Notes on a Large svchost.exe

My computer very suddenly got really really slow. When I went to look svchost.exe was at nearly 2GB of RAM and 50% of my CPU.  I immediately thought I had a virus and ran through several virus, root kit and malware scans and got nothing.  I didn’t even find anything remotely suspicious.  For those of you who hit this blog looking for help, I’ll skip to the end of the story.  I stopped a service from Citrix  – wfcrun32.exe  – from starting on boot and rebooted.  This dropped my svchost.exe back into the realm of sanity. 

If you try this and it doesn’t work for you, keep reading.  One of the things that didn’t work for me might be your culprit. 

First off, my employer requires Microsoft Security Essentials. I don’t personally care for it.  It’s like most free things…. you get what you pay for, unless YOU happen to be the product.  In the case of Security Essentials, it’s a bit of both.  You are the product  – your data, your usage, your browsing habits, your code.  I personally hate it because it wants me to send all of the code that I write for my employer back to Microsoft “for analysis”. So I have it.  It scans once a week. I meet our mandated requirements for it, but no one said I have to trust it to be only line of defense. 

So I was using another product for my “real” protection – real time, email, web browser, etc.  Since neither of them are active at the same time, it was working quite well.  Well, it seems that Microsoft’s product suddenly took exception to that and this was contributing to my giant svchost.exe problem.

Next I set Superfetch to “Manual” and stopped the service.  This helped a little but still didn’t resolve my problem problem.  Since I’m on a static IP and a hardline, I disabled all the wireless and bluetooth services.  Again, this helped some but still not enough.  So I kept looking and lo and behold I found wfcrun32.exe chewing up my CPU and my RAM.