svchost downloading cookies

October 24, 2011 at 18:15:50
Specs: Windows XP
I have been having a problem with my computer lately. I have Win XP SP3 and I just performed all the latest updates (which I have been backed up on.) I also recently installed Adobe Acrobat Reader X.

After having performance issues, I have noticed an instance of svchost.exe running in my task manager. At first I thought it was automatic updates or something similar, but it keeps taking at least 200 Mb of memory space and using most of my CPU power.

I have attempted to determine the source of this unusual instance, and have found the following details:

This svchost is the only one that is the only one run under my username (all other instances are by SYSTEM or LOCAL SERVICE or NETWORK SERVICE.)

Process Explorer shows it a program under explorer.exe . No services are associated with it, but it is accessing hundreds of websites while it runs.

I determined the the only changes it is making to my computer is filling up a folder named "C:\Documents and Settings\%username%\Cookies with an enormous amount of cookie files with random names. The contents of these cookies are things like "" and other oddball commerical websites.

I have attempted to shut the program down, only to have it pop up every 30 minutes. Interestingly enough, my son's account (which is limited because his is only 7) has no problems like this and no cookies loading.

I have tried AdAware, McAfee, and Microsoft Malicious Software Removal tools and none of them have found anything (this program was accessing the internet and downloading tracking cookies under AdAware's nose)

I have attempted to shut down every possible program that is run in the background, to no avail. I even tried disabling add-ons to Mozilla hoping those would help.

Internet searches have been pointless. There are no particular answers to this problem. Does anybody have any ideas?

See More: svchost downloading cookies

Report •

October 24, 2011 at 23:38:14
What browser are you using?

What version is it?

Report •

October 26, 2011 at 10:44:28
Go into safe mode, find where your svchost.exe virus is.
If it is in System32, try searching for multiple Svchost.exe's
Delete it if it is outside of System32 because it's obviously a Virus.

Type in search-bar of your computer: %appdata%
Go to ---\Appdata\Local
See if Svchost is there, it usually is. I've been testing these sort of viruses and usually Svchost is in Appdata\local

FULL PATH: C:\Users\Cameron\AppData\Local
Replace 'Cameron' with your name.
Also, might want to make Hidden files show up! They usually hide themselves too!

Tell me if you find it in there!

Report •

October 29, 2011 at 18:29:44
I did try to look for the Appdata folder but with no luck. What I tried that worked was to create a brand new user account. I then simply migrated only my trusted data (My Document files, Mozilla settings, etc) to the new account. I have not encountered the problem since. I have left the old files on the computer in hopes of finding the source of the virus one of these days, but the folder is essentially quarantined.

Report •

Related Solutions

Ask Question