on a fresh install of Wndows XP i have an instance of SVChost taking up to 17MB m not sure y i have killed all unneeded services and startup programs, it still takes around 16MB if i end it in the taskmanager i have no problem w/ the system, is there a reason that it is taking so much room that i dont know of? its a clean in stall i only have AIM installed

Svchost.exe is an application used to host services. Many of XP's default services run using svchost. Depending on exactly which service that instance is running, it may or may not be safe to end the task. Instead of ending the task, just go into Administrative Tools -> Services and stop as well as disable those you don't need. Instances of svchost.exe should start disapperaring, and hopefully the one that's gobbling up your memory :)

JigPu

ive already done all of that, i dont have a SVThost taking up 10+mb on any of my other PC's thats y this one cought my eye, its not 4 instances taking up about 16mb its ONE instance taking 16mb

http://www.theforumisdown.com/uploadfiles/1203/taskman.JPG

DLLHOST.EXE COULD BE THE NACHI WORM/VIRUS!!!!

I noticed from your screenshot that you have it highlighted.

please make sure that you scan for it asap,

i was infected with it about a month ago, i ate up all of my upload bandwidth on my DSL line,

i got it from a bogus copy of winxp that had the NACHI worm disguised as DLLHOST.exe or .dll

rezon8

(i slipped up and broke a forum rule, so i edited out the bad statement, VERY SORRY, and yes i got what i deserved, totally legit now... wont happen again....:( :( :( )

it just happens to be high lighted how could have it on a format not 5hrs old

The only thing I can think of offhand is the possibility that you're infected with a virus...possibly welchia, msblaster or lovesan. It creates a "fake" svchost.exe file under C:\Windows\system32\wins. If you have this directory and that file is in it, you are most likely affected. Information:

http://www.pchell.com/virus/welchia.shtml
http://www.kellys-korner-xp.com/xp_qr.htm#rpc
http://vil.nai.com/vil/content/v_100499.htm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://www.bigblackglasses.com/Article.aspx?Article=342

You need the patch described here to protect against it:

MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
http://support.microsoft.com/?kbid=824146

Problem is, you need to install the patch BEFORE you get infected to avoid it.

nope none of those helped

Originally posted by rezon8
i got it from a bogus copy of winxp from kazaa...

i guess i deserved it...



Please remove the refeerance to warez.

Mentioning illegal software is not tolerating on this forum, and you agreeed to that stipulation.

Yes you did deserve it. Programers need to eat too.

Well, if you're daring, you can hit 'end task' on the sucker and see what happens. If it's not a critical service, it should stop and then restart with (hopefully) less memory usage. If it IS a critical service, the system will either freeze, reboot, or give you that "going to shutdown in 30 seconds" thing.

Try at your own risk :)
JigPu

Originally posted by AltecXP
it just happens to be high lighted how could have it on a format not 5hrs old

hey i have this directory C:\WINDOWS\system32\wins but it is empty.

when i end task the sound cuts out, but if i desable the sound service and restart the SVThost is still there taking up aobut 15mb

no more ideas? :(

I think that your 'big' svchost is related to the sound output of your machine. Mine is about 16-17MB too, and if I kill it the sound wont work until I reboot.
However, I think the cpu usage at your pic is way too high(97%). Did you play music or something when you captured the pic?

I look at 'memsize' of the processes to know which one is what.

Added a pic from my taskmanager: