Hot Downloads

Welcome, Guest
Username: Password: Remember me

Warning: sprintf(): Too few arguments in /home/firewall/public_html/libraries/joomla/language/text.php on line 312

TOPIC: 100% PROCESSER UTILISATION

100% PROCESSER UTILISATION 10 years 10 months ago #12904

  • gainil
  • gainil's Avatar
  • Offline
  • Frequent Member
  • Posts: 52
  • Karma: 0
Hi,

I am using Windows 2K Standard Server with service pack4. Recently I am facing this problem, if I keep my server running for 5-6 days there r many (around 25 sometimes) entries of cmd.exe in the taskmanager and the svchost.exe takes 95%-99% utilisation making the machine very slow. In the background process no process is running.

Can someone Help ??

Regards


Nilesh
The administrator has disabled public write access.

Re: 100% PROCESSER UTILISATION 10 years 10 months ago #12906

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Sounds suspicious. You should not have that number of cmd.exe instances running unless you've opened up those windows yourself or you have services/processes which have initiated them. You may want to run antivirus and spyware scans. Do you browse the internet from this machine and is it behind firewall?
The administrator has disabled public write access.

Re: 100% PROCESSER UTILISATION 10 years 10 months ago #12910

  • gainil
  • gainil's Avatar
  • Offline
  • Frequent Member
  • Posts: 52
  • Karma: 0
There r no command prompts opened but still there are so many cmd.exe in the TaskManager. This machine is connected to the Internet, very few times almost null is used for browsing. and uses TinyFireWall Personal Edition. I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.
The administrator has disabled public write access.

Re: 100% PROCESSER UTILISATION 10 years 10 months ago #12911

  • cisman
  • cisman's Avatar
  • Offline
  • Frequent Member
  • Posts: 27
  • Karma: 0
there can be more than problem with your server. you have to find out why are you getting it.

1. are you using genuine o/s. check wheather your o/s is ok, check for updates.

2.like the da light mentioned i also recomend to check for bugs. some times the sites which attack your server will have your details and will send you regular bugs for some time. so even if you delete them they come again"beware". (i recommend symantec server edition try that)..

3. conflict with other software can also cause this problem check that aswell.

pls let inform whats happening!
The administrator has disabled public write access.

Re: 100% PROCESSER UTILISATION 10 years 10 months ago #12912

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
I have run McAfee Antivirus but could not find anything other than few trojons which were removed/deleted.
I would perform further checks using HijackThis! and the excellent Autoruns from Sysinternals. Both these products require some knowledge of what you're looking for, but you can download a fully-functional evaluation of Spyware Doctor for an easy fix.
The administrator has disabled public write access.

Re: 100% PROCESSER UTILISATION 10 years 10 months ago #12914

From the below link from MS

support.microsoft.com/default.aspx?scid=kb;en-us;250320

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost

Would it be possible to find out what in the first place is causing multiple instances of cmd.exe?

Isn't this the proper approach to tackle an issue instead of just running scans on a machine and not really knowing what one is trying to accomplish?

I think it would be best to do analysis to find what is responsible for multiple cmd.exe's.

/EDIT:

Also, check out these tools from Windows 2000 Resource Kit:

www.microsoft.com/windows2000/techinfo/r...t/tools/default.mspx

pstat.exe [Process and Thread Status]
pulist.exe [Lists Processes running on local or remote computer]
Qslice.exe [CPU Usage by Processes]
<= IИse©u®ity Is A ®esult Of T®ying To Be Se©u®e =>
The administrator has disabled public write access.
Time to create page: 0.097 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup