- Posts: 52
- Thank you received: 0
100% PROCESSER UTILISATION
18 years 9 months ago #12904
by gainil
100% PROCESSER UTILISATION was created by gainil
Hi,
I am using Windows 2K Standard Server with service pack4. Recently I am facing this problem, if I keep my server running for 5-6 days there r many (around 25 sometimes) entries of cmd.exe in the taskmanager and the svchost.exe takes 95%-99% utilisation making the machine very slow. In the background process no process is running.
Can someone Help ??
Regards
Nilesh
I am using Windows 2K Standard Server with service pack4. Recently I am facing this problem, if I keep my server running for 5-6 days there r many (around 25 sometimes) entries of cmd.exe in the taskmanager and the svchost.exe takes 95%-99% utilisation making the machine very slow. In the background process no process is running.
Can someone Help ??
Regards
Nilesh
18 years 9 months ago #12906
by DaLight
Replied by DaLight on topic Re: 100% PROCESSER UTILISATION
Sounds suspicious. You should not have that number of cmd.exe instances running unless you've opened up those windows yourself or you have services/processes which have initiated them. You may want to run antivirus and spyware scans. Do you browse the internet from this machine and is it behind firewall?
18 years 9 months ago #12910
by gainil
Replied by gainil on topic Re: 100% PROCESSER UTILISATION
There r no command prompts opened but still there are so many cmd.exe in the TaskManager. This machine is connected to the Internet, very few times almost null is used for browsing. and uses TinyFireWall Personal Edition. I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.
18 years 9 months ago #12911
by cisman
Replied by cisman on topic Re: 100% PROCESSER UTILISATION
there can be more than problem with your server. you have to find out why are you getting it.
1. are you using genuine o/s. check wheather your o/s is ok, check for updates.
2.like the da light mentioned i also recomend to check for bugs. some times the sites which attack your server will have your details and will send you regular bugs for some time. so even if you delete them they come again"beware". (i recommend symantec server edition try that)..
3. conflict with other software can also cause this problem check that aswell.
pls let inform whats happening!
1. are you using genuine o/s. check wheather your o/s is ok, check for updates.
2.like the da light mentioned i also recomend to check for bugs. some times the sites which attack your server will have your details and will send you regular bugs for some time. so even if you delete them they come again"beware". (i recommend symantec server edition try that)..
3. conflict with other software can also cause this problem check that aswell.
pls let inform whats happening!
18 years 9 months ago #12912
by DaLight
Replied by DaLight on topic Re: 100% PROCESSER UTILISATION
I would perform further checks using HijackThis! and the excellent Autoruns from Sysinternals. Both these products require some knowledge of what you're looking for, but you can download a fully-functional evaluation of Spyware Doctor for an easy fix.I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.
- Dead-Neur0ns
- Offline
- New Member
Less
More
- Posts: 16
- Thank you received: 0
18 years 9 months ago #12914
by Dead-Neur0ns
<= IИse©u®ity Is A ®esult Of T®ying To Be Se©u®e =>
Replied by Dead-Neur0ns on topic Re: 100% PROCESSER UTILISATION
From the below link from MS
support.microsoft.com/default.aspx?scid=kb;en-us;250320
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
Would it be possible to find out what in the first place is causing multiple instances of cmd.exe?
Isn't this the proper approach to tackle an issue instead of just running scans on a machine and not really knowing what one is trying to accomplish?
I think it would be best to do analysis to find what is responsible for multiple cmd.exe's.
/EDIT:
Also, check out these tools from Windows 2000 Resource Kit:
www.microsoft.com/windows2000/techinfo/r...t/tools/default.mspx
pstat.exe [Process and Thread Status]
pulist.exe [Lists Processes running on local or remote computer]
Qslice.exe [CPU Usage by Processes]
support.microsoft.com/default.aspx?scid=kb;en-us;250320
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
Would it be possible to find out what in the first place is causing multiple instances of cmd.exe?
Isn't this the proper approach to tackle an issue instead of just running scans on a machine and not really knowing what one is trying to accomplish?
I think it would be best to do analysis to find what is responsible for multiple cmd.exe's.
/EDIT:
Also, check out these tools from Windows 2000 Resource Kit:
www.microsoft.com/windows2000/techinfo/r...t/tools/default.mspx
pstat.exe [Process and Thread Status]
pulist.exe [Lists Processes running on local or remote computer]
Qslice.exe [CPU Usage by Processes]
<= IИse©u®ity Is A ®esult Of T®ying To Be Se©u®e =>
Time to create page: 0.136 seconds