0

I'm running Windows Server 2003 Standard (Much to my distaste), I've applied all the security updates and now I'm stuck with a box that's constantly being hammered by svchost.

The process ID is always around the 700 mark and if I use tasklist /svc, I can see that RpcSs is causing it.

I have tried various things that have come up in google searches such as turning automatic software update services off, removal of antivirus software, removal of systray items, removal of remote screen services such as RDP, VNC, LogMeIn etc.

I'm still stuck with this RpcSs running at 90%, I'm completely at the end of my tether with this now but I don't really want to sit through a complete re-install just to see if it happens again.

Squeeb
  • 152
  • 1
  • 13
  • To clarify - are you saying the CPU hammering started after the updates were applied? – Chris Feb 01 '11 at 20:41
  • Yep. Can't pinpoint which one though as I performed a few software updates one after the other. You know, download-install-restart, check for more updates, goto 0 – Squeeb Feb 02 '11 at 08:53

2 Answers2

2

You might try using the Sysinternals tools Process Explorer and Process Monitor. For example, in Process Explorer - select the relevant svchost.exe instance, right click and choose properties and then go to the Threads tab. You may see a dll name in there that gives you a clue.

Chris
  • 945
  • 7
  • 17
0

I have seemn some malware use this process and we had to use a bootable disk with the Syamantec Endpoint Recovery Tool and current defs to remove. It was some kind of rootkit that slipped by the installed AV.

Dave M
  • 4,494
  • 21
  • 30
  • 30