Solved

Tracerpt.exe consumed 60GB (!) of virtual memory

Posted on 2016-10-31
5
76 Views
Last Modified: 2016-11-07
A PC froze and found this in the event logs.
Event ID 2004
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: tracerpt.exe (43376) consumed 60695384064 bytes...

I set up perfmon monitoring on a few PCs a few weeks ago. It is set to re-start everyday at 12AM. Have not had any issues with it until this.
This event also has not occurred at any other time other than when the PC froze.

I am only collecting these under Performance Counters
\Memory\% Committed Bytes in Use
\Memory\Available MBytes
\Process(*)\% Privileged Time
\Process(*)\% Processor Time
\Process(*)\% User Time

Any idea how tracerpt.exe grew so large and how I could stop it from happening again?

If I delete the 'NT Kernel' Trace monitor from collection, would it help?
0
Comment
Question by:SeeDk
  • 3
5 Comments
 

Expert Comment

by:Arion Sejdia
ID: 41866904
Tracerpt.exe is a commonly used name for malicious pieces of code.

Boot into Safe Mode (Press F8 continuously on startup)
Use an Anti-Virus in safe mode, Malwarebytes is a good one.

If it keeps freezing, you might have to take it in for repairs.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 41866967
The genuine tracerpt.exe has to scan the event log. There might be an issue with the event log, but in any case it is a bug I would monitor further for.
On the other hand, if you are not aware of any event log monitoring, why should it run at first place?
0
 

Author Comment

by:SeeDk
ID: 41867066
@Arion
I set up Performance Monitoring (perfmon) on this PC, so it's likely to be related to that rather than a virus. I can check to make sure but perfmon seems to be the issue here. I have it paused now so if it runs again on its own, i'll know it is something else.
https://technet.microsoft.com/en-us/library/cc732700(WS.10).aspx

@Qlemo
I am aware of monitoring. That is why I mentioned in the first post that I enabled perfmon on this PC.
It is set to run at all hours of the day gathering the process info that I listed.
Its only been enabled since last Monday, but it gave me no issues until today.
0
 

Accepted Solution

by:
SeeDk earned 0 total points
ID: 41870479
I think this is resolved now.
The tracerpt.exe process is only started when perfmon has finished collecting data and compiles the information to generate a report. It must have encountered an error while compiling which led to that memory usage.
For my purposes, i don't need the report and can work with only the .blg file.

I disabled the reporting from the Data Manager tab and it has run smoothly the past few days.
No trace (ha!) of the tracerpt.exe process running on the PCs while perfmon is collecting data.
0
 

Author Closing Comment

by:SeeDk
ID: 41876878
found the solution on my own
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
save browser passwords 11 73
rajdeep0081@hotmail.com 3 73
Windows icons complete gone 8 32
Malware infection with local user rights? 6 34
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
An article on effective troubleshooting
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question