Dell Window XP system. I have the dreaded 100% CPU utilisation problem
because one of the svchost.exe taking all of the CPU (plus lsass.exe).
I know it's a legitimate program, however I fear it is being hijacked.
When I end the offending process the system returns to normal. I have
also noticed that I am unable to start the windows firewall AND it
appears system restore has been messed up.
I have tried an incredible number of virus checkers including the
Norton that came with the PC, but they have noticed nothing. I have
also tried a vast array of spyware packages (spybot etc.).
Perhaps someone can help me; I hope the answer will not include have
you updated windows and/or virus checker.
Big thanks, S.

---

Request for Question Clarification by sublime1-ga on 23 Apr 2004 11:04 PDT

irishbigboy...

Please try the following: Go to Administrative Tools -> Services
and find 'DNS Client'. Right-click it and select 'Properties',
and select 'Stop' to stop this service. Then right-click on your
taskbar and select 'Task Manager', and click on the 'Performance'
tab, and see if your CPU usage has dropped off to normal. If so,
then go back to DNS Client in the Services window and set the 
'Startup type' to 'disabled'.

In my experience, this service is less than useless, and disabling
it will not detract from the functionality of your computer.
This service also serves to slow the computer considerably in some
cases, cranking CPU usage to 100% for long periods. Disabling it
should increase your preformance as well.

If this resolves your problem, let me know and I'll post this
as a formal answer.

sublime1-ga

---

Clarification of Question by irishbigboy-ga on 26 Apr 2004 03:02 PDT

Dear sublime1-ga,

I tried your suggestion but there is no change. Basically unless I
switch off the svchost.exe that is causing the problem then
svchost.exe + lsass.exe always equals 100% cpu usage. When it is
switched off, then it is back to very low CPU usage.

Regards,
ibb

Oh, hey, one more thing, the rootkit moght have written code to the
hidden (usually 8 meg) partition on your drive. You might want to
consider a low level format to eliminate this possibility.

Again, best of luck and do not despair - you'll beat it with diligence.

What is a low level format? cheers, Ibb

IBB...

Re low level format, see this page:
http://www.pcguide.com/ref/hdd/geom/formatUtilities-c.html

Nothing as serious as a low-level format is required.  Simply click on
Start.  Goto Run, type "msconfig", click okay.  When MSConfig Comes
up, click on services, then check the checkbox that says "Hide
Microsoft Services". Uncheck everything that is left (Unless you
recognize it as being something you use). Then goto the next tab,
start-up.  Uncheck anything you don't recognize.  Don't worry, you
can't uncheck anything that can't be re-checked, and NOTHING is
required.  Finally, click apply, and click Restart.  Thats it.