| By Scott Dunn |
Problems with an important Windows component, svchost.exe, can consume up to 100% of CPU time.
Now, a beta release of Windows Live Messenger threatens to spread the problem to even more users, unless their systems are patched soon.
The svchost.exe saga has persisted for months
Readers of the paid version of Windows Secrets are familiar with this story by now. Editorial director Brian Livingston first reported the issue nearly a year ago, on July 27, 2006. Contributing editor Susan Bradley has documented Microsoft’s attempts to solve it in the Jan. 18, Apr. 19, May 10, and May 24 issues this year. The problem has risen to a such a degree that we feel all Windows users should be aware of it.
Microsoft has long known of issues with svchost.exe — the process that runs services of DLLs (dynamic link libraries). There are many symptoms associated with the problem. Among the most common is a drastic slowdown of computer performance as svchost.exe consumes memory and CPU cycles.
The cause of the issue turned out to be the service that provides Automatic Updates. In response, many users began disabling Microsoft Update, an enhanced version of the more-limited Windows Update.
Recently, users who installed the beta 8.5 version of Microsoft’s Windows Live Messenger found that Microsoft Update is automatically turned on, with no choice for opting out. If you don’t read the initial installer dialog carefully, you might not even notice what has happened. The practice potentially exposes an even wider number of users to the svchost.exe bug. (For more information, see a posting by a blogger named Pharod.)
Figure 1. The Windows Live Beta installer turns on auto-updates and switches to Microsoft Update from Windows Update.
Diagnosing the problem on your own system
How do you know if you have this problem? If your system is experiencing a dramatic slowdown, try launching Windows Task Manager to see. To do this, right-click the Task Bar, the area to the right of the Start button, (or press Ctrl+Shift+Esc) and choose Task Manager. Make sure the Processes tab is active, and click Image Name to sort the list. You’ll see one or more instances of svchost.exe. If the CPU column shows 100%, or the memory usage seems extraordinarily high, you may be experiencing this bug.
Microsoft has detailed other symptoms in Knowledge Base article 927891. These include an access violation error in svchost.exe and unresponsive systems during update scans by Windows Update or Microsoft Update.
Some users respond by selecting the memory-hogging svchost.exe in Task Manager’s Processes tab and clicking End Process. Unfortunately, doing so can kill other services your system needs, such as audio. And, it won’t prevent the problem from returning later.
The bug affects users of XP (all versions, including XP Media Center), Windows Server 2003, and Windows 2000.
What to do if you’re affected
To solve this problem, Microsoft is offering a two-part fix. The first part has been offered to those who use Automatic Updates since May 22, according to a source at Microsoft who asked not to be named. Microsoft has been rolling out the second patch to users gradually, beginning in early May, and expects to complete delivery by the end of June, according to my source. Those who don’t use Automatic Updates — or who haven’t received both fixes and want them sooner — can follow the steps below:
Step 1. Patch msi.dll. Users need to replace the msi.dll file (the Microsoft Installer DLL) that svchost.exe controls. To do this, download and install the patch from Knowledge Base article 927891.
Step 2. Update Windows Update. Users also need to get the latest Windows Update client, which is version 3.0. Links to the 32- and 64-bit versions can be found at the Windows Server Update Services (WSUS) Product Team blog.
Although previous Microsoft fixes to svchost.exe — nearly a half-dozen in the last 10 months — addressed specific issues for some users (such as patching memory leaks or eliminating svchost.exe crashes, according to my source), none have solved all the problems once and for all. Even the patches Microsoft currently offers will not stop svchost.exe from registering 100% CPU usage in Task Manager’s Processes tab at times. But, the company claims, your system should still be responsive and svchost.exe will share CPU cycles with other processes after both patches have been installed.
Unfortunately, Microsoft did not wait for these patches to be delivered to everyone before issuing a Windows Live Messenger beta that switches users from Windows Update to Microsoft Update. This introduced the problem to some users who had not experienced it before.
Microsoft is confident that it has developed an effective solution to this problem. Hopefully, this time the company’s right.
Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.