Re: Getting Urgent svchost = 99% cpu
From: Frank McCallister SBS MVP (anonymous)
Date: 10/06/04
- Next message: Joel Robinson: "Re: RWW/OWA"
- Previous message: Gordon Ryan: "Re: Export Policies and import to other server"
- In reply to: Nathan Rixham: "Getting Urgent svchost = 99% cpu"
- Next in thread: Nathan Rixham: "Re: Getting Urgent svchost = 99% cpu"
- Reply: Nathan Rixham: "Re: Getting Urgent svchost = 99% cpu"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 6 Oct 2004 07:30:55 -0500
Hi Nathan
You are infected! dmserver is BAD. Google for info on it.
http://www.pestpatrol.com/pestinfo/c/comet_dmserver.asp
-- Frank McCallister SBS MVP COMPUMAC "Nathan Rixham" <nrixham@hotmail.com> wrote in message news:eN%23pmh4qEHA.708@tk2msftngp13.phx.gbl... > Repost from yesterday, but the matter is getting urgent now and i need new > light shed! > > I've got a process svchost.exe [description below] and it is using more > and > more of the my SBS2k3's CPU > > I am getting warning messages every few minutes saying: "The processor is > experiencing a low level of idle time. Consistently low levels of idle > time > can cause performance problems." Which is not a suprise seeing as svchost > is > using 99% of the CPU. > > SBS 2003 Standard > P4-3ghz @ 800Mhz | 1GB Ram > Pagefile: 887mb > store.exe is at 300mb > Additional software: MySQL & Norton Antivirus Corporate Edition > > OFFENDING PROCESS @ 99% of CPU > svchost ["BITS, Browser, CryptSvc, dmserver, EventSystem, helpsvc, > lanmanserver, lanmanworkstation, Messenger, Netman, Nla, RasMan, > RemoteAccess, Shedule, seclogon, SENS, ShellHWDetection, winmgmt, > wuauserv"] > > server set-up has not changed - norton antivirus / mysql are not to blame, > I > cannot find any clues in the event logs, concidered the fact that I could > be > logging to much in the event logs [noting that "EventSystem" is listed > above, so I turned off practically all monitoring, to no avail. Restarted > the server a couple of times, within an hour or so svchost is back to 99%. > RAS is not being used, neither is the "companyweb" or any other local > site. > > I'm thinking that it could possibly be a something to do with Networking, > possibly NAT, it has translated over 10 million packets in the past 15 > hours > & has a approx 950-1000 mappings running. > > Can anybody shed any light? > > >
- Next message: Joel Robinson: "Re: RWW/OWA"
- Previous message: Gordon Ryan: "Re: Export Policies and import to other server"
- In reply to: Nathan Rixham: "Getting Urgent svchost = 99% cpu"
- Next in thread: Nathan Rixham: "Re: Getting Urgent svchost = 99% cpu"
- Reply: Nathan Rixham: "Re: Getting Urgent svchost = 99% cpu"
- Messages sorted by: [ date ] [ thread ]
