csrss.exe taching out cpu

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

even in safe mode. the process constantly keeps the cpu at 70-100%. this is
on a winxp HE sp2 dell computer. It did have viruses, but I have scanned at
least 3 times with diff antivirus, the last scan came back clean. I have
removed spyware as well. I have also defragged, ran chkdsk, put the power
mode to "always on", I also found a hotfix for "100% cpu utilization after
upgrading to sp2." Oh i almost forgot i did a repair install also. can
anyone help?
 
Bill said:
even in safe mode. the process constantly keeps the cpu at 70-100%. this is
on a winxp HE sp2 dell computer. It did have viruses, but I have scanned at
least 3 times with diff antivirus, the last scan came back clean. I have
removed spyware as well. I have also defragged, ran chkdsk, put the power
mode to "always on", I also found a hotfix for "100% cpu utilization after
upgrading to sp2." Oh i almost forgot i did a repair install also. can
anyone help?
Click to expand...

Download the AutoRun and see what Running process in the background causing
this, is it the MS Updates?:
http://www.microsoft.com/technet/technetmag/issues/2007/04/UtilitySpotlight/default.aspx
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
See what process is causing the 100% CPU usage and troubleshoot from there.
Turn OFF the MS update for now and see what lurking in the background, you
could be having Memory leakage, which terrible to resolve sometimes.
HTH.
nass
 
Before I got a chance to download Autoruns, I had to resolve another issue
with the NIC card. I reset tcpip and winsock. After a reboot not only did it
fix the NIC card issue it also fixed the csrss process issue. Go figure.
Thanks for the help.
 
*** I have solved the problem, and decided to use your tread as a
documention trail ***

I had the same problem, and you message hinted me.

the trojan / virus / bad guy software changes the following:
dhcp server name
browser start page
dns IP

in your case, by resetting your TCPIP data, you changed all the bad
data to the correct one

What I did is to search "85.255" in the registry (I recommand you do
the same just to be sure)

and removed all occurences of such IP adresses starting with 85.255

a UK consultant have all the IP the bad guy uses, just seach for
"85.255.113.67" in google groups to have all the list

Thank you for the hint, and good luck to all the people that might
stumble of this article


Spou
 
Back
Top