"System" Takes Over and Won't Let Go

[Jim]

I have found several inquiries regarding "System Idle Process" -- this
is *not* it. "System Idle Process" causes no problems or concerns for
me.

I'm having a problem with image name "System" user name "SYSTEM" -- it
just takes over and maxes out the CPU for an extended period of time.
I first noticed it after I installed BOINC to run Seti@Home. It
seemed "System" and "seti@home" swapped back and forth on the CPU. It
was slowing things down too much, so I haven't been running BOINC or
seti@home for over a month.

This "System" thing, though, hasn't gone away and it actually getting
worse. When it has taken over, I can't do anything, including shut
down. It gets by the "Windows is shutting down" notice and then I
have a blue screen until I just pull the plug myself -- which further
messes things up.

If I have Agent (my newsreader) get new headers in all the groups I
read, and this "System" thing has taken over, it can take hours for
Agent to run through about 50 groups. I can't shut down Agent, or the
computer, because I can't get it to even stop the tasks.

Last night, after waiting for two hours to be able to shut the
computer down with this happening, I just turned it off. So today,
Agent was totally trashed -- to the point where I had to find my
registration key and reinstall it -- all my messages were gone.

If this is a virus, it's one no one else has ever gotten or no one
else knows about -- I've already scanned for all of that.

I know that "System" is a legitimate XP process -- but I want to know
what it does, why it's taken over and how I turn the darn thing off so
I can use my computer again.

TIA

The SYSTEM identifier is used by several processes which execute parts of
Windows.

You should not turn any of them off; probably you can't. You may be able to
lower the priority of the
offending processes though.

These events sould like malware which has hijacked parts of Windows. It is
time to do a thorough
scan of your system for malware. Don't make the mistake of believing that
one AV package can't find
anything proves that you don't have anything.

Jim

 

[BlueBrooke]

I have found several inquiries regarding "System Idle Process" -- this
is *not* it. "System Idle Process" causes no problems or concerns for
me.

I'm having a problem with image name "System" user name "SYSTEM" -- it
just takes over and maxes out the CPU for an extended period of time.
I first noticed it after I installed BOINC to run Seti@Home. It
seemed "System" and "seti@home" swapped back and forth on the CPU. It
was slowing things down too much, so I haven't been running BOINC or
seti@home for over a month.

This "System" thing, though, hasn't gone away and it actually getting
worse. When it has taken over, I can't do anything, including shut
down. It gets by the "Windows is shutting down" notice and then I
have a blue screen until I just pull the plug myself -- which further
messes things up.

If I have Agent (my newsreader) get new headers in all the groups I
read, and this "System" thing has taken over, it can take hours for
Agent to run through about 50 groups. I can't shut down Agent, or the
computer, because I can't get it to even stop the tasks.

Last night, after waiting for two hours to be able to shut the
computer down with this happening, I just turned it off. So today,
Agent was totally trashed -- to the point where I had to find my
registration key and reinstall it -- all my messages were gone.

If this is a virus, it's one no one else has ever gotten or no one
else knows about -- I've already scanned for all of that.

I know that "System" is a legitimate XP process -- but I want to know
what it does, why it's taken over and how I turn the darn thing off so
I can use my computer again.

TIA

 

[BlueBrooke]

The SYSTEM identifier is used by several processes which execute parts of
Windows.

You should not turn any of them off; probably you can't. You may be able to
lower the priority of the
offending processes though.

I can't turn it off and I can't lower the priority, either --
apparently because it is a "SYSTEM" process? The priority is set at
"normal" but apparently "normal" in this instance is "no one else gets
to play." ;-)

These events sould like malware which has hijacked parts of Windows. It is
time to do a thorough
scan of your system for malware. Don't make the mistake of believing that
one AV package can't find
anything proves that you don't have anything.

Jim

I know that's what it sounds like -- that's why I checked -- and not
with just one package. Which ones would you recommend to rule this
out?

Thanks --

 

[Jim]

I can't turn it off and I can't lower the priority, either --
apparently because it is a "SYSTEM" process? The priority is set at
"normal" but apparently "normal" in this instance is "no one else gets
to play." ;-)


I know that's what it sounds like -- that's why I checked -- and not
with just one package. Which ones would you recommend to rule this
out?

Thanks --

David Lipman's Multi_AV package is the one usually suggested. It has four
different packages.

Do these events take place in safe mode? If so, you may be looking at a
complete
reinstall.

Jim

 

[Patrick Keenan]

I have found several inquiries regarding "System Idle Process" -- this
is *not* it. "System Idle Process" causes no problems or concerns for
me.

I'm having a problem with image name "System" user name "SYSTEM" -- it
just takes over and maxes out the CPU for an extended period of time.
I first noticed it after I installed BOINC to run Seti@Home. It
seemed "System" and "seti@home" swapped back and forth on the CPU. It
was slowing things down too much, so I haven't been running BOINC or
seti@home for over a month.

This "System" thing, though, hasn't gone away and it actually getting
worse. When it has taken over, I can't do anything, including shut
down. It gets by the "Windows is shutting down" notice and then I
have a blue screen until I just pull the plug myself -- which further
messes things up.

If I have Agent (my newsreader) get new headers in all the groups I
read, and this "System" thing has taken over, it can take hours for
Agent to run through about 50 groups. I can't shut down Agent, or the
computer, because I can't get it to even stop the tasks.

Last night, after waiting for two hours to be able to shut the
computer down with this happening, I just turned it off. So today,
Agent was totally trashed -- to the point where I had to find my
registration key and reinstall it -- all my messages were gone.

If this is a virus, it's one no one else has ever gotten or no one
else knows about -- I've already scanned for all of that.

I know that "System" is a legitimate XP process -- but I want to know
what it does, why it's taken over and how I turn the darn thing off so
I can use my computer again.

TIA

Have you tried using Process Explorer to identify what it is that's actually
consuming CPU cycles? It's much more helpful than Task Manager.


HTH
-pk

 

[Patrick Keenan]

I have found several inquiries regarding "System Idle Process" -- this
is *not* it. "System Idle Process" causes no problems or concerns for
me.

I'm having a problem with image name "System" user name "SYSTEM" -- it
just takes over and maxes out the CPU for an extended period of time.
I first noticed it after I installed BOINC to run Seti@Home. It
seemed "System" and "seti@home" swapped back and forth on the CPU. It
was slowing things down too much, so I haven't been running BOINC or
seti@home for over a month.

This "System" thing, though, hasn't gone away and it actually getting
worse. When it has taken over, I can't do anything, including shut
down. It gets by the "Windows is shutting down" notice and then I
have a blue screen until I just pull the plug myself -- which further
messes things up.

If I have Agent (my newsreader) get new headers in all the groups I
read, and this "System" thing has taken over, it can take hours for
Agent to run through about 50 groups. I can't shut down Agent, or the
computer, because I can't get it to even stop the tasks.

Last night, after waiting for two hours to be able to shut the
computer down with this happening, I just turned it off. So today,
Agent was totally trashed -- to the point where I had to find my
registration key and reinstall it -- all my messages were gone.

If this is a virus, it's one no one else has ever gotten or no one
else knows about -- I've already scanned for all of that.

I know that "System" is a legitimate XP process -- but I want to know
what it does, why it's taken over and how I turn the darn thing off so
I can use my computer again.

TIA

Have you tried using Process Explorer to identify what it is that's actually
consuming CPU cycles? It's much more helpful than Task Manager.

http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

HTH
-pk

 

[BlueBrooke]

Hi, Jim --

David Lipman's Multi_AV package is the one usually suggested. It has four
different packages.

The URL I have for that
(http://www.ik-cs.com/programs/virtools/Multi_AV.exe) is invalid. Do
you have a more current one?

Do these events take place in safe mode? If so, you may be looking at a
complete
reinstall.

I haven't tried it in safe mode -- thank you for the reminder.

I've read elsewhere that some have experienced this with a failing
processor.

 

[BlueBrooke]

Have you tried using Process Explorer to identify what it is that's actually
consuming CPU cycles? It's much more helpful than Task Manager.

http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

HTH
-pk

Hi, Patrick --

I ran Process Explorer and am more confused than ever -- which isn't
saying much.

On a normal boot, Process Explorer shows the SYSTEM process with user
name NT AUTHORITY/SYSTEM. In safe mode, however, the user is "<unable
to open token>"

In Process Explorer, there is no one process that is using the same
CPU percentage as is shown in Task Manager -- it looks like it's a
combination of three processes.

I recognize the processes where I am the user, but I don't recognize
the other stuff.

Process PID CPU Description Company Name User Name
System Idle Process 0 NT AUTHORITY\SYSTEM
Interrupts n/a 26.87 Hardware Interrupts
DPCs n/a 55.22 Deferred Procedure Calls
System 4 10.45 <unable to open token>

Does the above mean anything to you?

Thanks for the help.

 

[BlueBrooke]

David Lipman's Multi_AV package is the one usually suggested. It has four
different packages.

Do these events take place in safe mode? If so, you may be looking at a
complete
reinstall.

Things are really getting weird now --

When I tried to start in safe mode, I had no keyboard or mouse. I had
to try to boot several times before I could use them, always having to
kill it because it just won't shut down.

And while I was waiting for it to shut down (which it never did) I
noticed that the green "power light" and the orange HDD light woudld
go out -- but the fan kept running and I had blue screen with the
mouse pointer on it -- this after the "Windows is shutting down" box
closes.

Left to it's own devices, it will stay this way for hours. If I can,
I usually leave it and let it shut down, eventually, on it's own, but
there have been times I've gotten up in the morning and it's still
running. Sometimes, like when storms are coming in, I have to just
literally pull the plug.

I'm really not wanting to do a clean install. Since I'm on a 26K
dial-up connection, it would take me literally weeks to download all
updates, etc., etc., and be able to use it again. :-(

And I'm also wondering, if this is a virus, what is it doing? I mean,
don't they usually *do* something?

Thanks for the help.