CrazyEngineers
CrazyEngineers

  • Trouble With Unnecessary Download By Host Process For Windows Services

    Satya Swaroop Dash

    Member

    Updated: Oct 25, 2024
    Views: 1.2K
    I am having a serious trouble, a few months ago I noticed that my broadband usage was going up. I shut down all the automatic updates on all the softwares installed on my computer. Still the usage was pretty high. Since I use Kaspersky Internet Security 2013, I went into its network monitor to check which service was the culprit. I found out that “Host Process For Windows Services” was taking up crazy amounts of download. Within a month it had taken up 13 GB of download. Of course, since most of the time it happened during my service provider’s ‘Night Unlimited’ time. Then I few days ago I found a solution <a href="https://blog.haraldkraft.de/2012/11/windows-service-svchost-exe-is-downloading-constantly/" target="_blank" rel="nofollow noopener noreferrer">Windows service (svchost.exe) is downloading constantly » blog.haraldkraft.de</a> that suggested to go to ‘Services.msc’ and shut down services like Background Intelligent Transfer service that starts downloading updates as soon it sees an idle connection and IP Helper service that assists with IPv6 connectivity. Even after implementing these tips, the download still continued. I tried limiting the “Host Process For Windows Services” by blocking it from Kaspersky’s Network Filter but that ended up blocking all my network communication. I have tried to Googling this problem but it was of no help. The problem starts when the connection is idle, for example when I am composing an article for VoiCE, my browser is idle and no other download is in progress and it is during that time the download begins and I am just left in horror as the broadband status show about 60 MB of download within a few minutes .

    So could anyone help me in finding out the cause and cure for this problem.
    0
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies

  • rahul69

    MemberAug 28, 2013

    By Host Process For Windows Services do you mean taskhost.exe?
    Are you sure? This action cannot be undone.
    Cancel

  • Nayan Goenka

    MemberAug 28, 2013

    Ok here are some things I need you to verify.

    Open msconfig and check which services are auto loading at startup as well as other times.
    Check if you have windows update on auto-update settings mode.
    Check if you have any other software installed which is a developer tool or a microsoft product and is set on auto update.
    Check if you have any server utility installed
    Check if your task manager is auto loading services.
    Enable firewall and restrict all traffic to admin mode only.
    Check all services that have default mode set to admin, if they have update utility
    Check Event Logs when the download happens. See which software or service is doing it. You will get a path to it there.
    Check if you have rogue installations on your computer.
    Check registry by using regedit. Clear registry for rogue entries.
    If none of these work, I would recommend you to format c: and reinstall windows
    Are you sure? This action cannot be undone.
    Cancel

  • Satya Swaroop Dash

    MemberAug 28, 2013

    rahul69
    By Host Process For Windows Services do you mean taskhost.exe?
    Nope, its svchost.exe.
    Are you sure? This action cannot be undone.
    Cancel

  • KenJackson

    MemberAug 29, 2013

    If a virus added or replace a file on your machine, it will probably have a more recent date than the other files. I found the only virus I've been infested with this way. Open a CMD window and enter:
    cd %winsysdir%      (This should take you to C:\windows\system32 or equivalent)
dir /od
    The dir /od command lists files in order of date, most recent last. Hundreds of files will quickly scroll by. Ignore them. Just look at the last few files, which will be the most recently modified files in the directory. If an executable file has a recent date and you don't recognize it, there's a chance that Windows Update just legitimately replaced it, but there's also a good chance it's a virus.
    Are you sure? This action cannot be undone.
    Cancel

  • Satya Swaroop Dash

    MemberAug 29, 2013

    Nayan Goenka
    Ok here are some things I need you to verify.

    Open msconfig and check which services are auto loading at startup as well as other times.
    Check if you have windows update on auto-update settings mode.
    Check if you have any other software installed which is a developer tool or a microsoft product and is set on auto update.
    Check if you have any server utility installed
    Check if your task manager is auto loading services.
    Enable firewall and restrict all traffic to admin mode only.
    Check all services that have default mode set to admin, if they have update utility
    Check Event Logs when the download happens. See which software or service is doing it. You will get a path to it there.
    Check if you have rogue installations on your computer.
    Check registry by using regedit. Clear registry for rogue entries.
    If none of these work, I would recommend you to format c: and reinstall windows
    I thought my Visual Studio installation would have been up to something, but even after looking into them I could not find anything
    Are you sure? This action cannot be undone.
    Cancel

  • Satya Swaroop Dash

    MemberAug 29, 2013

    KenJackson
    If a virus added or replace a file on your machine, it will probably have a more recent date than the other files. I found the only virus I've been infested with this way. Open a CMD window and enter:
    cd %winsysdir%      (This should take you to C:\windows\system32 or equivalent)
dir /od
    Untitled
    The above is the result and I think the PerfStringBackup is the culprit, from a little Google search, everyone seems to point out PerfStringBackup.INI. But it looks like a log file of something.
    Have a look at the screenshot, I think you can figure out something.
    Are you sure? This action cannot be undone.
    Cancel

  • KenJackson

    MemberAug 30, 2013

    I don't see anything alarming--assuming you updated the flash player last month. Also, I don't know what directory 1033 is.
    Are you sure? This action cannot be undone.
    Cancel

  • Satya Swaroop Dash

    MemberAug 30, 2013

    KenJackson
    I don't see anything alarming--assuming you updated the flash player last month. Also, I don't know what directory 1033 is.
    Thanks, man. You and @#-Link-Snipped-# were quite helpful.
    I have implemented both of your solutions, and I am keeping a keen eye on my network monitor and will keep you updated.
    Are you sure? This action cannot be undone.
    Cancel

  • Nayan Goenka

    MemberAug 30, 2013

    Satya Swaroop Dash
    Thanks, man. You and @#-Link-Snipped-# were quite helpful.
    I have implemented both of your solutions, and I am keeping a keen eye on my network monitor and will keep you updated.
    No problem. Happy to help. You make Voice Content for us that is quite awesome 😛
    Btw there is one more advanced setting you can do. After this you need to jst forget about this issue and that is configure firewall in advanced mode. Of course that is some pretty tough advanced stuff but that is the ultimate option you can do to control your network
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register