Windows 8 and 8.1 Forums


svchost.exe causing random CPU 100%

  1. #1


    Posts : 8
    Windows 8.1

    svchost.exe causing random CPU 100%


    Hello all.

    What the title says, basically. I created a dump file if it's worth anything (couldn't upload it as attached, so here it is) and I took a screenshot of the process properties:

    Click image for larger version

    The strange thing is that if I end the task and delete the svchost file in the temp folder nothing happens at all. But, it does hurt me while I need the CPU to do heavy load, like gaming or decompressing files. And it's kind of frustrating because it is so random, I don't know what causes it.

    Thanks in advance.

      My System SpecsSystem Spec

  2. #2


    Posts : 123
    Win8.1


    SVCHOST (service Host) is a program that runs other windows programs on your computer. There can be several instances of svchost running at the same time. If you are having a problem you need to figure out what is svchost is running (it could be Windows Defender such).

    You can view what svchost is running using the Task Manger but you have to click on the button labeled Show All Processes (or show "More" button in Win8)
    Then Right-click on a SVCHOST process and select the Go to Service(s) menu option. You will now see a list of services on your computer with the services that are running under this particular SVCHOST process highlighted.

    See this article on using Process Explorer How to determine what services are running under a SVCHOST.EXE process
    Last edited by CountryBumkin; 06 Jul 2015 at 10:52.
      My System SpecsSystem Spec

  3. #3


    Posts : 8
    Windows 8.1


    Quote Originally Posted by CountryBumkin View Post
    SVCHOST (service Host) is a program that runs other windows programs on your computer. There can be several instances of svchost running at the same time. If you are having a problem you need to figure out what is svchost is running (it could be Windows Defender such).

    You can view what svchost is running using the Task Manger but you have to click on the button labeled Show All Processes (or show "More" button in Win8)
    Then Right-click on a SVCHOST process and select the Go to Service(s) menu option. You will now see a list of services on your computer with the services that are running under this particular SVCHOST process highlighted.

    See this article on using Process Explorer How to determine what services are running under a SVCHOST.EXE process
    Thank you for your response. Unfortunately, I can't seem to solve the problem. I've found out one thing though, it starts on boot. Every time.

    But the thing is, that link is good for finding "Host process for windows services", and my problem concerns svchost.exe . Here's a few screenshots:

    Click image for larger version
    Click image for larger version
    Last edited by bestuck; 07 Jul 2015 at 22:31.
      My System SpecsSystem Spec

  4. #4


    Posts : 123
    Win8.1


    Did you "right click" on it and go to Services?
      My System SpecsSystem Spec

  5. #5


    Two enormous issues with that file.

    First it's located in the system temp folder, which is a strong indication that it's a component of malware which was written to use the %TEMP% variable. That variable only points to C:\Windows\Temp if the variable is expanded as the System user account.

    Second, the real svchost.exe is also digitally signed by Microsoft, and the tab which would show that is missing.

    I believe you may be the victim of a malware infection that has obtained full system access (NT AUTHORITY\SYSTEM user) and could potentially inject malicious drivers in the kernel.
      My System SpecsSystem Spec

  6. #6


    Posts : 8
    Windows 8.1


    Quote Originally Posted by hydranix View Post
    Two enormous issues with that file.

    First it's located in the system temp folder, which is a strong indication that it's a component of malware which was written to use the %TEMP% variable. That variable only points to C:\Windows\Temp if the variable is expanded as the System user account.

    Second, the real svchost.exe is also digitally signed by Microsoft, and the tab which would show that is missing.

    I believe you may be the victim of a malware infection that has obtained full system access (NT AUTHORITY\SYSTEM user) and could potentially inject malicious drivers in the kernel.
    Thank you very much for the diagnosis. I'll get right on this to try to find it. Although I think it's better to format because I've been dealing with browser bars, ads extension and stuff like that a few weeks ago (I thought I solved that but apparently not).

    Just a quick thought: could it be something like uTorrent or Hola? I've read that they came pre-installed with bots to mine bitcoin or something like that. I don't have those programs right now but I have had them in the past (I deleted them as soon as I heard those news).
      My System SpecsSystem Spec

  7. #7


    UPDATE:

    I looked through the DMP file you provided in the link and i found some very interesting strings that explain your problem.

    The strings were:
    E:\CryptoNight\bitmonero-master\contrib\epee\include\net/http_client.h
    E:\CryptoNight\bitmonero-master\contrib\epee\include\net/http_server_handlers_map2.h
    Finally the nail in the coffin of strings in that dump.
    "C:\Windows\Temp\svchost.exe" -a cryptonight -o stratum+tcp://pool.monerocrypt.com:1001 -u 43s6t7KoCXtaBZ48bL5sPDhTEs6FG9FA8RCGkqC5xzkCATVAYzSmykD67mSXkejwnSQ552bjF5DsCCunopJPwAUZEkphFBZ -p x
    That there is a command line confirming what I thought. That svchost.exe is a crypto currency miner. It will consume all of your computers resources to generate money for some wanna-be hacker who wrote the malware.

    He uses the monerocrypt.com mining pool, and his ID is "43s6t7KoCXtaBZ48bL5sPDhTEs6FG9FA8RCGkqC5xzkCATVAYzSmykD67mSXkejwnSQ552bjF5DsCCunopJPwAUZEkphFBZ "

    You can go to that website and view his stats with that ID.
    His rate of hash mining isn't very impressive, so he's likely not infected many computers.

    However the total amount of crypto-coins he has generated is equal to about US$42866. (fourty-two thousand dollars)
    That's a bit more impressive.

    You need to scan and clean your computer of viruses immediately. If you cannot clean it, you may need to format and reinstall Windows.


    You can also view a full listing of this malware's history mining at monerocrypt.com using the ID i posted above.

    I would report this ID to the pool as soon as possible in hopes that some sort of action will be taken against them, however unlikely that may be.
      My System SpecsSystem Spec

  8. #8


    Quote Originally Posted by bestuck View Post
    Just a quick thought: could it be something like uTorrent or Hola? I've read that they came pre-installed with bots to mine bitcoin or something like that. I don't have those programs right now but I have had them in the past (I deleted them as soon as I heard those news).
    Crypto-currency miners that operate like this one overwhelming come from one source.

    These infections come from torrent's of popular newly released and cracked computer games. Often they're secretly slipped into encrypted setup data files. They avoid initial detection this way. Further due to anti-malware companies flagging all cracked software as viruses, the real viruses get overlooked. Malware writers take advantage of this coupled with the huge demand for cracked software (namely games, since most gamers are young or not technical enough to catch them, along with assured targeting of powerful computers) to spread their miners across many computers making them a huge amount of money.

    Now whether you ever downloaded cracked software is none of my or anyone on this forum's business. There are also ways to get infected by this malware that are completely legal.

    The real issue is cleaning this stuff off your computer so your privacy and bank accounts aren't potentially threatened as well.
      My System SpecsSystem Spec

  9. #9


    Posts : 8
    Windows 8.1


    Well, thank you very very much, again. It took two scans of malwarebytes and a full scan of avast free to finally remove it. Still, to be safe I'm going to format it soon.

    On a side note: I don't pirate software at all. Nor do I pirate games. I play about three games, and they are all from Steam. I do pirate movies and tv shows, so it must have come from there, which is very strange because I always check that they are only movie files.
      My System SpecsSystem Spec

  10. #10


    Quote Originally Posted by bestuck View Post
    Well, thank you very very much, again. It took two scans of malwarebytes and a full scan of avast free to finally remove it. Still, to be safe I'm going to format it soon.

    On a side note: I don't pirate software at all. Nor do I pirate games. I play about three games, and they are all from Steam. I do pirate movies and tv shows, so it must have come from there, which is very strange because I always check that they are only movie files.
    Not meant as an accusation, sorry.

    Like I said, there are numerous ways to be infected by this type of malware.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
svchost.exe causing random CPU 100%
Related Threads
I have an issue that at times my computer gets all laggy(using all the resources) where a single action takes a lot of time to perform. So I opened my Task Manager and under processes I constantly see that this problem originates from the svchost consuming all available memory, that is, if I was...
57780 here is my file-- Hi, I followed the steps on the upload the files section, so that is what I have done above there as that is the zip file it created. I am not sure what is causing this issue, nor do I know how to look for the advanced details request to provide the systems Specs, or...
Is svchost is a malware? in System Security
The free version of AVAST identified svchost.exe in C:\Windows\System32 as a malware, but some articles on internet state it is not a malware. Is svchost.exe in that location really a malware?
Well the title pretty much says it all, after updating to 8.1 from 8, svchost.exe is using a massive amount of my bandwidth. I know svchost.exe is a collection of services, but what I want to know is how I can figure out what specifally is using up all my bandwidth. I did make sure to disable...
random memory errors causing bsod in BSOD Crashes and Debugging
my new machine is bsod at least twice a day, often with the error memory management attached are the zipped files from the diagnostic toll
Help for svchost in User Accounts and Family Safety
Hi, I have a few days one problem with svchost.exe. Can you help me please?
Problem with svchost in Software and Apps
So uh... I'm using my computer for many hours... and finally notice that I am using 4GB of RAM... on idle. 2653 Everything seems to be running as normal... Any ideas at what this could be? Edit: I tried to create a dump but it was taking too long, so I cancelled it, and noticed that the same...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook