Iexplore.exe 100% solution to CPU usage when opening Web pages _ Virus killing

CPU Footprint 100% Solution
In general, CPU accounted for 100% of the words our computer will always slow down, and many times we can do a little bit of change can be solved, without asking those prawns.

When the machine slows down, the first thing we think of is, of course, the task manager, to see exactly which program accounted for the ratio, if it is a large program that can be forgiven, in the shutdown of the program as long as the CPU normal, then there is no problem; if not, then you have to see what is the program, When you can't find out what this process is, go to Google or Baidu search. Sometimes the end is useless, in XP we can combine the Msconfig in the startup item, put some unused items to turn off. You can go to the next Winpatrol in 2000.

Some of the most commonly used software, for example, the browser occupies a very engaged CPU, it is necessary to upgrade the software or simply use other similar software instead, sometimes the software and the system will be a little incompatible, of course, we can try the XP system under the compatibility of the program, right click on the exe file selection compatibility.

Svchost.exe sometimes is a headache, when you see one of your svchost.exe occupy a large CPU, you can go to the next aports or fport to check its corresponding program path, that is, what is in the fall of this svchost.exe, if not c:\ Windows\ system32 (XP) or C:\Winnt\System32 (2000), that's suspicious. Upgrade antivirus software antivirus bar.

Right-clicking a file causes 100% CPU to occupy we will also encounter, sometimes the right button pause may be the problem. Official explanation: First click on the left button to select, and then right (not very understanding). Unofficial: Resolve by right-clicking on the desktop-properties-appearance-effects, canceling for menus and tooltips using the following excesses (U). There are some anti-virus software on the file monitoring will also have an impact, you can turn off the anti-virus software file monitoring, there is the Web page, plug-ins, mail monitoring is the same truth.

Some drivers may sometimes have this phenomenon, preferably the choice of Microsoft Certified or the official release of the driver to install, and sometimes appropriate upgrades to drive, but remember the latest is not the best.

CPU cooling software, because the software in the runtime will use the CPU idle time to cool, but windows can not distinguish between ordinary CPU consumption and cooling software cooling instructions between the difference, so the CPU always show 100%, this does not have to worry about, does not affect the normal system operation.

When working with large word files, because Word spelling and grammar checking can make the CPU tired, just turn on Word's tools-options-spelling and grammar to remove the check spelling and check grammar.

The high CPU usage after clicking AVI video file is because the system will first scan the file, and check all parts of the file, and establish an index; Workaround: Right-click the folder that holds the video file-Properties-general-Advanced, remove the tick to allow Indexing Service to index the folder for quick Search.

CPU Footprint 100% Case Study
1, the Dllhost process causes CPU utilization to occupy 100%

Features: Server normal CPU consumption should be below 75%, and CPU consumption should be up and down, the server with this problem, the CPU will suddenly be at 100% level, and will not drop. Viewing Task Manager, you can find that DLLHOST.EXE consumes all of the CPU idle time, in which case the administrator has to restart the IIS service, and strangely, after restarting the IIS service, everything is fine, but it may be a while before the problem comes back.

Direct reason:

One or more Access databases are corrupted during multiple reads and writes, while Microsoft's MDAC system is writing to this corrupted access file, the ASP thread is in block state, and the other threads can only wait, IIS is deadlocked, and all CPU time is consumed in dllhost.

Solution:

Install the first class information surveillance interception system, using the "Chief File Checker IIS health inspector" software,

To enable the Find deadlock module, set:

--wblock=yes
Directory to monitor, specify the directory of your host's files:
--wblockdir=d:\test

Monitor the file save location of the generated log in the log directory of the installation directory, the file name is: logblock.htm

Stop IIS, start the Chief File Checker IIS health inspector, and then start IIS, and the Chief File Checker IIS health inspector will record the last written Access file in Logblock.htm.

After a while, when the problem comes out, for example, the CPU will be at 100% again, you can stop IIS, check the last 10 files that logblock.htm records, and note that the most problematic is often the access file for the counter class, for example: "**count." MDB "," **count. ASP, you can first delete the last 10 files or suspect files to the Recycle Bin, and then start IIS to see if the problem occurs again. We believe that after careful searching, you can certainly find this file that has been bothering you for a while.

After you find this file, you can delete it, or download it, fix it with ACCESS2000, and the problem is solved.

2, the svchost.exe caused by the CPU utilization rate occupies 100%

In the Win.ini file, under [Windows], "run=" and "load=" are ways to load the trojan, and you must pay close attention to them. Under normal circumstances, they have nothing behind the equal sign, if you find that the following path and file name is not familiar with the startup file, your computer may be the upper "Trojan Horse." Of course you also have to see clearly, because a lot of "Trojan", such as "AOL Trojan Trojan", it disguised itself as a command.exe file, if not attention may not find it is not a real system startup files.

In the System.ini file, there is a "shell= filename" under [BOOT]. The correct filename should be "explorer.exe", if not "Explorer.exe", but "shell= Explorer.exe program name", then the following procedure is "Trojan" program, is that you have in the "Trojan Horse."

The most complex situation in the registry, open Registry Editor via the Regedit command, in the click to: "Hkey-local-machine\software\microsoft\windows\currentversion\run" directory, Check the key values are not familiar with their own automatic startup files, extension of EXE, here remember: some "Trojan" program generated by the file is very similar to the system itself file, want to pass camouflage, such as "Acid Battery v1.0 Trojan", it will be the registry " Hkey-local-machine\software\microsoft\windows\currentversion\run "The Explorer key value is changed to Explorer=" C:\Windows\ Expiorer.exe "," Trojan "program and real explorer only between" I "and" L "difference. Of course, there are many places in the registry can hide the "Trojan" program, such as: "Hkey-current-user\software\microsoft\windows\currentversion\run", "hkey-users\****\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run "In the directory is possible, the best way is in the" hkey-local-machine\software\microsoft\windows\ CurrentVersion\Run "Find" Trojan This virus is also known as "Code Red II (Red Code 2)" Virus, with earlier in the western English system popular "Red Code" virus is somewhat contrary to the international known as the VirtualRoot (virtual directory) virus. The worm exploits a Microsoft-known overflow vulnerability that is propagated to other Web page servers through port 80. Infected machines can be run by hackers using HTTP GET Scripts/root.exe to gain full control over the infected machine.

When an infected server succeeds, if the infected machine is a Chinese system, the program sleeps for 2 days and the other machine sleeps for 1 days. When the hibernation time is up, the worm will cause the machine to reboot. The worm also checks whether the month of the machine is October or whether the year is 2002, and if so, the infected server restarts. When the Windows NT system starts, the NT system automatically searches the file Explorer.exe in the C-packing directory, and the files on the server infected by the worm program Explorer.exe the network worm itself. The size of the file is 8192 bytes, and the VirtualRoot network worm is executed by this program. The VirtualRoot network worm also copies cmd.exe files from the Windows NT system directory to other directories, opening the door for hackers to invade. It also modifies the system's registry entries by modifying the registry entry, which allows the worm to create a virtual directory, C or D, where the virus name comes from. It is worth mentioning that the network worm program in addition to file Explorer.exe, the rest of the operation is not based on the file, but directly in memory to carry out infection, transmission, which brought greater difficulty to capture.

The file name of the program, and then search through the entire registry.

Let's start by looking at how Microsoft describes Svchost.exe. The Svchost.exe is described in Microsoft Knowledge Base 314056 as follows: Svchost.exe is the generic host process name for a service running from a dynamic-link library (DLL).

In fact, Svchost.exe is a core process of Windows XP systems. Svchost.exe not only appears in Windows XP, but there are svchost.exe in Windows systems that use the NT kernel. Typically, the number of svchost.exe processes in Windows 2000 is 2, and the number of svchost.exe processes in Windows XP rises to 4 and more than 4. So there are a few svchost.exe in the process list of the system don't worry about that.

What is svchost.exe to do with it?

The first thing we need to know is that the processes in the Windows system are divided into two separate processes and shared processes. Due to the increasing number of services in Windows systems, Microsoft has made many system services a shared mode in order to save a limited amount of system resources. What role does the Svchost.exe play in the middle of this?

Svchost.exe's job is to host these services, that is, to start these services by Svchost.exe. Svchost.exe is only responsible for providing these services with a starting condition that does not provide the functionality of any service or any service to the user. Svchost.exe starts the system service by invoking the dynamic-link library (DLL) for these system services.

Svchost.exe is a virus.

Because Svchost.exe can serve as a host to start the service, so viruses, Trojan writers also find the use of Svchost.exe this feature to confuse users to achieve intrusion, the purpose of destroying the computer.

How can you tell which are the normal svchost.exe processes and which are the virus processes?

The Svchost.exe key value is in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost", as shown in Figure 1. Each key value in Figure 1 represents a separate Svchost.exe group.

Microsoft also provides us with a way to see how the system is running services in the Svchost.exe list. For example, in Windows XP: In Run, enter: cmd, and then enter in the command line mode: Tasklist/svc. The system lists the list of services shown in Figure 2. The area surrounded by the red box in Figure 2 is the list of services that Svchost.exe starts. If you are using a Windows 2000 system, replace the previous "tasklist/svc" command with the following: "Tlist-s". If you suspect that your computer may be infected with a virus, svchost.exe services can find anomalies by searching for svchost.exe files. In general, you will find only one Svchost.exe program in the "C:\Windows\System32" directory. If you find a Svchost.exe program in another directory, it is likely to be poisoned.

Another way to confirm that Svchost.exe is poisoned is to see the execution path of the process in the Task Manager. However, because the task Manager on the Windows system is not able to view the process path, you use a Third-party Process viewer tool.

The above briefly describes the Svchost.exe process of the relevant situation. In short, Svchost.exe is a core process of a system, not a virus process. However, because of the particularity of the Svchost.exe process, the virus will do everything possible to invade Svchost.exe. You can confirm whether poisoning is possible by looking at the execution path of the Svchost.exe process.

3, the Services.exe caused by the CPU utilization rate occupies 100%

Symptoms

On Windows 2000-based computers, CPU usage in Services.exe may intermittently reach 100, and the computer may stop responding (hang). When this problem occurs, users connected to the computer (if it is a file server or a domain controller) are disconnected. You may also need to restart your computer. This symptom occurs if Esent.dll incorrectly handles the way files are flushed to disk.

Solution

Service Pack Information

To resolve this issue, obtain the latest Microsoft Windows Service Pack. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to get the latest Windows Service Pack

Hotfix Information

Microsoft has provided a supported hotfix, but this program is only intended to address the issues that are described in this article. You can apply this hotfix only if your computer encounters a specific problem that is mentioned in this article. This hotfix may also accept some other tests. Therefore, if this problem does not have a serious impact on you, Microsoft recommends that you wait for the next Windows Service Pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft product Support Services to obtain this hotfix. For a complete list of Microsoft Product Support Services phone numbers and support fee information, visit the Microsoft Web site:

Note: In special cases, if a Microsoft support professional determines that a specific update resolves your problem, it is exempt from the usual charge of calling support services. Support fees are normally charged for additional support issues and issues that cannot be resolved by a particular update.

The following table lists the file attributes (or later) of the global version of this hotfix. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To learn the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

State

Microsoft has confirmed that this is a problem in the Microsoft products listed at the beginning of this article. This issue was initially corrected in Microsoft Windows Service Pack 4.

4, the normal software causes the CPU utilization rate occupies 100%

First of all, if it is from the boot after the above situation occurs until the shutdown. It could have been caused by a software that landed with the system at the same time. You can open the System utility Configuration tool by running input "msconfig" and go to the Startup tab. Next, remove the hook in front of the suspicious option, and then restart the computer. Test repeatedly until you find the software that caused the failure. Or you can achieve this through some optimization software such as "Master of Optimization". Another: If the keyboard key card can also cause the boot on the problem.

If you are using a computer on the way out of this type of problem, you can call Task Manager (WINXP Ctrl+alt+del WIN2000 ctrl+shift "ESC), into the" Process "tab, look at the" CPU "column, from which to find a higher resource-consuming programs (which system IDLE process is normal, its value is generally very high, its role is to tell you what the current CPU resources are available, so the higher the value the better it is through the search function to find out which software the process belongs to. The problem can then be solved by upgrading, shutting down, uninstalling the software, or simply finding a similar software replacement.

5, viruses, trojans, spyware caused by the CPU utilization rate of 100%

A CPU occupancy rate of 100% failure is often caused by a virus trojan, such as shock wave virus. You should first update the virus library and scan your computer for the whole machine. Next, use the antispyware ad-aware to check for spyware. Many friends on the forum have encountered Svchost.exe occupy cpu100%, this is often the performance of poisoning.

Svchost.exe system Services in Windows are implemented as dynamic-link libraries (DLLs), some of which point an executable program to Svchost.exe, which invokes the corresponding service's dynamic-link library and adds the appropriate parameters to start the service. It is precisely because of its specificity and importance that makes it easier to become the host of some virus Trojans.

6, the Explorer.exe process causes CPU utilization to occupy 100%

In the System.ini file, there is a "shell= filename" under [BOOT]. The correct filename should be "explorer.exe", if not "Explorer.exe", but "shell= Explorer.exe program name", then the following procedure is "Trojan" program, is that you have in the "Trojan Horse."

The most complex situation in the registry, open Registry Editor via the Regedit command, in the click to: "Hkey-local-machine\software\microsoft\windows\currentversion\run" directory, Check the key values are not familiar with their own automatic startup files, extension of EXE, here remember: some "Trojan" program generated by the file is very similar to the system itself file, want to pass camouflage, such as "Acid Battery v1.0 Trojan", it will be the registry " Hkey-local-machine\software\microsoft\windows\currentversion\run "under the

The Explorer key value is changed to Explorer= "C:\Windows\expiorer.exe", "Trojan" program and real explorer only between "I" and "L" difference. Of course, there are many places in the registry can hide the "Trojan" program, such as: "Hkey-current-user\software\microsoft\windows\currentversion\run", "hkey-users\****\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run "In the directory is possible, the best way is in the" hkey-local-machine\software\microsoft\windows\ CurrentVersion\Run "To find the name of the Trojan horse program, and then search the entire registry."

7, Hyper-Threading causes CPU utilization to occupy 100%

The common cause of such failures is the use of P4 CPUs with Hyper-threading capabilities. I looked up some of the data without a clear explanation for the reasons. According to some netizens concluded that hyper-threading seems to conflict with Skynet firewall, can uninstall Skynet and install other firewall solution, can also be turned off by the BIOS in the Hyper-threading function to resolve.

8. avi video files cause CPU usage to occupy 100%

In Windows XP, when you click on a larger AVI video file, you may have system suspended animation and cause the Exploere.exe process to use 100% because the system scans the file first and checks all parts of the file to establish an index. If the file is large it will take a long time and cause a CPU occupancy rate of 100%. Workaround: Right-click the folder where you want to save the video file, select Properties-> General-> Advanced, and remove the check box in the front of the checkbox for fast searching, which allows Indexing Service to index the folder.

9, anti-virus software CPU utilization rate occupies 100%

Now the anti-virus software is generally added to the Web page, mail, personal privacy of the immediate monitoring of the function, this will undoubtedly increase the burden of the system. For example: When playing a game, it will be very slow. Shutting down the antivirus software is the most straightforward solution.

10, the processing of large word files when the CPU usage rate is too high

These problems generally result in the computer's death, all because of Word's spelling and grammar check, just open Word's tools-options, go to the Spelling and Grammar tab, and remove the hooks in the check boxes in front of both "Check spelling as you type" and "Check grammar as you type."

11, the network connection causes the CPU utilization rate to occupy 100%

When your windows2000/xp is a server, when you receive a connection request from port 445, the system allocates memory and a small amount of CPU resources to service these connections, which occurs when the load is overloaded. To resolve this problem, you can fix it by modifying the registry, open the registry, find Hkey-local-machne\system\currentcontrolset\services\lanmanserver, and create a new name on the right. ; MaxWorkItems "; then double-click the value, if your computer has more than 512 memory, set to" 1024 ", if less than 512, set to 256.

Some imperfect drivers can also cause high CPU usage

The standby feature is often used, which also causes the system to automatically turn off the hard disk DMA mode. This will not only make the system can be greatly reduced, slow startup speed, it will be the system running some large software and games CPU utilization rate of 100%, resulting in a standstill.