Hw do I tell what's causing the system process to run 99%

[Guest]

System is very slow, all work affected - task manager shows cpu usage at 100%
- the only process showing anything significant is System which obviously
cannot be removed. How can I tell what program or function is actually
causing this. Have disabled everything not essentail from startup. Have
made several services manual instead of automatic. Nothing seems to help.
Have Symantec with latest virus download running and have run the microsof
beta antispyware and nothing shows up. Have set windows explorer so I can
see all hidden and system files and could see nothing unusual. Have looked
at Run in the registry and again nothing unusual. Is there a way to break
the 'system' process and show what it really consists of?

 

[David H. Lipman]

From: "Hoss" <[email protected]>

| System is very slow, all work affected - task manager shows cpu usage at 100%
| - the only process showing anything significant is System which obviously
| cannot be removed. How can I tell what program or function is actually
| causing this. Have disabled everything not essentail from startup. Have
| made several services manual instead of automatic. Nothing seems to help.
| Have Symantec with latest virus download running and have run the microsof
| beta antispyware and nothing shows up. Have set windows explorer so I can
| see all hidden and system files and could see nothing unusual. Have looked
| at Run in the registry and again nothing unusual. Is there a way to break
| the 'system' process and show what it really consists of?

Try a "second opinion" AV scan


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *

 

[Guest]

David Lippman, Thanks.
I followed your instructions - ran the beta MS AntiSpware again - emptied
the temp folders and TIF files, downloaded the MacAfee programs and ran the
Clean.Bat in both safe mode and normal. The scan took almost a whole work
day for one pass through and then another day for the second. 0 possibly
infected on all drives, master boot records and bootsectors. It did show 2
Non-critical errors but without additional comments. I noticed when it was
running that there were some Symantec Files that showed on the screen as
corrupted.
After the MacAfee scans completed, I removed all trace of Symantec using a
combintion of Add/Remove programs and manual effort. It's amazing how many
registry entries are left behind after Add/Remove gets done. Then I shut the
machine down and brought it up again and the system idle time was finally
showing some percentages instead of the system process hogging the whole CPU
.. Symantec reinstalled itself from the server and the system process again
went to 99% and didn't come back down. I removed my computer from the
Symantec System Console on the server so it wouldn't keep attempting to
reinstall, then removed the reinstalled software from my computer. For two
days now my computer has been running smoothly and fast. Now I have to find
out how to get SAVCE running on the computer again without the cpu hogging
since we are not authorized to use any other AV program.
This is the only machine of the 100 we run that has had this problem. All
of our machines get patched at the same time (Shavlik). Most of the machines
are running MS 2000 Pro like mine, about 5 are running XP and 10 or so are
still NT. The domain is NT (PC and DC) with a stand alone Windows 2000
Advanced server - no active directory. So it's resolved but not resolved.
Thanks again. Hoss