Skip to main content

100% PROCESSER UTILISATION

More
18 years 9 months ago #12904 by gainil
Hi,

I am using Windows 2K Standard Server with service pack4. Recently I am facing this problem, if I keep my server running for 5-6 days there r many (around 25 sometimes) entries of cmd.exe in the taskmanager and the svchost.exe takes 95%-99% utilisation making the machine very slow. In the background process no process is running.

Can someone Help ??

Regards


Nilesh
More
18 years 9 months ago #12906 by DaLight
Sounds suspicious. You should not have that number of cmd.exe instances running unless you've opened up those windows yourself or you have services/processes which have initiated them. You may want to run antivirus and spyware scans. Do you browse the internet from this machine and is it behind firewall?
More
18 years 9 months ago #12910 by gainil
There r no command prompts opened but still there are so many cmd.exe in the TaskManager. This machine is connected to the Internet, very few times almost null is used for browsing. and uses TinyFireWall Personal Edition. I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.
More
18 years 9 months ago #12911 by cisman
there can be more than problem with your server. you have to find out why are you getting it.

1. are you using genuine o/s. check wheather your o/s is ok, check for updates.

2.like the da light mentioned i also recomend to check for bugs. some times the sites which attack your server will have your details and will send you regular bugs for some time. so even if you delete them they come again"beware". (i recommend symantec server edition try that)..

3. conflict with other software can also cause this problem check that aswell.

pls let inform whats happening!
More
18 years 9 months ago #12912 by DaLight

I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.

I would perform further checks using HijackThis! and the excellent Autoruns from Sysinternals. Both these products require some knowledge of what you're looking for, but you can download a fully-functional evaluation of Spyware Doctor for an easy fix.
More
18 years 9 months ago #12914 by Dead-Neur0ns
From the below link from MS

support.microsoft.com/default.aspx?scid=kb;en-us;250320

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost

Would it be possible to find out what in the first place is causing multiple instances of cmd.exe?

Isn't this the proper approach to tackle an issue instead of just running scans on a machine and not really knowing what one is trying to accomplish?

I think it would be best to do analysis to find what is responsible for multiple cmd.exe's.

/EDIT:

Also, check out these tools from Windows 2000 Resource Kit:

www.microsoft.com/windows2000/techinfo/r...t/tools/default.mspx

pstat.exe [Process and Thread Status]
pulist.exe [Lists Processes running on local or remote computer]
Qslice.exe [CPU Usage by Processes]

<= IИse©u®ity Is A ®esult Of T®ying To Be Se©u®e =>
Time to create page: 0.136 seconds