Re: High CPU usage in explorer.exe / ntdll.dll

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Gerry Cornell" <gcjc@xxxxxxxxxxxxxx>
Date: Fri, 17 Mar 2006 12:29:39 -0000

A thought. Are you sure it is ntdll.dll? Where is the ntdll.dll shown as
being
located when seen in Process Explorer?

Go to Start, Control Panel, Folder Options, View, Advanced Settings and
verify that the box before "Show hidden files and folders" is checked and
"Hide protected operating system files " is unchecked. You may need to
scroll down to see the second item. You should also make certain that the
box before "Hide extensions for known file types" is not checked. Next in
Windows Explorer make sure View, Details is selected and then select
View, Choose Details and check before Name, Type, Total Size, and
Free Space.

Now using Windows Explorer search for "ntdll.exe". If you get a result
you are most likely looking at a worm. The normal windows file is
ntdll.dll!

Otherwise are you getting any Warnings / Error Reports in Event Viewer

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

<Pathogenix@xxxxxxxxx> wrote in message
news:1142590659.825273.102850@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi, I'm having persistent high-cpu usage problems with explorer.exe -
the process slowly creeps up until it eats all the available resources,
the problem is intermittent and I can't find any obvious causes.

Process Explorer shows that ntdll is the thread responsible; restarting
explorer.exe provides a temporary fix. Interestingly, when I tried to
view the stack for ntdll (out of idle curiosity), the machine hung
badly, and when I killed process explorer my CPU usage flatlined again.

Currently running Windows XP SP 2.0 with all patches applies, the
machine checks out clean for malware. Any suggestions?

Follow-Ups:
- Re: High CPU usage in explorer.exe / ntdll.dll
  - From: Pathogenix

References:
- High CPU usage in explorer.exe / ntdll.dll
  - From: Pathogenix

Prev by Date: SP2 windows 2K causing grief
Next by Date: Re: System Restore Won't Work-HijackThis File Log
Previous by thread: High CPU usage in explorer.exe / ntdll.dll
Next by thread: Re: High CPU usage in explorer.exe / ntdll.dll
Index(es):
- Date
- Thread

Relevant Pages

Re: Explorer Vaporization
... > system and was copying it from a slow SAN drive to a ... i.e. Windows Explorer was not even able ... The OS was probably still writing the file. ... tool like process explorer to check which process has a ...
(microsoft.public.sqlserver.server)
Re: Explorer Vaporization
... i.e. there were no locks on it. ... >> system and was copying it from a slow SAN drive to a ... i.e. Windows Explorer was not even able ...
(microsoft.public.sqlserver.server)
Re: big iis/asp upload problem
... download a program called Process Explorer. ... > through Windows Explorer. ... > contents first and then deleting the folder works as well. ...
(microsoft.public.inetserver.iis.security)
Re: Programs accessing crl.verisign.com
... I believe that it is not the actual programs such as Process Explorer ... trying to connect to verisign, but is in fact Windows Explorer itself. ... > I have noticed many programs trying to access the verisign site so I ...
(comp.security.firewalls)
Re: Cant delete folder!!! (Xere Inc)
... Explorer is configured to show hidden and system folders/files for the ... Free tools from SysInternals such as Process Explorer Autoruns and can help ... You also should scan for spyware and malware in Safe Mode being sure ... "Cannot rename New Folder: A file with the name you specified already ...
(microsoft.public.windowsxp.security_admin)