XP Windows / Automatic Updates SVCHOST.exe 100% CPU .. MS did something.

[Nicholas Burnell]

I've done thousands of XP installs with my media, always an easy updates scenario untill a few months ago.

Best slipstream some updates again.

Microsoft: You really are beginning to deserve to fail.

I only hope I dont have to do a Server or SBS 2003 from scratch ever again, my bet is it will be the same fault.

 

 Quick reply to the 8.1 comment. Normal people, old people, infirm people et all have all been tought to, "Drive" Windows in a certain (desktop) way.

 If you move the controls in their cars they would stop buying the car until someone put them back where they belong.

 (off subject, sorry)

[John Callaham Veteran]

Hey guys

been following this thread..have any of you who have been experienced this problem tried this out..Microsoft apparently released a patch several years ago for this very issue

http://www.windows-help-central.com/svchost-exe-100-percent.html

[Azies]

I run xp on an old PC I use as its GPU chugs under windows 7. I usually just let it sit there for a good five minutes then it kicks to life... Of course older machines, like my single core laptop tend to suffer greatly.

[francescob]

Sorry, but that's just a "stick my head in the sand and pretend it doesn't exists" approach to safety.

 

What happens when the next Blaster or Nachi comes along that makes use of a vulnerability in Windows to infect your machine without user intervention.  The Windows firewall is not infallible you know, especially the antiquated one in XP. I've seen malware able to disable it in the past. It can take AV vendors several days, if not weeks to push out definition updates for new viruses as quite often it depends on sample submissions.

After all those years it's extremely unlikely to see another remote vulnerability, even more one that bypasses the firewall, and almost impossible one that also bypasses the router that most people use. I've seen machines never updated after SP2, and that's almost from 9 years ago, having no issues at all. If you're fearful of the worst case scenario after SP2 you can close all the ports, inclusing those reserved by all the microsoft network client and file and printer sharing without even having to bother with editing registry entries (both Server and Workstation services are uninstallable). That said, choosing between a completely unusable machine and a machine perfectly usable but slightly less insecure the answer is pretty easy, if security was really that important you shouldn't even use a computer to start with. I'd be far more afraid to browse the web with an outdated java, flash or adobe reader plugin.

[Praetor]

i've had this problema a couple of months ago, it was a driver issue. Other than that recomend process explorer and process monitor to check whats going on.

[Praetor]

After all those years it's extremely unlikely to see another remote vulnerability, even more one that bypasses the firewall, and almost impossible one that also bypasses the router that most people use. I've seen machines never updated after SP2, and that's almost from 9 years ago, having no issues at all. If you're fearful of the worst case scenario after SP2 you can close all the ports, inclusing those reserved by all the microsoft network client and file and printer sharing without even having to bother with editing registry entries (both Server and Workstation services are uninstallable). That said, choosing between a completely unusable machine and a machine perfectly usable but slightly less insecure the answer is pretty easy, if security was really that important you shouldn't even use a computer to start with. I'd be far more afraid to browse the web with an outdated java, flash or adobe reader plugin.

 

dude, after April 8 in 2014 every exploit discovered that affects Windows XP won't be patched because there won't be a patch to begin with, so a experienced hacker can read the MS Bulletin, download the patch for other OS and by understanding what that patch does it can exploit the fault in Windows XP, by making malware that targets that fault, knowing that it won't be fixed. And considering the amount of users and organizations that use Windows XP, this is bad.

 

I remember the days of massing attacks by using worms and exploits that targeted Windows 2000; while most of the people migrated from 2000 to XP along th years and those attacks vectors were reduced, it took a while and in that same time, many attacks were sucessful.

[neufuse Veteran]

this use to be a bug in windows XP that MS fixed years ago when you were in pre SP2 or SP3 I can't remember it's been a while... but windows update would go nuts with the whole update service and run at 100% for a long time

[francescob]

dude, after April 8 in 2014 every exploit discovered that affects Windows XP won't be patched because there won't be a patch to begin with, so a experienced hacker can read the MS Bulletin, download the patch for other OS and by understanding what that patch does it can exploit the fault in Windows XP, by making malware that targets that fault, knowing that it won't be fixed. And considering the amount of users and organizations that use Windows XP, this is bad.

 

I remember the days of massing attacks by using worms and exploits that targeted Windows 2000; while most of the people migrated from 2000 to XP along th years and those attacks vectors were reduced, it took a while and in that same time, many attacks were sucessful.

You should read the whole chain of posts before answering. I already wrote that within 1 year XP won't be supported anymore. My point was that if you use a third party browser and keep adobe flash and reader updated the attack surface would still stay very low. Do you think that antivirus makers don't bother detecting the exploit codes as well?

[StarkWiz]

Hey guys

been following this thread..have any of you who have been experienced this problem tried this out..Microsoft apparently released a patch several years ago for this very issue

http://www.windows-help-central.com/svchost-exe-100-percent.html

Yes, this is not a new issue as many would think. I have noticed this on many machines when working with one of the MS partners, who were testing WGA. 

You can try using the offline updater, http://download.wsusoffline.net/

It updates the Windows Update files by default before installing any more updates. Make sure to update root certificates as well.

[francescob]

Hey guys

been following this thread..have any of you who have been experienced this problem tried this out..Microsoft apparently released a patch several years ago for this very issue

http://www.windows-help-central.com/svchost-exe-100-percent.html

 

Supported Operating System
Windows XP Service Pack 2

Isn't that already integrated in SP3?

[helpifIcan]

Iv'e had this issue on an old PC at church that was never online. Installed internet access the PC updated to SP3 and all the updates.

But still every day it would do this 100% thing, until I turned off auto updates.

Tried every thing  I could find to fix it finally gave up, as soon as we can get some donations for a new system bye bye XP.

[Nicholas Burnell]

Back from todays rounds, one of which was a lady in her 80's with a P4 Dell. "Running really slow" This is an eight year old install, guess what, 100% cpu cause by WU?

This, I'm sure now is not an old issue, or the same as an old issue, MS have done something. My previous post experiment with clean builds and now another in the field.

Proof enough for me.

[Nicholas Burnell]

 

 

Supported Operating System
Windows XP Service Pack 2

Isn't that already integrated in SP3?

 

Yes

[flynempire]

Perhaps done on purpose to have people move up to newer OS? I dont believe much in conspiracy but I would not put it past them.

[francescob]

Perhaps done on purpose to have people move up to newer OS? I dont believe much in conspiracy but I would not put it past them.

 

"Never ascribe to malice that which is adequately explained by incompetence."

[flynempire]

HA HA HA

[Nicholas Burnell]

"Never ascribe to mailice that which is adequately explained by incompetence Microsoft"

[John.D]

This happens iwith XP mode too. I was trying to install / update it, to make an up to date XP ISO.

 

I noticed svchost.exe was 100% constantly. I couldnt update it, without it freezing. The only thing that was installed was XP mode / with XP3.

 

Tried WSUS offline. it was fine but didnt update everything. Well, I couldnt figure out how to make it update everything. Even tho, I downloaded all the updates with it. And created an ISO with it

 

Altho, I dont know what happened after I installed XP mode. Not only would it not update, but later I found out that the BITS and Auto update services were borked (one / or both were corrupt somehow, or some files didnt register properly / files were missing). In the end, I gave up trying. It just took too long for it to do anything

[a1v1n23]

Expecting MS reply to Neowin...

[Raa]

Expecting MS reply to Neowin...

One can only hope.

 

Also - nice first post, and you've been here for 4 years! (Y)

[seta-san]

good news is that in six months someone will release an unofficial SP4 with all the updates rolled up into one nice package and slip streamed into an install disc.

[Lasoto]

Hi to all  :)

 

I found a solution !!!

 

1. Install fresh copy of Windows xp sp3

2. Install Internet Explorer 8  (without updates !!!)

3. Install this update kb2870699

 

 

 

And you are done :) No more 100% usage of svchost.exe

 

[perguife]

I have found the solution, I had the same problem and it worked for me:

 

http://staff.kfupm.edu.sa/COE/shafei/index_files/Page1373.htm

[francescob]

Still no news? :(

[Raa]

Okay so i'm just testing this now.

Made a new VM in ESXi, Installed a fresh copy of XP SP3 with no changes, updates, settings or anything.

 

Changed WU to "notify only", and waited with Task Manager open.

After about 3 minutes of brief spurts ranging from 0 to 25% activity on svchost.exe I noticed that wmiadap.exe got called and after that, svchost.exe locked on 99% CPU use. (The wmiadap.exe process closed soon after - Post edit : Seems this wasn't related as it's not being called now)

 

Going to try perguife then Lasoto's suggestions shortly.

 

 

Update 1 : perguife's suggestion failed to work, CPU locked at 99%. Trying Lasoto's suggestion next.

 

Update 2 : And Lasoto's suggestion hasn't worked either. CPU just locked at 99% again.

 

Update 3 : I took fatbeerguy's suggestion of first using procexp to find what service was causing trouble - no surprises it was svchost.exe backing wuauclt.exe, so then I used procmon to monitor system activity. And... the process logs showed very little (if any) change whether svchost was maxed or idle!

 

Any more ideas?

Edited October 11, 2013 by Raa