tcpsvcs.exe process eating upload bandwidth

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rockyyy, Jul 13, 2013.

  1. rockyyy

    rockyyy Private E-2

    first things first. let me introduce myself. i am a total newb to tech stuff. i have a fast internet (20mbps up/down), which i use to host game servers for fun. i run win server 2008. i do not run any firewall (they tend to block ports and ppl/admin tools wont be able to connect to my server.) i use windows security essentials, which isnt very helpful either.
    i have been facing a wierd problem lately.
    i installed an app to check my bandwidth usage and i find that my comp is unnecessarily uploading (god knows what. but i hope ppl in here also know).
    so i digged into it a it. i used tcpview and i found that TCPSVCS.EXE is uploading tons of data unnecessarily. if i terminate this process, the upload stops and my comp works normal (by normal i mean everything works fine, i havent faced any problem if i terminate this process manually). but this process tends to start up again sometime later and its causing a menace.
    i have run a scan with malwarebytes, it didnt help.
    heres a screen from tcpview of the process
    a screen of the upload pattern by the process
    how can i get rid of this. please help me
  2. rockyyy

    rockyyy Private E-2

    heres a screen of all the tcpsvcs.exe processes running
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We can check your PC for malware if you run the below cleaning process

    READ & RUN ME FIRST. Malware Removal Guide

    But your problem seems more like something your should discusss in the Software Forum.
    Or possibly Networking Forum or Games Forum since you are setting up a gaming server. I have a feeling what you are seeing will be normal due to the connections being made to the server. However, I'm not sure what you would have TCPSVCS.EXE running since this is normally more used when you are running a DHCP server. If you are sure that you do not need this then you should configure the service not to run. It is restarting because it is a service. You can discuss this in the other forums.

    Extremely dangerous and very much not recommended. You need to become a system administristrator and configure the firewall properly for how you need it to work. You should not be disabling it all together. You are opening up this PC to be hacked.

