04-10-2012 06:08 AM - edited 04-10-2012 06:13 AM
NIS v 18.104.22.168
Vista Home Premium 32 bit with Vista SP2
I took a peak at my recent history and noticed an entry High Disk Write Usage by :Host Process for Windows Services.
So basically saying that svchost.exe did something around 4am today
I checked to see if the firewall let anything in or out on or about that sametime. Nothing was noted
The information on the logged item also said
"Disk Write Activity 715MB (total for this process"
So not really sure what this means and why it happened or if it is a sign of malicious behavior.
I know that sometimes virus/malware uses svchost.exe
So anything to be concerned about regarding this notification?
04-10-2012 06:49 AM
Norton will certainly block the SVCHOST.exe nasty. To make sure(For your Satisfaction) you can do some background check on the svchost.exe processes that are running in your computer. To do that you can goto the Task Manager --> goto processes (tab) --> click on show process from all users --> Now you can see the svchost.exe processes --> right click one by one and then select goto service(s) --> This will provide you the insight about that svchost.exe process --> You can see what services are running under the hood (check the Description) --> So by doing this you can make sure nothing malicious is running under the name of svchost.exe.
Otherwise you can use the command tasklist /SVC in the command prompt to get the background info.
04-10-2012 08:10 AM
Norton will certainly block the SVCHOST.exe nasty.
Don't scare people unnecessarily. It is with overwhelming likelyhood a normal svchost.exe doing routine stuff.
Calls: can you check the event viewer and see if a system service was doing something special at that point? Could be the Windows defragmenter or another Windows service; they run under svchost.exe.
04-10-2012 08:18 AM - edited 04-10-2012 08:19 AM
What i meant is, if anything malicious is hiding behind a legit system file or service Norton is having the capability to detect and remove such nasties.
I had came across this fake SVCHOST.exe in the past in one of my friends computers. And the malicious file pretending to be legit svchost showed up in the task manager in Uppercase. And thats the reason i put it the same way in my post. And by the way scaring isn't my job...
04-10-2012 12:02 PM
04-10-2012 12:50 PM - edited 04-10-2012 12:55 PM
Check the event viewer entries for that time.
Open Start menu, type eventvwr in the search box. Check "Windows Logs" -> System especially. Scroll down until the relevant time.
And what is currently running isn't very interesting; many services that run under svchost.exe shut down when they are done with whatever it was they did.
Anyway, that disk usage isn't a sign of malicious activity per se. It doesn't even have to be "high" usage. NIS just thinks it is. Most likely it wat the optimal disk usage at the time.
04-11-2012 08:31 AM
04-11-2012 09:45 AM
Is your Windows updates itself automatically y downloading updates or you insitiate them manually?
Because while updating the components(services) which are running under the svchost file might spike the memory usage for a bit of time, when the update is happening.
04-11-2012 10:50 AM
04-11-2012 02:35 PM
Most likely it's nothing to worry about. Not malware-related, anyway; worst-case scenario you have an issue with Windows, but that's unlikely too. The numbers you mentioned aren't very spectacular, either. Your Norton product might think they are high, but they are really not.