Solved

CPU 100% at around 5pm everyday

Posted on 2008-06-19
21
764 Views
Last Modified: 2012-05-05
Hi all,

I have been using my work laptop for 3 years and only in the last couple of days the CPU usage goes to 100% everyday at around 5pm.  I use Eset NOD32 and performs full scans every other day without finding any issues.  It would appear that I have a trojan horse of some sort.  How do I find this and remove it?

This is very bad and I need help immediately.

Thanks in advance,

Rick
0
Comment
Question by:rweiser
  • 6
  • 5
  • 2
  • +8
21 Comments
 
LVL 17

Expert Comment

by:Andres Perales
Comment Utility
I would backup all your personal data and just reinstall you os and applications.  Safest bet...and three year without an reinstall is a long time...just my 2 cents.
0
 
LVL 9

Expert Comment

by:authen-tech
Comment Utility
Do a memory check to see if you have a memory leak.  Also check taskmanager process list when it is maxed out to see what could be happening.  I've seen automatic updates being turned on cause this sort of thing too.

0
 
LVL 5

Expert Comment

by:sadburger
Comment Utility
Try using the SysInternals program Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

This will show you all of the processes that are running on your system, including the cpu usage and the individual threads for each process. You can also use the process monitor application from the same company to see all of the registry settings that are being utilized by each process. Have this running when your CPU spikes and you will be able to see exactly what is going on.
0
 

Author Comment

by:rweiser
Comment Utility
I have task manager open but the CPU usage is spreadout over all of my opened applications.  This is a work laptop and to reinstall the OS is not an option as it would take me days to reinstall with all the applications that I run.

How do I check for a memory leak?

any other suggestions?
0
 
LVL 27

Expert Comment

by:David-Howard
Comment Utility
First of all, I am agreeing with Peralesa on the three year OS. Your system is most likely ready for an OS refresh. That said, have you performed the scans you mentioned in Safe Mode?
To use a Safe Boot option, follow these steps:
1. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
2. Select an option when the Windows Advanced Options menu appears, and then press ENTER.
3. When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Now, you should also check your Task Manager when your CPU hits 100%. It may take a while for Task Manager to open as your CPU is pegged.
http://www.updatexp.com/windows-xp-task-manager.html
To access Task Manager, right click any open area on your task bar and select Task Manager. From here, select the Processes tab. Now select the Mem Usage area (far right of the Task Manager screen). By clicking this tab you can alternate between the processes that are using the least and most amount of memory. Find the process that is causing the CPU to spike, record the name and research on Google, etc. By highlighting the process and clicking the End Task button you should be able to kill the process that is using all of your CPU resources.
If not, you may have some malicious software installed.
If this is happening at the same time every day, you  may want to launch Task Manager just prior to 5PM. I'm assuming that you don't have software such as anti-virus, etc. that is set to do a system scan at 5PM.
David
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
As your CPU usage is 'spread', and a reinstall is not a good option, i would try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk/virusscanner

For Malware follow that with Superantispyware:                        
http://www.superantispyware.com/

If unresolved, try HijackThis so that we can view the logfile in search of a nasty.
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
The System Restore folder can also be the cause of high CPU usage.   As long as your machine is stable in all other ways, you could temporarily disable System Restore, then re-enable it to remove any possibility of a bloated System Restore folder.  A second advantage is that the action would clean out any possible virus in this folder.  
Details>http://www.pchell.com/virus/systemrestore.shtml

"How antivirus software and System Restore work together":
http://support.microsoft.com/?kbid=831829

Information if you decide to run HijackThis 2.02:
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

The technique is to create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach File" box, paste the logfile into the "Add File" page & there we can view it.
0
 
LVL 32

Expert Comment

by:r-k
Comment Utility
How long does the CPU usage stay at 100% after 5 PM?

Check the scheduled tasks (Control panel -> Scheduled Tasks) to see if anything is scheduled around that time.

Download and run Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) at the time CPU usage is at 100%. It is a bit like Task Manager but shows a lot more detail about which process is using the CPU time. In particular check the CPU time used by "hardware interrupts".
0
 

Expert Comment

by:tolekttb
Comment Utility
just like r-k mentioned this seems as a scheduled task,
not sure if a trojen or virus would do such a thing.

Check your anti virus scans schedule time?

But easiest way -->l open task manager and find out what task is chewing up your resources,
get the task name and google it or post it here to find more about its origins.


0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
to me def sounds like you have either a system back, or a background virus scan occurring.

if you cant do a reinstall though have you considered doing a repair install to see if that resolves it though?

wont touch your apps and will just refresh the OS
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 23

Expert Comment

by:phototropic
Comment Utility
Does event viewer (type eventvwr.msc in the run box) show anything at this time every day?
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
On the off chance, are you running a Norton/Symantec AV as well as the NOD32 (HijackThis would have indicated your status)?  
If yes, you could temporarily disable it & see if that was the 5:00 pm culprit.
0
 

Author Comment

by:rweiser
Comment Utility
Jonvee,

Things have changed slightly.  Now, the system is slowing down at what appears to be random times.  Today it was around 10:45am.  I have run the 2 scans that you suggested and the only threat detected is a program called Remote Adminitrator.  This is a program that we use at work to get into other VMWare servers remotely.  Unless something attached itself to the program I don't see this as being a problem.

I have also run HiJackThis and have attached the results.

thanks for your help,

Rick
hijackthis.log
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Good, can now analyse your logfile ok!
The HijackThis analysis indicates that these next four entries are unknown processes.   You may well recognise them but if you don't, suggest you get HijackThis Fix them>

O16 - DPF: {2D0CBE69-DAFC-11D3-96D2-0020182E2E27} - http://multivideoconferencia.sarenet.es/comun/download/wcf_pc_25002-ipsystem.cab
O16 - DPF: {A33E22EE-6612-4D59-8599-3EBC3E0BA0AF} (dbPrint.dbPrintWorks) - https://www.weiseronline.net/sbpf/dbPrint.CAB

D:\Program Files\DesignBais System Manager\pooler\pooler.exe
D:\Program Files\DesignBais System Manager\dbservice.exe

Found this link>
"dbservice.exe information":
http://www.runscanner.net/files/exe/dbservice/dbservice.exe.aspx

Have to logoff for a few hours, will re-examine your logfile later ...
0
 
LVL 3

Expert Comment

by:swappedsr
Comment Utility
Please post the process eating up the cpu at that time.  If you go into task manager, click on the processes tab and sort by cpu and note the offending process so we can take a look.
0
 
LVL 3

Expert Comment

by:swappedsr
Comment Utility
I have also seen automatic updates do this on one of my client machines at work.  
0
 

Author Comment

by:rweiser
Comment Utility
Like I said previously.  The processes that take the CPU are the normal processes that I have open (ie, Outlook, Word, etc).  If I close the one that takes the most CPU usage then another process takes its place.  Listing them here will not help.

If automatic updates did cause this, then how do I fix the problem?

Are there any other suggestions?

Rick
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 500 total points
Comment Utility
Rick,
The thread is getting quite lengthy and i'm not sure if this has already been mentioned, but another option is to try disabling Automatic Updates to see if this resolves any svchost.exe issues.
If it does, follow the steps documented here which involves using dial-a-fix.  It will perform a number of steps such as flushing the SoftwareDistribution files, and re-registering the Windows Update dlls>
"100% CPU Usage by svchost and Windows Update":
http://wiki.mundy.com.au/Windows/Windows_Update/100%25_CPU_Usage_by_svchost_and_Windows_Update

Details>
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_23458494.html#a21747852

Will re-scrutinise the details above ...
0
 

Author Comment

by:rweiser
Comment Utility
Hmmm, I will give this a try and let you know.

Rick
0
 

Author Comment

by:rweiser
Comment Utility
Jonvee,

It appears that the problem was related to the Windows Update.  I ran your suggested link and haven't had a problem.  Before I close this issue, I want to run the computer for another week or so to see if the problem has been completely resolved.

Thanks,

Rick
0
 
LVL 27

Expert Comment

by:Jonvee
Comment Utility
Presume the problem was resolved, which is good!     Thank you.    
Jonvee.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now