System process always at 99% since yesterday - Is it a virus?

[SFjavier]

Hi, I dont know if it is a virus, but yesterday night my computer suddenly
started to freezed up (or at least that seemed), when i checked the process
the system process was at 99% and the idle was at 0%.

thought it was a system problem and formated my machine, in fact i am just
finishing doing so, but my brother computer is behaving same way and he just
told me a client of his is also equal.

I check in the regedit run entry but cant find anything unusual and in the
major antivirus website dont mention a thing about this problem.

Is this a virus or a system failure?

thanks

 

[Rexxx]

I don't know what it is, but I am having the same trouble with many of my
machines.

One thing i found to at least stop the behaviour was to either:

1. Boot into safe mode and Turn off the XP firewall.

If that fails...

2. Boot into safe mode and uninstall SP2. Then, re-windows update after a
reboot.

I didn't see anything out of the ordinary on the machines, so I'm not sure
what has been causing it yet.... but thankfully, it isn't just me.

Chris

 

[Bert Kinney]

Hi,

< Extreme cross posting removed >

Download and install Process Explorer. Run it and take a look for the
process that's taking up all the CPU time.

Sysinternals Freeware - Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

 

[Rexxx]

Aha!

I just found somewhere that Trend Micro released a pattern file that causes
this havoc on XP with SP2. You'll have to manually update the pattern file
in safe mode if you are using PCCillian/Trend Micro anti virus.

Chris

 

[T. Waters]

If your computer behaves normally after the reformat, then you probably had
a virus or other software problem. If you still have the problem after a
format, then yo can suspect a hardware problem.
Your brother may want to diagnose the problem rather than performing a
reformat.

 

[SFjavier]

Thanks a lot!!! when i read this post and saw Trend Micro I knew you have
get it right. My computer and my brother's both have pccillin.

Do you read this in some trend micro page? i would like to check it out.

javier

 

[Nepatsfan]

You might want to look here:

http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionId=24264

 

[SFjavier]

i just want to thank you guys, in just a couple of minutes you help me with
a problem that if I werent so quick to do things, I woudnt have to format my
computer.

I am dissapointed at TrendMicro by now, but mostly because for me this is a
major issue and they even display it in their home page.

 

[T. Waters]

i just want to thank you guys, in just a couple of minutes you help
me with a problem that if I werent so quick to do things, I woudnt
have to format my computer.

I am dissapointed at TrendMicro by now, but mostly because for me
this is a major issue and they even display it in their home page.

TrendMicro sure screwed up on that one. Have to say that I can't recall a
similar catastrophe outside of the very viruses TM is trying to stop!

 

[Dallas Overturf]

Folks: I'm also seeing this starting late in the night 11-12pm EST on my
machine: XP Home SP2 256MB Athlon 1.8Ghz processor. 40Gb disk; about 4G
free.

2 people same night; probably not a system failure which is what I was
starting to think.

I keep my pc up to date.
The process that appears to be causing grief is the System process.
It is taking all cpu time. Never idle.

Of possible interest: I'm running PCCillan 2005 kept up to date.
Just went to PCC 2005 a couple weeks ago. last night Sat 4/22
or possibly Friday Night (not sure which) I noticed that PCC indicated
late in the evening (kinda unusual) that updates were available; and took
them. PCC updates are the only relative recent changes I'm aware of.

I came in late booted and went to kill the logitech process in sys tray
and it did not respond. Some stuff did, some did not, then more stuff
started not responding.
I did get the system to shutdown; upon reboot System appears hosed; however
give it 15-30 minutes and eventually my desktop will come up.
It's useless however as I have seen that the system image process
(not user SYSTEM) is soaking up cpu time for unknown reasons.

Anyone seeing this problem and NOT running Trend Micro PCCillan?
please let me know via email: (e-mail address removed)

I'd like to eliminate PCC as the culprit.
Note: If it's a virus it's likely new as it gets past both Trend and Panda.
online scans and past local active and updated PCC.

Anyone having any info on what this is or how to chase it please toss me an
email. I'm not very knowedgeable on debugging windows this deep down.

Further notes: I've tried from Safe boot uninstalling some stuff in the
sys tray I don't care about and also re-applying sp2.
No change except getting rid of some stuff seemed like it "might"
have helpe give me time to get to task manager where I watched cpu
resource move from 12 - 37 % and then suddenly to 100%.
No idea what caused it. Once at 100% due to System image; I lose.
and need to power off.
I've disabled everything in msconfig I understand which means my
sys tray is now empty (done from safe mode) this leave me one boot
where it seems like I get some time to look at Task Manager.

What is the diff between Safe Mode and Normal mode??
I'm in Safe mode to send this.

Thanks and Regards, Dallas...





--
Home Page: www.geocities.com/d_overturf
Replies regarding News Group messages to me may get a challenge verifier
back. (CHAP).
The Sender may be >
Subject: [Challenge Response] Confirm your email by visiting this URL
https://smtp.stowetel.com/challenge/... SomeURL.
If so you need to Click on the link in the challenge and do what it says.
This is usually a one time deal.

 

[Bert Kinney]

Hi Dallas,

4/22/05 Windows XP Service Pack 2 machines with critical patches and
PC-cillin Internet Security 2005 starts to experience high CPU
utilization after updating to Pattern 594
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionId=24264

 

[Ramesh, MS-MVP]

Windows XP: 100 % CPU UTILIZATION after installing TREND MICRO ANTIVIRUS:
http://oldlook.experts-exchange.com:8080/Operating_Systems/WinXP/Q_21399820.html

 

[Dallas Overturf]

Hi Bert: Thank you for the reply! I messed with it most of the evening
running different scans. I think I got it.

I believe it was one of two things.

1. about an hour ago PCC took another update prior to me rebooting.

OR... I'd spoken with a friend and he asked about the serial port.
Nothing there but there is always the mouse port.
Closest I could think of to it.

I took the trend update and before rebooting yanked my optical mouse
(it's a microsoft optical wheel mouse for USB with a mouse port adapter on
it. (I've had it since Summer of 2004). Mouse seemed to be working fine...
but who knows. I'm back to my old track ball mouse for now and all is
running well. PCC 2005 is 2.598.00.
With AIM and MSNM, PCC and a couple other things in tray.
Task Manager is now showing me as idle CPU is 1 or 2 % and the
System Idle process is showing what I'd expect.
Once I get some sleep (finally) I may try my optical mouse again....

Maybe this will help someone out there.

Thanks Very Much, Dallas...
-
Home Page: www.geocities.com/d_overturf
Replies regarding News Group messages to me may get a challenge verifier
back. (CHAP).
The Sender may be >
Subject: [Challenge Response] Confirm your email by visiting this URL
https://smtp.stowetel.com/challenge/... SomeURL.
If so you need to Click on the link in the challenge and do what it says.
This is usually a one time deal.

 

[Bert Kinney]

Hi Dallas,

I would bet the PCC pattern was the culprit, and not the mouse.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/

Hi Bert: Thank you for the reply! I messed with it most
of the evening running different scans. I think I got it.

I believe it was one of two things.

1. about an hour ago PCC took another update prior to me
rebooting.
OR... I'd spoken with a friend and he asked about the
serial port. Nothing there but there is always
the mouse port. Closest I could think of to it.

I took the trend update and before rebooting yanked my
optical mouse (it's a microsoft optical wheel mouse for
USB with a mouse port adapter on it. (I've had it since Summer of
2004). Mouse seemed to be working fine... but who knows. I'm back
to my old track ball mouse for now and all is running well. PCC
2005 is 2.598.00.
With AIM and MSNM, PCC and a couple other things in tray.
Task Manager is now showing me as idle CPU is 1 or 2 % and the
System Idle process is showing what I'd expect.
Once I get some sleep (finally) I may try my optical mouse again....
Maybe this will help someone out there.

Thanks Very Much, Dallas... -
Home Page: www.geocities.com/d_overturf
Replies regarding News Group messages to me may get a
challenge verifier back. (CHAP).
The Sender may be >
Subject: [Challenge Response] Confirm your email by
visiting this URL https://smtp.stowetel.com/challenge/... SomeURL.
If so you need to Click on the link in the challenge and
do what it says. This is usually a one time deal.
---------------------------------------------------------------------------------------------------------------------------

Hi Dallas,

4/22/05 Windows XP Service Pack 2 machines with critical
patches and PC-cillin Internet Security 2005 starts to
experience high CPU utilization after updating to
Pattern 594
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionId=24264

 

[Nigel]

The Trend Micro page relating to this is

http://support.antivirus.co.uk/trendmicro/regions.jsp

I also got hit.

Nigel

 

[Guest]

Also same problem, xp and trend. Cure for me was : safe mode - My Comp -
Program files - Trend Modro - Internet Security 2005 - Delete LPT$VPN.593 and
or LPT$VPN.594. (right click -Delete). Restart - open penecillan - get latedt
update. Hope this works for you all as it worked for me

Folks: I'm also seeing this starting late in the night 11-12pm EST on my
machine: XP Home SP2 256MB Athlon 1.8Ghz processor. 40Gb disk; about 4G
free.

2 people same night; probably not a system failure which is what I was
starting to think.

I keep my pc up to date.
The process that appears to be causing grief is the System process.
It is taking all cpu time. Never idle.

Of possible interest: I'm running PCCillan 2005 kept up to date.
Just went to PCC 2005 a couple weeks ago. last night Sat 4/22
or possibly Friday Night (not sure which) I noticed that PCC indicated
late in the evening (kinda unusual) that updates were available; and took
them. PCC updates are the only relative recent changes I'm aware of.

I came in late booted and went to kill the logitech process in sys tray
and it did not respond. Some stuff did, some did not, then more stuff
started not responding.
I did get the system to shutdown; upon reboot System appears hosed; however
give it 15-30 minutes and eventually my desktop will come up.
It's useless however as I have seen that the system image process
(not user SYSTEM) is soaking up cpu time for unknown reasons.

Anyone seeing this problem and NOT running Trend Micro PCCillan?
please let me know via email: (e-mail address removed)

I'd like to eliminate PCC as the culprit.
Note: If it's a virus it's likely new as it gets past both Trend and Panda.
online scans and past local active and updated PCC.

Anyone having any info on what this is or how to chase it please toss me an
email. I'm not very knowedgeable on debugging windows this deep down.

Further notes: I've tried from Safe boot uninstalling some stuff in the
sys tray I don't care about and also re-applying sp2.
No change except getting rid of some stuff seemed like it "might"
have helpe give me time to get to task manager where I watched cpu
resource move from 12 - 37 % and then suddenly to 100%.
No idea what caused it. Once at 100% due to System image; I lose.
and need to power off.
I've disabled everything in msconfig I understand which means my
sys tray is now empty (done from safe mode) this leave me one boot
where it seems like I get some time to look at Task Manager.

What is the diff between Safe Mode and Normal mode??
I'm in Safe mode to send this.

Thanks and Regards, Dallas...





--
Home Page: www.geocities.com/d_overturf
Replies regarding News Group messages to me may get a challenge verifier
back. (CHAP).
The Sender may be >
Subject: [Challenge Response] Confirm your email by visiting this URL
https://smtp.stowetel.com/challenge/... SomeURL.
If so you need to Click on the link in the challenge and do what it says.
This is usually a one time deal.
---------------------------------------------------------------------------------------------------------------------------

Hi,

< Extreme cross posting removed >

Download and install Process Explorer. Run it and take a look for the
process that's taking up all the CPU time.

Sysinternals Freeware - Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml