sysrvce.exe using 99% cpu

Hello everyone,
I have a server running win2k server and had restarted on its own somehow over the weekend. Now the network is extrememly slow.
In taskmanager I see that sysrvce.exe is using almost all of the cpu time. I rebooted to see if it would clear and it did not. In task manager, I select it to end process and it won't let me saying, "access denied". Does anybody know what this program is and how do I get it to shut off and/or not use the whole cpu time? I can't seem to find out any info on sysrvce. Thanks.
DwayneWAsked:
Who is Participating?
 
blue_zeeCommented:
Get Ad-Aware 6.0, Build 181 or later, here:
http://www.lavasoftusa.com/support/download/. Update and run this regularly to get rid of most "spyware/hijackware" on your machine. If it has to fix things, be sure to re-boot and rerun AdAware again and repeat this cycle until you get a clean scan. The reason is that it may have to remove things which are currently "in use" before it can then clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy available here:
http://security.kolla.de/
I recommend using both normally.
After fixing things with SpyBot S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until you get a clean "no red" scan. The reason is that SpyBot sometimes has to remove things which are currently "in use" before it can then clean up others.

Once you get this cleaned up, you might want to consider installing the SpywareBlaster and SpywareGuard here to help prevent this kind of thing from happening in the future:

http://www.wilderssecurity.com/spywareblaster.html
Prevents malware Active X installs.
SpyWare Blaster is not memory resident ... no CPU or memory load - but keep it updated.
The latest version as of this writing will prevent installation or prevent the malware from running if it is already installed, and it provides information and fixit-links for a variety of parasites.

http://www.wilderssecurity.net/spywareguard.html
Monitors for attempts to install malware.

Both very highly recommended.

Zee


0
 
nchristy0Commented:
When you say server, is it an actual server or is a PC designated as a server?  If it is a PC designated as a server, and you are running high speed internet through that PC it is not equiped to share that internet.  This is my assumption and I may be off line, but if it fits this is your problem

High Speed Internet is designed to be shared through a router, not through a PC attatched to a hub.  If this is the case you need to purchase a router.  Even though you have a server O/S installed, the sysrvc.exe is the process that is attempting to route that internet connection.

If this is not the case, best thing to do is run virus scan on the server.  It may not be a virus however, it could be a O/S service that has its hands full.  If that is the case, check the amount of RAM and processor power verse what it is trying to accomplish.  In other words if you have a program running that requires more RAM than you have, or if you have a resource intensive program with little clock speed.

hope this helps
0
 
DwayneWAuthor Commented:
I do have a designated server that is connected to a hub. The broadband comes into a router which goes to the hub also.
This came about all of a sudden. I don't know what service it's trying to run, but I can't end the process manually.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
DwayneWAuthor Commented:
Many programs around the network are "not reponding", but do not totally lock up. If they wait then the program will resume. Could this be a result of the server being "tied up" with this other program? This network is crawling.
0
 
DwayneWAuthor Commented:
I'm trying to use Ad aware, but with the cpu usage from this other program holding at 99% +, it is going very slow. So far it has been an hour and isn't done yet.
0
 
blue_zeeCommented:

>>So far it has been an hour and isn't done yet.<<

Ouch!!!

Amazing...

I have no idea what it is.

Zee
0
 
AscendedGuardCommented:
Heres what you can do:

End the process (I'm assuming you know how because you know how much CPU Usage there is)

If nothing bad happens in windows, you can probably get rid of it.
Open the registry. (Run -> regedit)

Search the registry for sysrvce.exe, and delete it from the registry.
Also you can do a file search across the system for sysrvce.exe and delete that as well.

Most of these programs are explotation programs that attempt to connect you to someone else in an attempt to open the security on your system.
0
 
jvuzCommented:
Boot in safe mode and launch Adaware.
0
 
nchristy0Commented:
AscendedGuard,

did you read his post?  The O/S has designated that process as critical and he can not kill it.
And you definitially dont want to delete sysrvce.exe from the registry, bc there are soo many actual system processes that use the name sysrvce.exe
Follow what jvuz says, boot in safe mode and use Adaware
0
 
DwayneWAuthor Commented:
Yeah, I knew not to delete something like that from the registry. I am going to try safe mode in a while. Symantec thinks it's a virus somewhere and need to send them the file to review, if I can get through the search command..which has been running for about 40 min now.
Thanks for checking!
0
 
blue_zeeCommented:

What a pain...

I'm sorry for you.
:-(

Zee
0
 
DwayneWAuthor Commented:
Got into safe mode and ran a virus scan (clean) and adaware(only a couple of things but nothing to change).
I searched for this file and came up empty, I searched through regedit and found it to be in..HKEY_CURRENT_USER\software\microsoft\interneteplorer\ExplorerBars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1}.
Rebooted and same problem existed. I could hear the thing start chugging (for lack of a better word!) as soon as I got to the log in screen.

Advil has been working for me, maybe I should throw a couple in the server! ha
0
 
blue_zeeCommented:

Download, install and run (FIX) Cool Web Shredder:

http://www.zerosrealm.com/downloads/CWShredder.zip
http://radiosplace.com/
http://computercops.biz/downloads-cat-14.html

If that doesn't do it, try ToolbarCop:

http://www.mvps.org/sramesh2k/toolbarcop.htm

You could also try backing up your registry and deleting the string or the entry.

Zee
 
0
 
DwayneWAuthor Commented:
I really appreciate the input and suggestions here! After talking with Symantec for the 4th time, they directed me to www.sysinternals.com. There is freeware that can monitor process like task manager except that it shows much more; especially programs associated with the processes and paths. I used this and found that there was a program that is corrupted that is run off of the server. This program (procexpnt.zip) is great. It not only identified the culprit, but also allowed me to kill or suspend it. When I suspended it, the cpu usage dropped like a rock. I would suggest that anyone check out this site for other types of programs! It may not be new to others, but I'm sold on it. Thanks to all!!

DwayneW
0
 
DwayneWAuthor Commented:
I split the points just for the fact that both helped me, even though I luckily solved it myself. Your inputs have led me to gain more insight.
I hope you think it's fair. Thanks again you all!
0
 
blue_zeeCommented:

Dwayne,

Yup, fair enough no doubt.

Thanks for your comments and I'm really glad you found your way out of this.

And, yes I already know and use Process Explorer...

Never came to mind!
:-(

Thanks again.

Zee
0
 
nchristy0Commented:
Dwayne,

Fair way of doing it!  Glad that you found a resolution.  Hadn't used the program before but I have heard about it, i will have to check it out.

Thanks,

Nick
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.