Task manager - Win 2k

[Aerobat6]

My machine has been running slow lately, (cpu usage often at 90%-100%)and I noticed there are TWO instances of services.exe running all the time. one is in all CAPS, the other all lowercase. Also, there are TWO svchost.exe programs running all the time both lowerscase. Any ideas?

It also seems like there are a lot of processes that I have not noticed before. What is absolutely REQUIRED, for win to run?(or what can i kill?)
Keith

 

[Tarkus]

If you click on the CPU colum header in the Processes tab of Task Manager the processes using the most CPU time will show up at the top. That would be a good place to start looking for what's using all your CPU time.

Usually if it's an important system service you won't be allowed to end the process.

 

[MattG]

svchost is required for alot of programs to run.

you can try and end a few that dont look normal, see if that helps.

But i really wouldnt suggest it. It really means that you have too much starting up on boot up and should clean some out.

Or toss in another RAM stick so there isnt much work for the CPU.

Or get a faster CPU

 

[supadrasta]

SVCHOST.EXE

SVCHOST.EXE is a virus

NOTE: u have 2 instances of svchost.exe that are viruses
1.SVCHOST.EXE
2.svch0st.exe (a zero instead of 'o')

keep this link handy
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

 

[Stephen79]

SVCHOST.EXE / SERVICES.EXE in upper case is not a virus, its a hack tool. Its a renamed servudaemon.exe

Basically, someone has hacked in to your computer and uploaded serv-u to run an FTP from your machine.

Download process explorer and right click on SERVICES.exe and check the path it is running from. My guess would be either

c:\recycler\
or
c:\win...\system32\

Also check its dependancies (there should be one an .ini file [probably named servudaemon.ini)

end the process and delete the file. Open up services (from administrator tools / manage) and look for a service called (Serv-U FTP etc) disable it.

Post the servudaemon.ini file here, if you wish, and I can run a check on the hash codes to help find out the accounts they created, and where they uploaded any files or back doors to.

patch your system.

 

[DLx/P]

I also have 2 "svchost.exe" processes running on my Win2000 machine. Why is this? I can't end either one.

 

[Stephen79]

its not uncommon to have many svchost.exe (lower case) processes running on your computer. Its nothing to worry about as they are system resources.

SVCHOST.EXE is usually a trojan/hacktool serv-u however

 

[DLx/P]

Just looked at my XP machine, it has 4 of these services running. All in lower case though.

 

[Stephen79]

then your fine DLx/P

Aerobat6 - patch your 'puter