[SOLVED] Mass of SVCHost.exe processes running at once, bogged down drive

Aidan B

Honorable
Sep 11, 2016
67
1
10,645
Hardware: MSI GF63 8RC running an i7-8750H, GTX 1050, and 32GB of RAM on Win10.

This laptop has always been slow. Like since day one, always sluggish to do much of anything, open programs, new windows, login, play games, etc. Once it gets going it does decently, but it doesn't run like its got the hardware it does, which honestly pisses me off. I've got it on a full-performance powerplan, cooler going full-blast, stock clocks, upgraded the RAM from 8GB to 32GB, etc. but its still slow as all get out. Heck, it took me a good 5 minutes to just load this page and start writing this thread. One of the issues I've noticed is the drive gets 100% maxed way too easily. With barely anything running it constantly hits 100% usage and the whole laptop bricks. I went looking through the system processes and noticed about 70 instances of SVCHost.exe running, as well as other garbage Win10 bloatware. I updated my batch file which periodically kills off bloatware to kill any task named "SVCHost.exe" and ran as admin, then BSOD. Honestly not sure why there are so many instances of SVCHost running, how to take care of that, and if that might solve the massive performance issue my laptop has, but I thought I'd reach out.

dcf6d5a6fde897f3e4d4f5c93de50e19.png
cf8725545139ab11d0a7cd1c297f9374.png
 
Solution
SVHOST is a common process, used by many legitimate programs including Windows. However, excessive use of it is a very good indicator of an infection. Especially if you are seeing problems, lack of resources, resources that don't release ever or freezes of any kind.

This is the kind of situation where, because there is doubt, it is highly recommended that you void everything and do a clean install. As they say, sometimes you just have to nuke it from orbit. It's the only way to be sure. :)

popatim

Titan
Moderator
each process has an ID# associated to it so you can track it down (See the PID column) but honestly. I would gather the required drivers and then wipe and install Win10 fresh straight from MS. https://www.microsoft.com/en-us/software-download/windows10

It's a free download, just make sure you get the same version you have installed already. Also link your current activation to your MS account, you can make your email address your ms account, and when you install windows you just activate using that since your current install is probably an OEM version and MS will throw a hissy fit and reject the OEM key.
 
SVHOST is a common process, used by many legitimate programs including Windows. However, excessive use of it is a very good indicator of an infection. Especially if you are seeing problems, lack of resources, resources that don't release ever or freezes of any kind.

This is the kind of situation where, because there is doubt, it is highly recommended that you void everything and do a clean install. As they say, sometimes you just have to nuke it from orbit. It's the only way to be sure. :)

 
Solution

Aidan B

Honorable
Sep 11, 2016
67
1
10,645
each process has an ID# associated to it so you can track it down (See the PID column) but honestly. I would gather the required drivers and then wipe and install Win10 fresh straight from MS. https://www.microsoft.com/en-us/software-download/windows10

It's a free download, just make sure you get the same version you have installed already. Also link your current activation to your MS account, you can make your email address your ms account, and when you install windows you just activate using that since your current install is probably an OEM version and MS will throw a hissy fit and reject the OEM key.
SVHOST is a common process, used by many legitimate programs including Windows. However, excessive use of it is a very good indicator of an infection. Especially if you are seeing problems, lack of resources, resources that don't release ever or freezes of any kind.

This is the kind of situation where, because there is doubt, it is highly recommended that you void everything and do a clean install. As they say, sometimes you just have to nuke it from orbit. It's the only way to be sure. :)


So, update on the situation. Long story short: I opened Adobe Creative Cloud in order to take advantage of the full Adobe Suite I'm allowed to use via my work account, and it tripped Nesht.A, Nesht.B, and Nesht.C trojans sitting in a folder containing a cracked Photoshop 2018 I had forgotten I had from probably god knows how long ago. I've since removed the folder and scanned my PC with Win Defender a few times, and it appears to have reduced the number of SVCHost instances. I looked into exactly what the Nesht trojans were and apparently, they're seen in the Task Manager as SVCHost. Still high disk usage, still an unusual amount of the instances running. I'm going to go ahead and wipe my laptop soon and get that fixed.
 

Colif

Win 11 Master
Moderator
you may not see that many on a normal install but a few versions of windows ago they changed how many exist now. Before there was about 9 at most and all processes were in groups, now every process has its own SvHost. So i have about 95 of them but most aren't active. just waiting to be used.