System process handle leak

D

doc

Recently I have noticed that my system process has been
leaking handles. Over the course of a day, the handle
count goes from ~400 to over 10,000. Memory usage does
not increase very much, but the system does start slowing
down. Process explorer shows that most of the new handles
are registry key handles with no name under the System
process. I've tried using regmon to track down what
registry key is being accessed, but have not been able to
track it down.

I'm running windows 2000 sp4 with all critical updates
install. My computer is also serving as a NAT router for
my home network, if that helps. I've searched microsoft
support files, and updated everything I can think of with
no luck. Considering how closely I've monitored my
computer to try to figure this out, I am also pretty
confident that no trojan or malicious software is running.

Any ideas on what might be causing this, or how I could go
about tracking down what registry key these handles are
opening?
 
C

cclittle

I have recently discovered this problem as well. When it starts to
happen, my System process handle count goes from about 500 to 2750 in
3 hours. The increase is not continuous from boot, but seems to take
off randomly (due to some event I haven't been able to correlate). I
also notice that I am unable to connect to the computer via shares
(\\computername\sharename), and eventually I am unable to print to its
shared printer as well. Sometimes I get a message to the effect that
the "RPC server is unavailable". Also the logons (net clients or
terminal clients) become very slow. I haven't been able to track down
anything unusual going on with our network, but we are not connected
to the internet and our NAV defs are current. On reboot the problem
goes away for awhile - the last time it was 13 days, this time it was
about 36 hours.

Using Process Explorer I can see that there are tons of File handles
open to \Device\NetbiosSmb

This is a Win2K Server SP4 with hotfixes through about 04-01-2004. We
are running SQL2K with SP3a, MSMQ, Symantec NAV 8.0, Arcserve 2000 SP4
with BAOF (services not running, but filter driver still is - see MSKB
822219).

I'd appreciate a heads-up if anyone hears anything.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Handle leak in System process? 1
Handle leak in System process? 8
how to find source of a handle leak 11
Handle Leak driving me mad (seems to have something to do withThreading) 5
recognize this handle leak? 1
Massive handle leak in spoolsv.exe -- on all computers 3
Finding a resource leak, is it the background thread or somethingelse? 14
svchost is out of control 2

Top