Link to home
Start Free TrialLog in
Avatar of DwayneW
DwayneW

asked on

sysrvce.exe using 99% cpu

Hello everyone,
I have a server running win2k server and had restarted on its own somehow over the weekend. Now the network is extrememly slow.
In taskmanager I see that sysrvce.exe is using almost all of the cpu time. I rebooted to see if it would clear and it did not. In task manager, I select it to end process and it won't let me saying, "access denied". Does anybody know what this program is and how do I get it to shut off and/or not use the whole cpu time? I can't seem to find out any info on sysrvce. Thanks.
SOLUTION
Avatar of nchristy0
nchristy0

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DwayneW
DwayneW

ASKER

I do have a designated server that is connected to a hub. The broadband comes into a router which goes to the hub also.
This came about all of a sudden. I don't know what service it's trying to run, but I can't end the process manually.
Avatar of DwayneW

ASKER

Many programs around the network are "not reponding", but do not totally lock up. If they wait then the program will resume. Could this be a result of the server being "tied up" with this other program? This network is crawling.
Avatar of DwayneW

ASKER

I'm trying to use Ad aware, but with the cpu usage from this other program holding at 99% +, it is going very slow. So far it has been an hour and isn't done yet.

>>So far it has been an hour and isn't done yet.<<

Ouch!!!

Amazing...

I have no idea what it is.

Zee
Heres what you can do:

End the process (I'm assuming you know how because you know how much CPU Usage there is)

If nothing bad happens in windows, you can probably get rid of it.
Open the registry. (Run -> regedit)

Search the registry for sysrvce.exe, and delete it from the registry.
Also you can do a file search across the system for sysrvce.exe and delete that as well.

Most of these programs are explotation programs that attempt to connect you to someone else in an attempt to open the security on your system.
Boot in safe mode and launch Adaware.
AscendedGuard,

did you read his post?  The O/S has designated that process as critical and he can not kill it.
And you definitially dont want to delete sysrvce.exe from the registry, bc there are soo many actual system processes that use the name sysrvce.exe
Follow what jvuz says, boot in safe mode and use Adaware
Avatar of DwayneW

ASKER

Yeah, I knew not to delete something like that from the registry. I am going to try safe mode in a while. Symantec thinks it's a virus somewhere and need to send them the file to review, if I can get through the search command..which has been running for about 40 min now.
Thanks for checking!

What a pain...

I'm sorry for you.
:-(

Zee
Avatar of DwayneW

ASKER

Got into safe mode and ran a virus scan (clean) and adaware(only a couple of things but nothing to change).
I searched for this file and came up empty, I searched through regedit and found it to be in..HKEY_CURRENT_USER\software\microsoft\interneteplorer\ExplorerBars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1}.
Rebooted and same problem existed. I could hear the thing start chugging (for lack of a better word!) as soon as I got to the log in screen.

Advil has been working for me, maybe I should throw a couple in the server! ha

Download, install and run (FIX) Cool Web Shredder:

http://www.zerosrealm.com/downloads/CWShredder.zip
http://radiosplace.com/
http://computercops.biz/downloads-cat-14.html

If that doesn't do it, try ToolbarCop:

http://www.mvps.org/sramesh2k/toolbarcop.htm

You could also try backing up your registry and deleting the string or the entry.

Zee
 
Avatar of DwayneW

ASKER

I really appreciate the input and suggestions here! After talking with Symantec for the 4th time, they directed me to www.sysinternals.com. There is freeware that can monitor process like task manager except that it shows much more; especially programs associated with the processes and paths. I used this and found that there was a program that is corrupted that is run off of the server. This program (procexpnt.zip) is great. It not only identified the culprit, but also allowed me to kill or suspend it. When I suspended it, the cpu usage dropped like a rock. I would suggest that anyone check out this site for other types of programs! It may not be new to others, but I'm sold on it. Thanks to all!!

DwayneW
Avatar of DwayneW

ASKER

I split the points just for the fact that both helped me, even though I luckily solved it myself. Your inputs have led me to gain more insight.
I hope you think it's fair. Thanks again you all!

Dwayne,

Yup, fair enough no doubt.

Thanks for your comments and I'm really glad you found your way out of this.

And, yes I already know and use Process Explorer...

Never came to mind!
:-(

Thanks again.

Zee
Dwayne,

Fair way of doing it!  Glad that you found a resolution.  Hadn't used the program before but I have heard about it, i will have to check it out.

Thanks,

Nick