Solved

Tracerpt.exe consumed 60GB (!) of virtual memory

Posted on 2016-10-31
5
139 Views
Last Modified: 2016-11-07
A PC froze and found this in the event logs.
Event ID 2004
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: tracerpt.exe (43376) consumed 60695384064 bytes...

I set up perfmon monitoring on a few PCs a few weeks ago. It is set to re-start everyday at 12AM. Have not had any issues with it until this.
This event also has not occurred at any other time other than when the PC froze.

I am only collecting these under Performance Counters
\Memory\% Committed Bytes in Use
\Memory\Available MBytes
\Process(*)\% Privileged Time
\Process(*)\% Processor Time
\Process(*)\% User Time

Any idea how tracerpt.exe grew so large and how I could stop it from happening again?

If I delete the 'NT Kernel' Trace monitor from collection, would it help?
0
Comment
Question by:SeeDk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 

Expert Comment

by:Arion Sejdia
ID: 41866904
Tracerpt.exe is a commonly used name for malicious pieces of code.

Boot into Safe Mode (Press F8 continuously on startup)
Use an Anti-Virus in safe mode, Malwarebytes is a good one.

If it keeps freezing, you might have to take it in for repairs.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41866967
The genuine tracerpt.exe has to scan the event log. There might be an issue with the event log, but in any case it is a bug I would monitor further for.
On the other hand, if you are not aware of any event log monitoring, why should it run at first place?
0
 

Author Comment

by:SeeDk
ID: 41867066
@Arion
I set up Performance Monitoring (perfmon) on this PC, so it's likely to be related to that rather than a virus. I can check to make sure but perfmon seems to be the issue here. I have it paused now so if it runs again on its own, i'll know it is something else.
https://technet.microsoft.com/en-us/library/cc732700(WS.10).aspx

@Qlemo
I am aware of monitoring. That is why I mentioned in the first post that I enabled perfmon on this PC.
It is set to run at all hours of the day gathering the process info that I listed.
Its only been enabled since last Monday, but it gave me no issues until today.
0
 

Accepted Solution

by:
SeeDk earned 0 total points
ID: 41870479
I think this is resolved now.
The tracerpt.exe process is only started when perfmon has finished collecting data and compiles the information to generate a report. It must have encountered an error while compiling which led to that memory usage.
For my purposes, i don't need the report and can work with only the .blg file.

I disabled the reporting from the Data Manager tab and it has run smoothly the past few days.
No trace (ha!) of the tracerpt.exe process running on the PCs while perfmon is collecting data.
0
 

Author Closing Comment

by:SeeDk
ID: 41876878
found the solution on my own
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question