Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

sysrvce.exe using 99% cpu

Posted on 2004-03-29
17
Medium Priority
?
349 Views
Last Modified: 2008-03-10
Hello everyone,
I have a server running win2k server and had restarted on its own somehow over the weekend. Now the network is extrememly slow.
In taskmanager I see that sysrvce.exe is using almost all of the cpu time. I rebooted to see if it would clear and it did not. In task manager, I select it to end process and it won't let me saying, "access denied". Does anybody know what this program is and how do I get it to shut off and/or not use the whole cpu time? I can't seem to find out any info on sysrvce. Thanks.
0
Comment
Question by:DwayneW
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +2
17 Comments
 
LVL 1

Assisted Solution

by:nchristy0
nchristy0 earned 75 total points
ID: 10707860
When you say server, is it an actual server or is a PC designated as a server?  If it is a PC designated as a server, and you are running high speed internet through that PC it is not equiped to share that internet.  This is my assumption and I may be off line, but if it fits this is your problem

High Speed Internet is designed to be shared through a router, not through a PC attatched to a hub.  If this is the case you need to purchase a router.  Even though you have a server O/S installed, the sysrvc.exe is the process that is attempting to route that internet connection.

If this is not the case, best thing to do is run virus scan on the server.  It may not be a virus however, it could be a O/S service that has its hands full.  If that is the case, check the amount of RAM and processor power verse what it is trying to accomplish.  In other words if you have a program running that requires more RAM than you have, or if you have a resource intensive program with little clock speed.

hope this helps
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 300 total points
ID: 10707888
Get Ad-Aware 6.0, Build 181 or later, here:
http://www.lavasoftusa.com/support/download/. Update and run this regularly to get rid of most "spyware/hijackware" on your machine. If it has to fix things, be sure to re-boot and rerun AdAware again and repeat this cycle until you get a clean scan. The reason is that it may have to remove things which are currently "in use" before it can then clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy available here:
http://security.kolla.de/
I recommend using both normally.
After fixing things with SpyBot S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until you get a clean "no red" scan. The reason is that SpyBot sometimes has to remove things which are currently "in use" before it can then clean up others.

Once you get this cleaned up, you might want to consider installing the SpywareBlaster and SpywareGuard here to help prevent this kind of thing from happening in the future:

http://www.wilderssecurity.com/spywareblaster.html
Prevents malware Active X installs.
SpyWare Blaster is not memory resident ... no CPU or memory load - but keep it updated.
The latest version as of this writing will prevent installation or prevent the malware from running if it is already installed, and it provides information and fixit-links for a variety of parasites.

http://www.wilderssecurity.net/spywareguard.html
Monitors for attempts to install malware.

Both very highly recommended.

Zee


0
 

Author Comment

by:DwayneW
ID: 10707950
I do have a designated server that is connected to a hub. The broadband comes into a router which goes to the hub also.
This came about all of a sudden. I don't know what service it's trying to run, but I can't end the process manually.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DwayneW
ID: 10708319
Many programs around the network are "not reponding", but do not totally lock up. If they wait then the program will resume. Could this be a result of the server being "tied up" with this other program? This network is crawling.
0
 

Author Comment

by:DwayneW
ID: 10708998
I'm trying to use Ad aware, but with the cpu usage from this other program holding at 99% +, it is going very slow. So far it has been an hour and isn't done yet.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 10709025

>>So far it has been an hour and isn't done yet.<<

Ouch!!!

Amazing...

I have no idea what it is.

Zee
0
 

Expert Comment

by:AscendedGuard
ID: 10710545
Heres what you can do:

End the process (I'm assuming you know how because you know how much CPU Usage there is)

If nothing bad happens in windows, you can probably get rid of it.
Open the registry. (Run -> regedit)

Search the registry for sysrvce.exe, and delete it from the registry.
Also you can do a file search across the system for sysrvce.exe and delete that as well.

Most of these programs are explotation programs that attempt to connect you to someone else in an attempt to open the security on your system.
0
 
LVL 21

Expert Comment

by:jvuz
ID: 10711045
Boot in safe mode and launch Adaware.
0
 
LVL 1

Expert Comment

by:nchristy0
ID: 10713720
AscendedGuard,

did you read his post?  The O/S has designated that process as critical and he can not kill it.
And you definitially dont want to delete sysrvce.exe from the registry, bc there are soo many actual system processes that use the name sysrvce.exe
Follow what jvuz says, boot in safe mode and use Adaware
0
 

Author Comment

by:DwayneW
ID: 10715026
Yeah, I knew not to delete something like that from the registry. I am going to try safe mode in a while. Symantec thinks it's a virus somewhere and need to send them the file to review, if I can get through the search command..which has been running for about 40 min now.
Thanks for checking!
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 10715951

What a pain...

I'm sorry for you.
:-(

Zee
0
 

Author Comment

by:DwayneW
ID: 10716585
Got into safe mode and ran a virus scan (clean) and adaware(only a couple of things but nothing to change).
I searched for this file and came up empty, I searched through regedit and found it to be in..HKEY_CURRENT_USER\software\microsoft\interneteplorer\ExplorerBars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1}.
Rebooted and same problem existed. I could hear the thing start chugging (for lack of a better word!) as soon as I got to the log in screen.

Advil has been working for me, maybe I should throw a couple in the server! ha
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 10717663

Download, install and run (FIX) Cool Web Shredder:

http://www.zerosrealm.com/downloads/CWShredder.zip
http://radiosplace.com/
http://computercops.biz/downloads-cat-14.html

If that doesn't do it, try ToolbarCop:

http://www.mvps.org/sramesh2k/toolbarcop.htm

You could also try backing up your registry and deleting the string or the entry.

Zee
 
0
 

Author Comment

by:DwayneW
ID: 10718613
I really appreciate the input and suggestions here! After talking with Symantec for the 4th time, they directed me to www.sysinternals.com. There is freeware that can monitor process like task manager except that it shows much more; especially programs associated with the processes and paths. I used this and found that there was a program that is corrupted that is run off of the server. This program (procexpnt.zip) is great. It not only identified the culprit, but also allowed me to kill or suspend it. When I suspended it, the cpu usage dropped like a rock. I would suggest that anyone check out this site for other types of programs! It may not be new to others, but I'm sold on it. Thanks to all!!

DwayneW
0
 

Author Comment

by:DwayneW
ID: 10718664
I split the points just for the fact that both helped me, even though I luckily solved it myself. Your inputs have led me to gain more insight.
I hope you think it's fair. Thanks again you all!
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 10718857

Dwayne,

Yup, fair enough no doubt.

Thanks for your comments and I'm really glad you found your way out of this.

And, yes I already know and use Process Explorer...

Never came to mind!
:-(

Thanks again.

Zee
0
 
LVL 1

Expert Comment

by:nchristy0
ID: 10720297
Dwayne,

Fair way of doing it!  Glad that you found a resolution.  Hadn't used the program before but I have heard about it, i will have to check it out.

Thanks,

Nick
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question