Network Service - svchost

  Spook Tooth ( 09:48 24 Oct 2005

This program appears to be responsible for a steady consumption of 3kbps bandwidth (up and down) since, if it's closed, the transfer of data in Netmeter ceases.

I just would like to what component of Windows XP Pro this is really and if it is indeed the source of such relatively high bandwidth leaching. As I have been experiencing a great many problems with regards to internet functioning for some time I'm trying to be doubly sure there is absolutely nothing my end that is causing it (details spared).

THe PC has AVG Free ed, Spywareblaster, Spybot 'search and destroy' installed and I'm using XP firewall (SP2) as well as routinely scanning for nasties and keeping system free of dodgy programs, so I'm fairly confident there's nothing too untoward going on. I'm just confused as to why my system has a continuous 3kbps activity and wondered if this was the norm?

(I'm connected over ethernet to netgear router on an LLU datastream product if that helps.)

  splork 11:07 24 Oct 2005

Get this click here for a detailed look at what is running. svchost is used multiple times to launch services and other programs.

Have installed/ran Process Installer as suggested. It's a very informative program, much more so than the one I tried prioer to that (Security Task Mgr).

From running it, I can see the svchost prog I was concerned about had a PID of 1136 and there were numerous instances of TCP/IP activity. After killing the process, network activity stopped - so it looks like whatever applications are using this svchost.exe are really banging away at my connection (constant 3 up/3 down) but what are they doing?

Also, I read about worms/viruses and suchlike masquerading as svchost operations and the consensus was any occurences of this file outside the Windows/System 32 folder are suspect. Is that so, as I found 2 such files:

1 - C:\WINDOWS\ServicePackFiles\i386

2 - C:\WINDOWS\Prefetch

I ran both AVG (fully updated) and the FixWelch tool from Symantec that deals with the W32.Welchia worm that makes use of the svchost services to disguise itself and progate over the internet BUT it came up with nothing.

So, is my PC infected or not? What could be accounting for such contstant activity?

Well, the prefetch one appears to be harmless...

  splork 13:53 24 Oct 2005

Those are both legitimate system folders. Try a packet sniffer click here or a TCP viewer click here to get a better view of what is communicating with whom. Or try `netstat -a` from your command prompt and match up the processes with known running tasks.

I tried those utilities though to be honest I really couldn't make much sense out of the information available. That said, the first line of the packet investigated from using the packet sniffer intrigued:

"POST /upnp/service/WANCommonInterfaceConfig HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetCommonLinkProperties"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Content-Length: 315
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="click here" SOAP-ENV:encodingStyle="click here"><SOAP-ENV:Body><m:GetCommonLinkProperties xmlns:m="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>"

I viewed my netgear router settings for plug and play status and decided to switch it off and the 3kbps traffic up and down immediately dropped off and has remained so. I guess I don't really need that running anyway?

Thanks for your assistance. I'm hoping to resolve the nature of my connection trouble and at least hope I have one aspect solved. With regards to the netstat and other network commands, tracerts etc, do you know of any links/sites that have good tutorials on the subject? I've had a look but really they are far too technical for me to understand.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

See the work of famous artists playing with toys

iPad Pro 10.5in (2017) review

Comment faire une capture d’écran sur un Mac ?