Redmond plans to offer up some long-awaited patches to updaters in the foreseeable future. But you can get the needed fixes to solve this problem and get your computer back *now* - without having to disable Microsoft Update and reverting back to Windows Update, or disabling Automatic Updates altogether. The fix is two-fold. Both of the following patches are needed to fix the issue: . *Step 1: KB 927891.* Download the fix from Knowledge Base article 927891http://windowssecrets.com/links/ro6hca8gvq3fd/44296ch/?url=www.m icrosoft.com%2Fdownloads%2Fdetails.aspx%3Ffamilyid%3D7A81B0CD-A0B9- 497E-8A89-404327772E5A%26displaylang%3Den(this link is for Windows XP machines) and install it first. . *Step 2: WSUS 3.0 client.* Next, install the WSUS 3.0 client update. An MSDN articlehttp://windowssecrets.com/links/ro6hca8gvq3fd/de91f0h/?url=msdn 2.microsoft.com%2Fen-us%2Flibrary%2Faa387285.aspxon this update is available in Microsoft's MSDN library. A link to the executable is contained near the very bottom of that article, or you can download the executable using this linkhttp://windowssecrets.com/links/ro6hca8gvq3fd/d9dbe0h/?url=downloa d.windowsupdate.com%2Fv7%2Fwindowsupdate%2Fredist%2Fstandalone%2FWindow sUpdateAgent30-x86.exe. (There is no easy download page at Microsoft yet, because this fix has just come out.) You need this download to install the new Automatic Updates program, which is technically the new WSUS 3.0 client. Even though you may not be using Windows Software Update Services, this download provides you with the new engine that's used by workstations that run Microsoft Update. You may still see your system spike up to 100% CPU usage every now and then. But we should soon get from Microsoft the much needed, permanent fix to this *very* vexing issue, which many of us have been fighting for months. The promised patches will be deployed to all customers in the coming months, as discussed in the official WSUS bloghttp://windowssecrets.com/links/ro6hca8gvq3fd/d2fd4dh/?url=blogs.t echnet.com%2Fwsus%2Farchive%2F2007%2F04%2F28%2Fupdate-on.aspx * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
The Patch Watch section of the latest Windows Secrets newsletter had this to say about the svchost.exe bug: Thanks. If it acts up again I will know what to do. The problem went away as mysteriously as it arrived. * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
On Wed, 16 May 2007, Tom Piwowar wrote: The Patch Watch section of the latest Windows Secrets newsletter had this to say about the svchost.exe bug: Thanks. If it acts up again I will know what to do. The problem went away as mysteriously as it arrived. Just saw this article about a trojan using Windows Update to do its dirty work, and thought that might explain some mysterious problems with WU. http://news.bbc.co.uk/1/hi/technology/6657677.stm -- Vicky Staubly http://www.steeds.com/vicky/[EMAIL PROTECTED] * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
http://news.bbc.co.uk/1/hi/technology/6657677.stm The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware. Looks like another one of those non-viruses that you have to install yourself. * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
[CGUYS] Help! Debugging svchost.exe
svchost.exe is using 98-99 percent of CPU, making my PC very unpleasant to use. I have read that svchost manages DLLs so this is probably something to do with something recently added to my PC that is sucking up the cycles. I suspected it was Suitcase so I uninstalled Suitcase and ran a registry cleaner. Alas, no joy. Does anyone know of a way to get a handle on what svchost.exe is running? * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
Does anyone know of a way to get a handle on what svchost.exe is running? Get Process Explorer, if you don't already have it: http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx Run it. Right-click the instance of svchost that's using all your CPUs. Click Properties. Open the Services tab. That's what it's running. Don't be surprised if it's Windows Update. * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
Tom, The Patch Watch section of the latest Windows Secrets newsletter had this to say about the svchost.exe bug: * Finally, a real 'svchost.exe' fix * For those of you who've suffered from *svchost.exe*, which is used by Microsoft Update, going wild and taking 100% of your workstation's CPU resources, help is at hand. Redmond plans to offer up some long-awaited patches to updaters in the foreseeable future. But you can get the needed fixes to solve this problem and get your computer back *now* — without having to disable Microsoft Update and reverting back to Windows Update, or disabling Automatic Updates altogether. The fix is two-fold. Both of the following patches are needed to fix the issue: • *Step 1: KB 927891.* Download the fix from Knowledge Base article 927891http://windowssecrets.com/links/ro6hca8gvq3fd/44296ch/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx%3Ffamilyid%3D7A81B0CD-A0B9-497E-8A89-404327772E5A%26displaylang%3Den(this link is for Windows XP machines) and install it first. • *Step 2: WSUS 3.0 client.* Next, install the WSUS 3.0 client update. An MSDN articlehttp://windowssecrets.com/links/ro6hca8gvq3fd/de91f0h/?url=msdn2.microsoft.com%2Fen-us%2Flibrary%2Faa387285.aspxon this update is available in Microsoft's MSDN library. A link to the executable is contained near the very bottom of that article, or you can download the executable using this linkhttp://windowssecrets.com/links/ro6hca8gvq3fd/d9dbe0h/?url=download.windowsupdate.com%2Fv7%2Fwindowsupdate%2Fredist%2Fstandalone%2FWindowsUpdateAgent30-x86.exe. (There is no easy download page at Microsoft yet, because this fix has just come out.) You need this download to install the new Automatic Updates program, which is technically the new WSUS 3.0 client. Even though you may not be using Windows Software Update Services, this download provides you with the new engine that's used by workstations that run Microsoft Update. You may still see your system spike up to 100% CPU usage every now and then. But we should soon get from Microsoft the much needed, permanent fix to this *very* vexing issue, which many of us have been fighting for months. The promised patches will be deployed to all customers in the coming months, as discussed in the official WSUS bloghttp://windowssecrets.com/links/ro6hca8gvq3fd/d2fd4dh/?url=blogs.technet.com%2Fwsus%2Farchive%2F2007%2F04%2F28%2Fupdate-on.aspx . On 5/15/07, Tom Piwowar [EMAIL PROTECTED] wrote: svchost.exe is using 98-99 percent of CPU, making my PC very unpleasant to use. I have read that svchost manages DLLs so this is probably something to do with something recently added to my PC that is sucking up the cycles. I suspected it was Suitcase so I uninstalled Suitcase and ran a registry cleaner. Alas, no joy. Does anyone know of a way to get a handle on what svchost.exe is running? -- John DeCarlo, My Views Are My Own * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
Have you tried downloading and watching Process Explorer while svchost is running? http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx Tom Piwowar [EMAIL PROTECTED] 5/15/2007 10:34 AM svchost.exe is using 98-99 percent of CPU, making my PC very unpleasant to use. I have read that svchost manages DLLs so this is probably something to do with something recently added to my PC that is sucking up the cycles. I suspected it was Suitcase so I uninstalled Suitcase and ran a registry cleaner. Alas, no joy. Does anyone know of a way to get a handle on what svchost.exe is running? * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
It's Automatic Updates. For some reason, I'm seeing this a lot on our laptops this month, but I don't know why. I've turned off AU, and it's notification that you may be at risk!, off. -Original Message- svchost.exe is using 98-99 percent of CPU, making my PC very unpleasant to use. I have read that svchost manages DLLs so this is probably something to do with something recently added to my PC that is sucking up the cycles. I suspected it was Suitcase so I uninstalled Suitcase and ran a registry cleaner. Alas, no joy. Does anyone know of a way to get a handle on what svchost.exe is running? * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived
Re: [CGUYS] Help! Debugging svchost.exe
It's Automatic Updates. For some reason, I'm seeing this a lot on our laptops this month, but I don't know why. I've turned off AU, and it's notification that you may be at risk!, off. So, that's not a bug that's a feature! * == QUICK LIST-COMMAND REFERENCE - Put the following commands in == * == the body of an email send 'em to: [EMAIL PROTECTED] == * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header X-No-Archive: yes will not be archived