Causes and solutions to the CPU usage of 100 in Win
When we use the Windows operating system, the system becomes slower when we use it. We only found out when we looked at the "Task Manager" CPU usage reaches 100. What's going on? Is there a virus, a problem with the hardware, or a problem with the system settings? In this article, the author will explain why the system resource usage reaches 100 from three aspects: hardware, software and viruses.
CPU usage of 100 often occurs. The main problem may occur in some of the following aspects:
Nine possibilities for high CPU usage
1. Anti-virus software causes malfunctions
Since the new versions of KV, Kingsoft, and Rising have all added random monitoring of web pages, plug-ins, and emails, this undoubtedly increases the system burden. Solution: There is basically no reasonable solution. Try to use the least monitoring service, or upgrade your hardware configuration.
2. The driver has not been certified, causing CPU resources to occupy 100%.
A large number of test versions of drivers are flooding the Internet, causing difficult-to-find fault causes. Processing method: Pay special attention to the graphics card driver. It is recommended to use Microsoft-certified or officially released drivers, and strictly check the model and version.
3. Caused by viruses and Trojans
A large number of worms replicate rapidly within the system, causing the CPU resource usage to remain high. Solution: Use reliable anti-virus software to completely clean the system memory and local hard disk, and open the system settings software to check whether there are any programs that start abnormally. Regularly update and upgrade anti-virus software and firewalls, strengthen anti-virus awareness, and master correct anti-virus knowledge.
4. Control Panel - Administrative Tools - Services - RISING REALTIME MONITOR SERVICE Right-click the mouse and change to manual.
5. Start-gt; run-gt; msconfig-gt; start, close unnecessary startup items, and restart.
6. Check the "svchost" process.
svchost.exe is a core process of Windows XP system. svchost.exe not only appears in Windows XP, but also exists in Windows systems using the NT kernel. Generally, the number of svchost.exe processes in Windows 2000 is 2, but in Windows XP, the number of svchost.exe processes rises to 4 or more.
7. Check the network connection. Mainly the network card.
8. Check the network connection
When a computer with Windows XP installed as a server receives a connection request on port 445, it will allocate memory and allocate a small amount of CPU. resources to service these connections. When overloaded, the CPU occupancy rate may be too high because of the inherent trade-off between the number of work items and responsiveness. You will want to determine the appropriate MaxWorkItems settings to improve system responsiveness. If the set value is incorrect, the server's responsiveness may be affected, or a user may monopolize too many system resources.
To solve this problem, we can solve it by modifying the registry: expand the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver] branch in the registry editor, and create a new name in the right window Is the DWORD value of "maxworkitems".
Then double-click the value, type the following values ??in the window that opens and save and exit:
If the computer has more than 512MB of memory, type "1024"; if the computer has less than 512 MB of memory, type "256".
9. Check whether using the right mouse button in Windows XP causes the CPU to occupy 100%.
A report not long ago said that using the right mouse button in the resource manager will cause the CPU to occupy 100%. We Come and see what's going on?
Symptoms:
In the Explorer, when you right-click a directory or a file, you may have the following problems:
Any The file copy operation will likely stop responding at that time
The network connection speed will be significantly reduced
All stream input/output operations such as using Windows Media Player to listen to music will have It may be caused by music distortion:
When you right-click a file or directory in the resource manager, when the shortcut menu is displayed, the CPU usage will increase to 100. When you close the shortcut menu time to return to normal levels.
Solution:
Method 1: Turn off "Use transition effects for menus and tooltips"
1. Click "Start" - "Control Panel"
2. Double-click "Display" in the "Control Panel"
3. Click the "Appearance" tab in the "Display" properties
4. In the "Appearance" tab, click "Effects"
5. In the "Effects" dialog box, clear the check box in front of "Use transition effects for menus and tooltips" and click "OK" twice. button.
Method 2: When using the right mouse button to click on a file or directory, first use the left mouse button to select your target file or directory. Then use the right mouse button to pop up the shortcut menu.
Solution to CPU usage of 100
Generally, if the CPU usage is 100, our computer will always slow down, and many times we can solve it by making a few changes. , instead of asking those prawns.
When the machine slows down, the first thing we think of is of course the task manager to see which program accounts for the greater proportion. If it is a large program, it can be forgiven. After closing the program, as long as the CPU is normal, then there is no problem; if not, then you have to find out what the program is. When you can't find out what the process is, search on Google or Baidu. Sometimes just ending is useless. Under XP, we can combine the startup items in msconfig to turn off some unused items. Under 2000, you can go to the next winpatrol to use it.
Some commonly used software, such as browsers, occupy a lot of CPU, so we need to upgrade the software or simply replace it with other similar software. Sometimes the software and the system will be a little incompatible, of course we can Try the compatibility item given to us under the XP system, right-click the .exe file and select compatibility.
Svchost.exe is sometimes a headache. When you see that one of your svchost.exe takes up a lot of CPU, you can go to the next aports or fport to check its corresponding program path, that is What is using this svchost.exe? If it is not under c:\Windows\system32 (xp) or c:\winnt\system32 (2000), then it is suspicious. Update your anti-virus software.
We will also encounter 100 CPU usage caused by right-clicking a file. Sometimes right-clicking to pause may be the problem. Official explanation: First left-click to select, then right-click (I don’t quite understand).
Unofficial: Solved by right-clicking on the desktop-Properties-Appearance-Effects and unchecking "Use the following excessive effects (U) for menus and tooltips". There are also some anti-virus software that will also have an impact on file monitoring. You can turn off the file monitoring of the anti-virus software; the same is true for monitoring web pages, plug-ins, and emails.
Some drivers may sometimes experience this phenomenon. It is best to choose Microsoft-certified or officially released drivers to install. Sometimes you can upgrade the driver appropriately, but remember that the latest one is not the best.
CPU cooling software, because the software will use all CPU idle time to cool down when running, but Windows cannot distinguish the difference between ordinary CPU usage and the cooling instructions of the cooling software, so the CPU always displays 100, there is no need to worry about this, it will not affect normal system operation.
When processing larger word files, word’s spelling and grammar checking will tire the CPU. Just open Word’s Tools-Options-Spelling and Grammar and uncheck “Check Spelling and Check Grammar”.
The reason why the CPU usage is high after clicking the avi video file is because the system needs to scan the file first, check all parts of the file, and create an index; solution: right-click the folder where the video file is saved-Properties- General - Advanced, uncheck Allow Indexing Service to index this folder for faster searches.
CPU usage 100 case analysis
1. The dllhost process causes CPU usage 100
Features: The normal CPU consumption of the server should be below 75, and the CPU consumption It should be up and down. In a server with this problem, the CPU will suddenly be at the level of 100 and will not drop. Looking at the task manager, you can find that DLLHOST.EXE consumes all the CPU idle time. In this case, the administrator has to restart the IIS service. The strange thing is that everything is normal after restarting the IIS service, but it may take a while. After some time, the problem occurred again.
Direct reasons:
One or more ACCESS databases have been damaged during multiple reading and writing processes. When Microsoft's MDAC system writes this damaged ACCESS file, the ASP thread is in BLOCK state, as a result other threads can only wait, IIS is deadlocked, and all CPU time is consumed in DLLHOST.
Solution:
Install the "First-class Information Monitoring and Interception System" and use the "Chief File Inspector IIS Health Inspector" software,
Enable" "Find deadlock module", set:
--wblock=yes
To monitor the directory, please specify the directory where the file of your host is located:
-- wblockdir=d:\test
The file storage location of the log generated by monitoring is in the log directory of the installation directory. The file name is: logblock.htm
Stop IIS and then start "Chief" File Inspector IIS Health Checker", and then start IIS, the "Chief File Inspector IIS Health Checker" will record the last written ACCESS file in logblock.htm.
After a period of time, when a problem occurs, for example, the CPU will always be at the level of 100 again, you can stop IIS and check the last ten files recorded by logblock.htm. Note that the most problematic They are often counter ACCESS files, such as: "**COUNT.MDB", "**COUNT.ASP". You can first delete the last ten files or suspicious files to the Recycle Bin, and then start IIS. See if the problem reoccurs. We believe that after careful searching, you will definitely be able to find this file that has been worrying you for some time.
After finding this file, you can delete it, or download it, use ACCESS2000 to repair it, and the problem will be solved.
2. svchost.exe causes CPU usage to occupy 100
In the win.ini file, under [Windows], "run=" and "load=" may be loaded The paths of "Trojan horse" programs must be carefully watched. Under normal circumstances, there is nothing after their equal sign. If you find that the path and file name followed are not the startup files you are familiar with, your computer may be infected with a "Trojan horse". Of course, you have to look carefully, because many "Trojans", such as the "AOL Trojan Trojan", disguise themselves as the command.exe file. If you are not careful, you may not find that it is not the real system startup file.
In the system.ini file, there is "shell=file name" under [BOOT]. The correct file name should be "explorer.exe". If it is not "explorer.exe" but "shell= explorer.exe program name", then the program following it is a "Trojan horse" program, which means you have been infected. "Trojan horse".
The situation in the registry is the most complicated. Open the Registry Editor through the regedit command, and click to: "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" directory to view Are there any auto-start files that you are not familiar with in the key value, with the extension EXE? Remember here: some "Trojan horse" programs generate files that are very similar to the system's own files, and you want to get past it by pretending, such as "Acid Battery v1.0 Trojan ", which changes the Explorer key value under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" to Explorer="C:\Windows\expiorer.exe". The "Trojan horse" program is different from the real The only difference between Explorers is "i" and "l". Of course, there are many places in the registry where "Trojan horse" programs can be hidden, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft \Windows\CurrentVersion\Run" directory. The best way is to find the "Trojan horse" under "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run". This virus is also called "Code Red II (Code Red 2)" virus, which is somewhat contrary to the earlier "Code Red" virus that was popular in Western English systems, is known internationally as the VirtualRoot (virtual directory) virus. This worm exploits a known overflow vulnerability from Microsoft and passes through 80 port to spread to other web page servers. Hackers can run scripts/root.exe through Http Get requests to gain full control of the infected machine.
When infected. After the server is successfully installed, if the infected machine is a Chinese system, the program will sleep for 2 days, and other machines will sleep for 1 day. When the sleep time is up, the worm program will also cause the machine to restart. It will check whether the month of the machine is October or the year is 2002. If so, the infected server will also be restarted.
When the Windows NT system starts, the NT system will automatically search for the file explorer.exe in the root directory of drive C. The file explorer.exe on the server infected by the network worm program is the network worm program itself. The size of this file is 8192 bytes, and the VirtualRoot network worm program is executed through this program. At the same time, the VirtualRoot network worm program also copies the cmd.exe file from the system directory of Windows NT to other directories, opening the door to hackers' intrusion. It will also modify the system's registry items. Through the modification of the registry items, the worm program can create a virtual directory C or D, from which the virus name comes. It is worth mentioning that, except for the file explorer.exe, the rest of the operations of this network worm program are not file-based, but are infected and spread directly in the memory, which makes the capture more difficult.
"The file name of the program, and then search in the entire registry.
Let's first look at how Microsoft describes svchost.exe. In Microsoft Knowledge Base 314056 svchost.exe has the following description: svchost.exe is the common host process name of a service running from a dynamic link library (DLL).
In fact, svchost.exe is a core process of Windows XP system. exe not only appears in Windows XP, but also exists in Windows systems using the NT kernel. Generally, the number of svchost.exe processes in Windows 2000 is 2, while in Windows XP there are svchost.exe processes. The number has increased to 4 or more, so don’t worry so much if you see a few svchost.exe in the system’s process list.
What is svchost.exe used for?
First of all, we need to understand that the processes in the Windows system are divided into two types: independent processes and shared processes. Since there are more and more services in the Windows system, in order to save limited resources. System resources Microsoft has made many system services available in shared mode. So what role does svchost.exe play in this?
The job of svchost.exe is to serve as the host of these services. That is, svchost.exe starts these services. svchost.exe is only responsible for providing startup conditions for these services. It cannot implement any service functions by itself, nor can it provide any services to users by calling svchost.exe. Dynamic link library (DLL) method to start system services
Is there any reason to say that svchost.exe is a virus?
Because svchost.exe can serve as the host of the service. To start the service, virus and Trojan writers also try their best to use this feature of svchost.exe to confuse users to invade and destroy computers.
How to identify which ones are normal svchost.exe. processes, and which ones are virus processes?
The key value of svchost.exe is in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost", as shown in Figure 1. The key value represents an independent svchost.exe group.
Microsoft also provides us with a way to view the services that the system is running in the svchost.exe list.
Take Windows XP as an example: Enter: cmd in "Run", and then enter: tasklist /svc in the command line mode. The system lists the service list as shown in Figure 2. The area surrounded by the red box in Figure 2 is the list of services started by svchost.exe. If you are using a Windows 2000 system, replace the previous "tasklist /svc" command with: "tlist -s". If you suspect that your computer may be infected by a virus and the svchost.exe service is abnormal, you can find the abnormality by searching for the svchost.exe file. Generally, only one svchost.exe program will be found in the "C:\Windows\System32" directory. If you find the svchost.exe program in other directories, it is probably poisoned.
Another way to confirm whether svchost.exe is poisoned is to view the execution path of the process in the task manager. However, since the task manager that comes with the Windows system cannot view the process path, a third-party process viewing tool must be used.
The above briefly introduces the relevant situation of the svchost.exe process. All in all, svchost.exe is a core process of the system, not a virus process. However, due to the particularity of the svchost.exe process, viruses will also try their best to invade svchost.exe. You can confirm whether it is poisoned by checking the execution path of the svchost.exe process.
3. Services.exe causes CPU usage of 100
Symptoms
On Windows 2000-based computers, the CPU usage in Services.exe may Intermittently it reaches 100, and the computer may stop responding (hang). When this problem occurs, users who are connected to the computer (if it is a file server or domain controller) are disconnected. You may also need to restart your computer. This symptom occurs if Esent.dll incorrectly handles flushing files to disk.
Resolution
Service Pack Information
To resolve this issue, obtain the latest Microsoft Windows 2000 Service Pack. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 Service Pack
Hotfix information
p>
Microsoft has a supported hotfix available, but it is only intended to correct the problem that is described in this article. You should apply this hotfix only if your computer is experiencing the specific problem that is mentioned in this article. This patch may also undergo additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.
To resolve this issue immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services phone numbers and support fee information, visit the Microsoft Web site:
Note: In special cases, if a Microsoft support professional determines that a specific update can resolve an issue Your question may be answered without the usual telephone support fee. Normal support fees will apply for other support questions and matters that cannot be resolved by a specific update.
The following table lists the file attributes (or newer attributes) for the global version of this patch.
The dates and times for these files are listed in Coordinated Universal Time (UTC). When viewing file information, it is converted to local time. To find out the time difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Status
Microsoft has confirmed that this is a problem in the Microsoft products listed at the beginning of this article. This problem was originally corrected in Microsoft Windows 2000 Service Pack 4.
4. Normal software causes the CPU usage to occupy 100
First of all, if the above situation occurs from the time the computer is turned on until it is shut down. Then it may be caused by some software that logs in with the system at the same time. You can open the "System Utility Configuration Tool" by running and typing "msconfig" and enter the "Startup" tab. Then, uncheck the suspicious options one by one, and then restart the computer. Test again and again until you find the software causing the problem. Or you can achieve the above purpose through some optimization software such as "Optimization Master". Also: If the keys in the keyboard are stuck, it may also cause the above problem to occur when turning on the computer.
If this kind of problem occurs while using the computer, you can call up the task manager (WINXP CTRL ALT DEL WIN2000 CTRL SHIFT "ESC), enter the "Process" tab, look at the "CPU" column, and select Find programs that occupy higher resources (SYSTEM IDLE PROCESS is normal, its value is generally very high, its function is to tell you how much CPU resources are currently available, so the higher its value, the better) by searching Function to find which software this process belongs to. Then, the problem can be solved by upgrading, closing, uninstalling the software, or simply replacing it with a similar software.
5. Viruses, Trojans, and spyware cause CPU damage. Usage 100
The failure of CPU usage 100 is often caused by viruses and Trojans, such as the Sasser virus. You should first update the virus database and conduct a full computer scan, and then use anti-spyware. Software Ad—Aware, check whether there is spyware. Many friends on the forum have encountered svchost.exe occupying 100 CPUs. This is often a symptom of poisoning.
Svchost.exe is a system service in Windows. Implemented in the form of a dynamic link library (DLL), some of them will point the executable program to svchost.exe, which calls the dynamic link library of the corresponding service and adds the corresponding parameters to start the service. importance, making it easier to host some virus Trojans
6. The explorer.exe process causes the CPU usage to occupy 100
In the system.ini file, in [ BOOT] There is "shell=file name" below. The correct file name should be "explorer.exe". If it is not "explorer.exe", but "shell= explorer.exe program name", then the one that follows The program is a "Trojan horse" program, which means that you have been hit by a "Trojan horse".
The situation in the registry is the most complicated. Open the Registry Editor through the regedit command, and click to: "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" directory to view Are there any auto-start files that you are not familiar with in the key value, with the extension EXE? Remember here: some "Trojan horse" programs generate files that are very similar to the system's own files, and you want to get past it by pretending, such as "Acid Battery v1.0 Trojan ", which changes the
Explorer key value under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" to Explorer="C:\Windows\expiorer.exe", The only difference between the "Trojan" program and the real Explorer is "i" and "l". Of course, there are many places in the registry where "Trojan horse" programs can be hidden, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft \Windows\CurrentVersion\Run" directory. The best way is to find the file name of the "Trojan horse" program under "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", and then in the entire Just search in the registry.
7. Hyper-threading causes the CPU usage to occupy 100
The common reason for this type of failure is that they all use P4 CPUs with hyper-threading function. I've looked up some information but can't find a clear explanation for the reason. According to some netizens, hyper-threading seems to conflict with Skynet firewall, which can be solved by uninstalling Skynet and installing other firewalls, or by turning off the hyper-threading function in the BIOS.
8. AVI video files cause CPU usage to occupy 100
In Windows XP, after clicking a large AVI video file, the system may freeze and cause The utilization rate of the explorere.exe process is 100. This is because the system needs to scan the file first, check all parts of the file, and create an index. If the file is larger, it will take longer and cause the CPU usage to be 100. Solution: Right-click the folder where the video files are saved, select "Properties->General->Advanced", and remove the check box in front of "For quick search, allow the indexing service to index this folder" Can.
9. Anti-virus software CPU usage occupies 100
Nowadays anti-virus software generally has the function of real-time monitoring of web pages, emails, and personal privacy, which will undoubtedly increase the system burden. For example: when playing games, it will be very slow. Turning off the anti-virus software is the most direct solution.
10. The CPU usage is too high when processing large Word files
The above problems will generally cause the computer to freeze. These are caused by WORD's spelling and grammar checks. Just open WORD's "Tools - Options", enter the "Spelling and Grammar" tab, and uncheck the check boxes in front of "Check spelling as you type" and "Check grammar as you type".
11. The network connection causes the CPU usage to occupy 100
When your Windows2000/xp is used as a server, after receiving a connection request from port 445, the system will allocate memory and A small amount of CPU resources are used to service these connections. When the load is overloaded, the above situation will occur.
To solve this problem, you can solve it by modifying the registry. Open the registry, find HKEY-LOCAL-MACHNE\SYSTEM\CurrentControlSet\Services\lanmanserver, and create a new DWORD value named "maxworkitems" on the right. Then double-click the value , if your computer has more than 512 memory, set it to "1024"; if it is less than 512, set it to 256.
Some imperfect drivers can also cause high CPU usage
Frequent use of the standby function will also cause the system to automatically turn off the hard disk DMA mode. This will not only significantly reduce system performance and slow down the system startup speed, but will also cause the system to have a CPU usage of 100 and cause pauses when running some large-scale software and games.
Possible viruses when the process occupies 100 CPUs
system Idle Process
Process file: [system process] or [system process]
Process name: Windows memory processing system process
Description: Windows page memory management process, with level 0 priority.
Introduction: This process runs as a single thread on each processor and allocates processor time when the system is not processing other threads. The larger the CPU usage, the more CPU resources are available for allocation, and the smaller the number, the tighter the CPU resources.
Spoolsv.exe
Process file: spoolsv or Spoolsv.exe
Process name: Printer Spooler Service
Description: Windows printing task Control program to make the printer ready.
Introduction: The spooler service manages print and fax jobs in the buffer pool.
Spoolsv.exe→The printing task control program is usually loaded first to prepare the list machine for printing.
Spoolsv.exe, if it often increases, it may be caused by a virus infection. To
The most common ones currently are:
Backdoor/Byshell (also called invisible thief, invisible killer, Ximenqing virus)
Level of harm: medium
Affected systems: Windows 2000, Windows XP, Windows Server 2003
Unaffected systems: Windows 95, Windows 98, Windows Me, Windows NT, Windows 3.x, Macintosh, Unix, Linux,
Virus hazards:
1. Generate virus files
2. Insert into normal system files
3. Modify System registry
4. Can be remotely controlled by hackers
5. Avoid detection by anti-virus software
A simple backdoor Trojan that will delete its own program when it occurs , but insert its own program into an executable program (such as: exe), and hook it up to the computer's port (TCP port 138), monitor the computer's information, passwords, and even keyboard operations, as the return information, and from time to time Drive the port to wait for the incoming command. Since the Trojan cannot determine which port is the correct port, the list machine responsible for output is also its driver object, so Spoolsv.exe is used extremely frequently...
Backdoor.Win32.Plutor
Destruction method: backdoor program that infects PE files
The virus is written in VC.
The virus will behave as follows after running:
1. Copy the virus file to the WINDIR directory, the file name is "Spoolsv.exe", and run the virus file. After the "Spoolsv.exe" file is run, the file named "mscheck.exe" is released to the SYSDIR directory. The main function of this file is to run the "Spoolsv.exe" file each time it is activated. If the file being run is a virus file that has been infected with a normal file, the virus will recover the file and run it.
2. Modify the following key values ??in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run
Add data item: "Microsoft Script Checker "The data is: "MSCHECK.EXE /START"
Modify the registry so that the "MSCHECK.EXE" file will be run every time the system is activated, and "MSCHECK. EXE" is used to run the "Spoolsv.exe" file to achieve the purpose of self-activation of the virus.
3. Create a thread to infect PE files under the C drive, but files containing "winnt" and "Windows" strings in the file path are not infected. In addition, the virus will also enumerate shared directories in the LAN and try to infect files in these directories. The method of infecting files with this virus is relatively simple. It replaces the first 0x16000 bytes of the normal file with the data in the virus file, and inserts the original 0x16000 bytes of data?/tdgt;