# Windows 7 SVChost.exe using almot all available memory



## GetReal720 (Apr 16, 2014)

My father has a dell OptiPlex GX 270 running windows 7.

For the longest time, it ran just fine and it only had 1GB of memory.
Now, just under a year later it has been slowing way way down.  Now
I've figured out that it is due to all of the available memory being used
even after placing another 1GB stick in the machine.

But in both cases, when it had 1GB system memory and even after
it had 2 GB system memory, the system would "run out" of memory
after some period of time (5 min to 40 min) and it is SVChost.exe
taking up large large chunks. Sometimes as much as 500+ MB memory
for one single svchost.exe instance.

Any ideas of how to get this to stop, or identify which underlying processes
that are causing this? I'm running MalwareBytes Anti Malware right now.

Just strange that it worked fine for so long, and now it does this "memory
hogging" situations?


----------



## zsolt_93 (Apr 16, 2014)

That kind of asks for a reinstall. Something screwed with the service host, maybe malware, but maybe something just went wrong with windows. Windows installs arent things that last like forever, 7 is better than XP in lasting more between reinstalls, but it still can get screwed up by malware or adware that hogs your system. If you want by all means to keep this install Malwarebytes is a good start. Continue by removing programs that are dubious, some install automatically with other software.


----------



## FordGT90Concept (Apr 16, 2014)

Use Sysinternals Process monitor to see what services are running on that svchost.exe.


----------



## GetReal720 (Apr 16, 2014)

I've downloaded and installed that program, but I can't seem to find any easy way to do this?

How do I go about getting it to show me what you've mentioned?


----------



## FX-GMC (Apr 16, 2014)

GetReal720 said:


> I've downloaded and installed that program, but I can't seem to find any easy way to do this?
> 
> How do I go about getting it to show me what you've mentioned?



Should be listed below svchost.exe if you expand it out:


----------



## FordGT90Concept (Apr 16, 2014)

Blah, wrong program.  Give me a minute...

Edit: Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653

Not the first time I made that mistake...


----------



## FX-GMC (Apr 16, 2014)

FordGT90Concept said:


> Blah, wrong program.  Give me a minute...
> 
> Edit: Process Explorer:
> http://technet.microsoft.com/en-us/sysinternals/bb896653
> ...



I even missed it and posted a screenshot of Process Explorer.


----------



## Solaris17 (Apr 16, 2014)

This smells like a root kit. I see it alot at work. you should do a run of TDSS and MBAR


----------



## a_ump (Apr 16, 2014)

watching in on this one, interesting. Never heard of that processes of a process program. Let us know OP.


----------



## FX-GMC (Apr 16, 2014)

Solaris17 said:


> This smells like a root kit. I see it alot at work. you should do a run of TDSS and MBAR



Good idea.  +1 for MBAR


----------



## puma99dk| (Apr 16, 2014)

i would run both, i even used Malwarebytes today at work, it just do the job +1


----------



## FordGT90Concept (Apr 17, 2014)

Windows Update can do some crazy stuff and so can HP printer services.


----------



## GetReal720 (Apr 17, 2014)

Using Process Explorer yields nothing, the svchost.exe that is hoggin all the memory has no expandable box to show
me any "sub process" that is operating under that call.

Also when I hover over the svchost.exe that is using all the memory, it only say

"Command Line:

svchost.exe

Path:

C:\Windows\System 32\Svchost.exe

I think I'm going to try running TDSS Killer and MBAR.... MBAM turned up nothing but some "non-malware" PUP's.

Thanks for all of the suggestions so far

P.S.

@FordGT90Concept 

I know windows update can screw with things, that is a possibility. However they don't have any HP printer
stuff on the machine at all. The only printer they use is a brother laser printer.


----------



## FordGT90Concept (Apr 17, 2014)

There's the problem.  It is system32, not system 32.  Correct path is:
C:\Windows\System32\svchost.exe

...unless that was a typo.


----------



## puma99dk| (Apr 17, 2014)

U say the svchost.exe eating up memory don't have a service underneath it in Process Explorer have u tried in Task Manager right click and go to Services or something i think is the name if nuth shows up either i would try closing it to see what fails and needs to be short down too.

Bcs normally like FX-GMC shows a screen of it should have services underneath maybe u just have a virus named svchost.exe or something is just really really odd here.


----------



## micropage7 (Apr 17, 2014)

i guess its virus or worm,  or junk apps
check whats on your apps list too, is there any unusual


----------



## P4-630 (Nov 11, 2015)




----------



## puma99dk| (Nov 12, 2015)

P4-630 said:


>



what image?


----------



## Bo$$ (Nov 12, 2015)

noobakia said:


> The reason is 100% the windows updates process! Microsoft and their noobs programmers again... Instead of fixing their bugs they are creating more!
> During the update process the svchost.exe can consume up to 2G ram. the result is after a while your computer will start to use swap... that comes free of charge with the perfect memory management Microsoft does...


Virus. nothing more.


----------



## jboydgolfer (Nov 12, 2015)

for a second there i thought my Flux capacitor had malfunctioned, but then i realized......


----------



## GoldenX (Nov 12, 2015)

Bo$$ said:


> Virus. nothing more.


Nah, it is Windows Update generating the package list, it's a killer on low RAM PCs. Every time I put Win 7/8/10 on a 1GB PC I have to disable Windows Update in services.msc, it's the only way to avoid having it eat all the RAM.
It gets worse if it tries to download Office updates too.


----------



## Mussels (Nov 12, 2015)

this is windows update. seen it on half a dozen machines now, everyones bringing their old windows 7 machines to me because they're running like shit.


needs to be left awake and online for many, many hours to hash all these bloody updates and the windows  10 upgrade. can use 4+GB of ram, only disabling the service really helps.


----------



## GoldenX (Nov 12, 2015)

The worst thins is that it uses the whole CPU, not only RAM. Imagine what it is on a Sempron 140, Celeron 420 and older processors. It takes half a day.


----------



## George Scott (Mar 7, 2016)

NOOBAKIA and GOLDENX were correct for my HP Laptop.  MS standalone updates froze when I upgraded from WIN 7 HOME PREMIUM to WIN 7 PRO.  I cancelled out of the updater within the WIN 7 PRO UPGRADE after is spun around for over 3 hours. After trying all the "fixits" and "KB updaters" , I read their posts and noticed the same results. The last "fix" I ran was  WINDOWS6.1-KB3102810-64 (intel 64bit CPU) for about 90 minutes  (it will first pop-up with another windows standalone update box and do whatever it does). After it gets through that process then it asks you to proceed with a couple procedures and I noticed that the 1.5gb memory svchost process is gone and the CPU USAGE has dropped from %25 to less than %5 and memory usage from %50 to %20.  After less than 1 hour and I have over 175 updates ready to install but it has fixed my problem and I've seen the same thing on another dozen PCs in the last year.  
NOTE - I've seen some people state that it may take up to 24 hours leaving the update process running before it resolves the problem so be patient with this one.  
THANK YOU NOOBAKIA and GOLDENX 

I've also seen from other help sites that all the users had to do was set the taskbar for the update process to "show icons and notifications" - for Windows Update
 (Right click "PROPERTIES" on the task bar, then click "CUSTOMIZE" for list of task bar programs and change from "LIST NOTIFICATIONS ONLY" to "SHOW ICONS AND NOTIFICATIONS"


----------



## GoldenX (Mar 7, 2016)

Glad that it helped you. I'm going to try that last fix.


----------



## Schmuckley (Mar 7, 2016)

Disable update from the jump if you have 7 sp1.
That's what I would do.


----------

