Solution to 100% CPU usage
Generally speaking, if the CPU accounts for 100% of our computers, our computers will always slow down, and many times we can solve it by making a little changes without asking about those big prawns.
When the machine slows down, the first thing we think of is of course the task manager. See which program accounts for the most important proportion. If it is a large program, it is forgiven. After closing the program, as long as the CPU is normal, it will be fine; if not, then you have to see what the program is. When you can't find out what the process is, google or baidu search. Sometimes it is useless to just end. In xp, we can combine the startup items in msconfig to turn off some unused items. You can use the next winpatrol at 2000.
Some commonly used software, such as the browser occupies a lot of CPU, then you need to upgrade the software or simply use other similar software instead. Sometimes the software and the system will be a bit incompatible. Of course, we can try the compatibility item given to us under the xp system, right-click the .exe file to select compatibility.
Sometimes it is a headache. When you see that one of your CPU is consuming a lot, you can go to the next aports or fport to check the corresponding program path, that is, what is using this. If it is not under c:\Windows\ system32 (xp) or c:\winnt\system32(2000), then it is suspicious. Upgrade antivirus software to antivirus.
We will also encounter 100% of CPU usage when right-clicking the file, and sometimes right-clicking and pausing may be the problem. Official explanation: Click the left button to select it first, then the right button (not very understanding). Unofficial: By right-clicking on the desktop - Properties - Appearance - Effects, canceling the "Use the following excessive effects (U) for menus and tooltips". Some antivirus software also have an impact on file monitoring, and the file monitoring of antivirus software can be turned off; the same is true for monitoring web pages, plug-ins, and emails.
This may occur sometimes in some drivers. It is best to choose Microsoft certified or officially released drivers to install. Sometimes you can upgrade the driver appropriately, but remember that the latest one is not the best.
CPU cooling software, since the software will use the CPU idle time to cool down when running, Windows cannot distinguish the difference between ordinary CPU occupation and cooling instructions of cooling software, so the CPU always displays 100%. There is no need to worry about this, and it will not affect the normal system operation.
When processing larger word files, the CPU will be tiring due to word spelling and grammar checking. Just open word tools - options - spelling and grammar to remove the "check spelling and grammar".
The CPU occupancy rate after clicking the avi video file is high because the system needs to scan the file first, check all parts of the file, and create an index; solution: right-click the folder where the video file is saved - Properties - General - Advanced, and remove the tick that allows the indexing service to index the folder for quick search.
CPU occupies 100% Case analysis
1. The dllhost process causes CPU usage to occupy 100%
Features: The normal CPU consumption of the server should be below 75%, and the CPU consumption should fluctuate. If the server with this problem occurs, the CPU will suddenly be at a level of 100% and will not drop. Looking at the task manager, you can find that it consumed all the CPU free time. In this case, the administrator had to restart the IIS service. Strangely, everything was fine after restarting the IIS service, but maybe after a while, the problem occurred again.
Direct reason:
One or more ACCESS databases are damaged during multiple reads and writes. When Microsoft's MDAC system writes this corrupt ACCESS file, the ASP thread is in the BLOCK state. As a result, other threads can only wait, IIS is deadlocked, and all CPU time is consumed in DLLHOST.
Solution:
Install the "first-class information monitoring and interception system" and use the "Chief Document Inspection Officer IIS Health Inspection Officer" software,
Enable "Find Deadlock Module", set:
--wblock=yes
To monitor the directory, please specify the directory where your host's file is located:
--wblockdir=d:\test
The file saving location of the generated log is in the log directory of the installation directory, and the file name is:
Stop IIS, start "Chief Document Inspection Officer IIS Health Inspection Officer" and start IIS, and "Chief Document Inspection Officer IIS Health Inspection Officer" will record the last ACCESS file written in.
After a while, when the problem occurs, for example, the CPU will always be at 100% level again. You can stop IIS and check the last ten files recorded. Note that the most problematic one is often the ACCESS file of the counter class, such as: "**COUNT. MDB" and "**". You can first delete the last ten files or suspected files to the recycling bin, and then start IIS to see if the problem occurs again. We believe that after careful searching, you can definitely find this file that has made you worry about for a while.
After finding this file, you can delete it, or download it, and use ACCESS2000 to fix it, and the problem will be solved.
2. Causes 100% of CPU usage
In the file, under [Windows], "run=" and "load=" are ways to load "*" programs, and they must be carefully watched. Generally speaking, there is nothing after their equal signs. If you find that the path and file name are not the startup file you are familiar with, your computer may be involved in a "*". Of course, you have to see clearly, because many "* horses", such as "AOL * * horses", disguise themselves as files. If you are not careful, you may not find that it is not a real system startup file.
In the file, there is a "shell=filename" under [BOOT]. The correct file name should be "". If it is not "", but "shell= Program name", then the program followed is the "*" program, which means that you have already been infected with the "*".
The situation in the registry is the most complicated. Open the registry editor through the regedit command. Click to the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" to check if there are any unfamiliar automatic startup files in the key value. The extension is EXE. Remember here: Some "*" programs generate files very much like the system's own files, and want to use disguise masks If you pass the level, such as "Acid Battery v1.0 *", it changes the Explorer key value under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" to Explorer="C:\Windows\". There is only the difference between the "*" program and the real Explorer. Of course, there are many places in the registry that can hide "*" programs, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft\Windows\CurrentVersion\Run", are possible in the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Microsoft\Windows\CurrentVersion\Run". The best way is to use "HKEY-LOCAL-MACHINE\Software\Microsoft\ The "*" virus is found under Windows\CurrentVersion\Run". This virus is also called the "Code Red II (Red Code 2)" virus, which is a bit contrary to the popular "Red Code" virus in Western English systems. It is internationally known as VirtualRoot (virtual directory) virus. The worm virus uses known overflow vulnerabilities from Microsoft to spread to other web page servers through port 80. The infected machine can be run scripts/ by hackers through Http Get request to gain full control of the infected machine.
When an infected server is successful, if the infected machine is in Chinese system, the program will hibernate for 2 days and other machines will hibernate for 1 day. When the hibernation time has reached, the worm program will restart the machine. The worm will also check whether the machine's month is October or whether the year is 2002, and if so, the infected server will also restart. When the Windows NT system starts, the NT system will automatically search for files in the root directory of the C disk, and the files on the server infected by the network worm program are the network worm program itself. The size of the file is 8192 bytes, and the VirtualRoot network worm program is executed through this program. At the same time, the VirtualRoot network worm program also copied the files from the Windows NT system directory to another directory, opening the door to hackers' invasion. It will also modify the system's registry item. Through the modification of the registry item, the worm program can create a virtual directory C or D, and the virus name comes from it. It is worth mentioning that except for files, the rest of the operations of this network worm program are not based on files, but are directly infected and spread in memory, which brings great difficulty to capture.
"The file name of the program, then search the entire registry.
Let's first look at how Microsoft describes it. The following description is given in Microsoft Knowledge Base 314056: It is the common host process name of the service running from the Dynamic Link Library (DLL).
In fact, it is a core process of Windows XP system. It not only appears in Windows XP, but also exists in Windows systems that use NT kernels. Generally, the number of processes in Windows 2000 is 2, while the number of processes in Windows XP has increased to 4 or more. So don't worry about seeing a few of the process list in the system.
What is it for?
First of all, we need to understand that the processes in the Windows system are divided into two types: independent processes and shared processes. As there are more and more services in Windows systems, in order to save limited system resources, Microsoft has made many system services into a shared mode. So what role do you play in the middle?
The job is to be the host of these services, that is, to start these services. It is only responsible for providing the conditions for starting these services. It cannot realize the functions of any service and cannot provide any services to users. Start system services by calling dynamic link libraries (DLLs) for these system services.
Is it a virus caused by any statement?
Because the service can be started as a host of the service, the authors of viruses and *s have also tried their best to use this feature to confuse users to achieve the purpose of invading and destroying computers.
How can we distinguish which are normal processes and which are virus processes?
The key value is in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost", as shown in Figure 1. Each key value in Figure 1 represents an independent group.
Microsoft also provides us with a way to view services whose systems are running on the list. Take Windows XP as an example: enter:cmd in "Run", and then enter:tasklist/svc in command line mode. The system lists the service list as shown in Figure 2. The area surrounded by the red box in Figure 2 is the started service list. If you are using Windows 2000 system, replace the previous "tasklist/svc" command with: "tlist-s". If you suspect that the computer may be infected by a virus, and the service has abnormalities, you can find abnormalities by searching for the file. Generally, you will only find a program under the directory "C:\Windows\System32". If you find a program in other directories, it is likely that it is poisoned.
Another way to confirm whether it is poisoned is to observe the execution path of the process in the task manager. However, since the task manager that comes with Windows system cannot view the process path, you need to use a third-party process viewing tool.
The above briefly introduces the relevant situation of the process. In short, it is the core process of a system, not a virus process. But due to the special nature of the process, the virus will do everything possible to invade. You can confirm whether you are poisoned by observing the execution path of the process.
3. Causes 100% of CPU usage
symptom
On Windows 2000-based computers, the CPU usage in them may intermittently reach 100% and the computer may stop responding (hang). When this problem occurs, users connected to the computer (if it is a file server or domain controller) will be disconnected. You may also need to restart your computer. This symptom occurs if the error handles the way to flush files to disk.
Solution
Service Pack Information
To resolve this issue, get the latest Microsoft Windows 2000 Service Pack. For additional information, click the article number below to view the corresponding articles in the Microsoft Knowledge Base:
260910 How to get the latest Windows 2000 Service Pack
Fixed program information
Microsoft provides supported patches, but this program is only intended to resolve the issues described in this article. This hotfix is only available if the computer encounters the specific problem mentioned in this article. This hotfix may undergo some other tests. Therefore, if this problem does not have a serious impact on you, Microsoft recommends that you wait for the next Windows 2000 Service Pack that contains this hotfix.
To resolve this issue immediately, contact Microsoft Product Support Services for this hotfix. For a complete list of "Microsoft Product Support Services" phone number and support fee information, please visit the Microsoft Web site:
Note: In special cases, if Microsoft Support Professionals determine that a specific update program can solve your problem, they can waive the usual telephone support service fee. Support fees will be charged normally for other support issues and matters that cannot be resolved by a specific update program.
The following table lists the file properties (or updated properties) for the global version of this hotfix. The dates and times of these files are listed as Coordinated Universal Time (UTC). When viewing file information, it will be converted to local time. To understand the time difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
state
Microsoft has confirmed that this is a problem in the Microsoft products listed at the beginning of this article. This issue was initially corrected in Microsoft Windows 2000 Service Pack 4.
4. Normal software causes CPU usage to occupy 100%
First, if the above situation occurs after the power is turned on until the power is turned off. Then it may be caused by a software that logs in with the system at the same time. You can open the "System Utility Configuration Tool" by running the input "msconfig" and enter the "Startup" tab. Next, cancel the hook in front of the suspicious option and restart the computer. Test repeatedly until the software that caused the failure is found. Or the above purpose can be achieved through some optimization software such as "Optimization Master". In addition: If the keys in the keyboard are stuck, it may also cause the above problems when powering on.
If you are using a computer, you can call up the task manager (WINXP CTRL+ALT+DEL WIN2000 CTRL+SHIFT "ESC), enter the "Process" tab, look at the "CPU" column, and find the program that occupies high resources (SYSTEM IDLE PROCESS is normal, and its value is generally very high. Its function is to tell you how much CPU resources you are currently available, so the higher the value, the better). Through the search function, it can find which software this process belongs to. Then, you can upgrade, close, uninstall this software or simply find a similar software to replace it, and the problem can be solved.
5. Viruses, *s, and spyware cause CPU usage to occupy 100%
The failure of 100% CPU occupancy is often caused by virus *s, such as oscillating wave viruses. The virus database should be updated first and the computer should be scanned for the entire computer. Next, use the anti-spyware Ad-Aware to check whether there is any spyware. Many friends on the forum have encountered the use of 100% of the CPU, which is often a manifestation of poisoning.
System services in Windows are implemented in the form of dynamic link libraries (DLLs). Some of them point executable programs to which they call the dynamic link libraries of the corresponding services and add corresponding parameters to start the service. It is precisely because of its particularity and importance that it is easier to become a host of some virus *s.
6. Processes cause CPU usage to occupy 100%
In the file, there is a "shell=filename" under [BOOT]. The correct file name should be "". If it is not "", but "shell= Program name", then the program followed is the "*" program, which means that you have already been infected with the "*".
The situation in the registry is the most complicated. Open the registry editor through the regedit command, and click on the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" to check if there are any unfamiliar automatic startup files in the key values. The extension is EXE. Remember here: the files generated by some "*s" programs are very similar to the system's own files. They want to get away with it by disguising them, such as "Acid Battery v1.0 *s", which will under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
The key value of Explorer is changed to Explorer="C:\Windows\". There is only the difference between "i" and "l" between the "*" program and the real Explorer. Of course, there are still many places in the registry that can hide "*" programs, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft\Windows\CurrentVersion\Run", are possible. The best way is to find the file name of the "*" program under "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", and then search in the entire registry.
7. Hyperthreading causes CPU usage to occupy 100%
The common reason for this type of failure is that they all use P4 CPUs with hyperthreading functions. I searched for some information but had no clear explanation for the reason. According to some netizens, hyperthreading seems to have conflicts with the Skynet firewall. It can be solved by uninstalling Skynet and installing other firewalls, or it can be solved by turning off the hyperthreading function in the BIOS.
8. AVI video files cause CPU usage to occupy 100%
In Windows XP, after clicking a larger AVI video file, the system may have a false death, and the process usage rate is 100%. This is because the system needs to scan the file first, check all parts of the file, and establish an index. If the file is large, it will take a long time and cause a 100% CPU usage. Solution: Right-click the folder where the video file is saved, select "Properties -> General -> Advanced", remove "For quick search, allow the index service to index the folder" in the check box in front of the check box.
9. Antivirus software CPU usage rate occupies 100%
Nowadays, antivirus software has generally been added, and the instant air monitoring function for web pages, emails, and personal privacy will undoubtedly increase the burden on the system. For example: it will be very slow when playing games. Turning off the antivirus software is the most direct solution.
10. CPU usage is too high when processing larger Word files
The above problems generally cause computers to be faked. These are all caused by WORD's spelling and grammar checking. Just open the "Tools-Options" of WORD, enter the "Spellow and Grammar" tab, and remove the hooks in the check boxes before the two items "Check spelling when typing" and "Check grammar when typing".
11. Network connection causes CPU usage to occupy 100%
When your Windows 2000/xp is a server, after receiving a connection request from port 445, the system will allocate memory and a small amount of CPU resources to serve these connections. The above situation will occur when the load is too heavy. To solve this problem, you can solve it by modifying the registry. Open the registry, find HKEY-LOCAL-MACHNE\SYSTEM\CurrentControlSet\Services\lanmanserver, and create a new DWORD value named "maxworkitems" on the right. Then double-click the value. If your computer has more than 512 memory, set it to "1024"; and if it is less than 512, set it to 256.
Some imperfect drivers can also cause excessive CPU usage
Regular use of the standby function will also cause the system to automatically turn off the hard disk DMA mode. This will not only greatly reduce the system performance and slow down the system startup speed, but will also cause the system to use 100% CPU and cause pause when running some large software and games.
Generally speaking, if the CPU accounts for 100% of our computers, our computers will always slow down, and many times we can solve it by making a little changes without asking about those big prawns.
When the machine slows down, the first thing we think of is of course the task manager. See which program accounts for the most important proportion. If it is a large program, it is forgiven. After closing the program, as long as the CPU is normal, it will be fine; if not, then you have to see what the program is. When you can't find out what the process is, google or baidu search. Sometimes it is useless to just end. In xp, we can combine the startup items in msconfig to turn off some unused items. You can use the next winpatrol at 2000.
Some commonly used software, such as the browser occupies a lot of CPU, then you need to upgrade the software or simply use other similar software instead. Sometimes the software and the system will be a bit incompatible. Of course, we can try the compatibility item given to us under the xp system, right-click the .exe file to select compatibility.
Sometimes it is a headache. When you see that one of your CPU is consuming a lot, you can go to the next aports or fport to check the corresponding program path, that is, what is using this. If it is not under c:\Windows\ system32 (xp) or c:\winnt\system32(2000), then it is suspicious. Upgrade antivirus software to antivirus.
We will also encounter 100% of CPU usage when right-clicking the file, and sometimes right-clicking and pausing may be the problem. Official explanation: Click the left button to select it first, then the right button (not very understanding). Unofficial: By right-clicking on the desktop - Properties - Appearance - Effects, canceling the "Use the following excessive effects (U) for menus and tooltips". Some antivirus software also have an impact on file monitoring, and the file monitoring of antivirus software can be turned off; the same is true for monitoring web pages, plug-ins, and emails.
This may occur sometimes in some drivers. It is best to choose Microsoft certified or officially released drivers to install. Sometimes you can upgrade the driver appropriately, but remember that the latest one is not the best.
CPU cooling software, since the software will use the CPU idle time to cool down when running, Windows cannot distinguish the difference between ordinary CPU occupation and cooling instructions of cooling software, so the CPU always displays 100%. There is no need to worry about this, and it will not affect the normal system operation.
When processing larger word files, the CPU will be tiring due to word spelling and grammar checking. Just open word tools - options - spelling and grammar to remove the "check spelling and grammar".
The CPU occupancy rate after clicking the avi video file is high because the system needs to scan the file first, check all parts of the file, and create an index; solution: right-click the folder where the video file is saved - Properties - General - Advanced, and remove the tick that allows the indexing service to index the folder for quick search.
CPU occupies 100% Case analysis
1. The dllhost process causes CPU usage to occupy 100%
Features: The normal CPU consumption of the server should be below 75%, and the CPU consumption should fluctuate. If the server with this problem occurs, the CPU will suddenly be at a level of 100% and will not drop. Looking at the task manager, you can find that it consumed all the CPU free time. In this case, the administrator had to restart the IIS service. Strangely, everything was fine after restarting the IIS service, but maybe after a while, the problem occurred again.
Direct reason:
One or more ACCESS databases are damaged during multiple reads and writes. When Microsoft's MDAC system writes this corrupt ACCESS file, the ASP thread is in the BLOCK state. As a result, other threads can only wait, IIS is deadlocked, and all CPU time is consumed in DLLHOST.
Solution:
Install the "first-class information monitoring and interception system" and use the "Chief Document Inspection Officer IIS Health Inspection Officer" software,
Enable "Find Deadlock Module", set:
--wblock=yes
To monitor the directory, please specify the directory where your host's file is located:
--wblockdir=d:\test
The file saving location of the generated log is in the log directory of the installation directory, and the file name is:
Stop IIS, start "Chief Document Inspection Officer IIS Health Inspection Officer" and start IIS, and "Chief Document Inspection Officer IIS Health Inspection Officer" will record the last ACCESS file written in.
After a while, when the problem occurs, for example, the CPU will always be at 100% level again. You can stop IIS and check the last ten files recorded. Note that the most problematic one is often the ACCESS file of the counter class, such as: "**COUNT. MDB" and "**". You can first delete the last ten files or suspected files to the recycling bin, and then start IIS to see if the problem occurs again. We believe that after careful searching, you can definitely find this file that has made you worry about for a while.
After finding this file, you can delete it, or download it, and use ACCESS2000 to fix it, and the problem will be solved.
2. Causes 100% of CPU usage
In the file, under [Windows], "run=" and "load=" are ways to load "*" programs, and they must be carefully watched. Generally speaking, there is nothing after their equal signs. If you find that the path and file name are not the startup file you are familiar with, your computer may be involved in a "*". Of course, you have to see clearly, because many "* horses", such as "AOL * * horses", disguise themselves as files. If you are not careful, you may not find that it is not a real system startup file.
In the file, there is a "shell=filename" under [BOOT]. The correct file name should be "". If it is not "", but "shell= Program name", then the program followed is the "*" program, which means that you have already been infected with the "*".
The situation in the registry is the most complicated. Open the registry editor through the regedit command. Click to the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" to check if there are any unfamiliar automatic startup files in the key value. The extension is EXE. Remember here: Some "*" programs generate files very much like the system's own files, and want to use disguise masks If you pass the level, such as "Acid Battery v1.0 *", it changes the Explorer key value under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" to Explorer="C:\Windows\". There is only the difference between the "*" program and the real Explorer. Of course, there are many places in the registry that can hide "*" programs, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft\Windows\CurrentVersion\Run", are possible in the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Microsoft\Windows\CurrentVersion\Run". The best way is to use "HKEY-LOCAL-MACHINE\Software\Microsoft\ The "*" virus is found under Windows\CurrentVersion\Run". This virus is also called the "Code Red II (Red Code 2)" virus, which is a bit contrary to the popular "Red Code" virus in Western English systems. It is internationally known as VirtualRoot (virtual directory) virus. The worm virus uses known overflow vulnerabilities from Microsoft to spread to other web page servers through port 80. The infected machine can be run scripts/ by hackers through Http Get request to gain full control of the infected machine.
When an infected server is successful, if the infected machine is in Chinese system, the program will hibernate for 2 days and other machines will hibernate for 1 day. When the hibernation time has reached, the worm program will restart the machine. The worm will also check whether the machine's month is October or whether the year is 2002, and if so, the infected server will also restart. When the Windows NT system starts, the NT system will automatically search for files in the root directory of the C disk, and the files on the server infected by the network worm program are the network worm program itself. The size of the file is 8192 bytes, and the VirtualRoot network worm program is executed through this program. At the same time, the VirtualRoot network worm program also copied the files from the Windows NT system directory to another directory, opening the door to hackers' invasion. It will also modify the system's registry item. Through the modification of the registry item, the worm program can create a virtual directory C or D, and the virus name comes from it. It is worth mentioning that except for files, the rest of the operations of this network worm program are not based on files, but are directly infected and spread in memory, which brings great difficulty to capture.
"The file name of the program, then search the entire registry.
Let's first look at how Microsoft describes it. The following description is given in Microsoft Knowledge Base 314056: It is the common host process name of the service running from the Dynamic Link Library (DLL).
In fact, it is a core process of Windows XP system. It not only appears in Windows XP, but also exists in Windows systems that use NT kernels. Generally, the number of processes in Windows 2000 is 2, while the number of processes in Windows XP has increased to 4 or more. So don't worry about seeing a few of the process list in the system.
What is it for?
First of all, we need to understand that the processes in the Windows system are divided into two types: independent processes and shared processes. As there are more and more services in Windows systems, in order to save limited system resources, Microsoft has made many system services into a shared mode. So what role do you play in the middle?
The job is to be the host of these services, that is, to start these services. It is only responsible for providing the conditions for starting these services. It cannot realize the functions of any service and cannot provide any services to users. Start system services by calling dynamic link libraries (DLLs) for these system services.
Is it a virus caused by any statement?
Because the service can be started as a host of the service, the authors of viruses and *s have also tried their best to use this feature to confuse users to achieve the purpose of invading and destroying computers.
How can we distinguish which are normal processes and which are virus processes?
The key value is in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost", as shown in Figure 1. Each key value in Figure 1 represents an independent group.
Microsoft also provides us with a way to view services whose systems are running on the list. Take Windows XP as an example: enter:cmd in "Run", and then enter:tasklist/svc in command line mode. The system lists the service list as shown in Figure 2. The area surrounded by the red box in Figure 2 is the started service list. If you are using Windows 2000 system, replace the previous "tasklist/svc" command with: "tlist-s". If you suspect that the computer may be infected by a virus, and the service has abnormalities, you can find abnormalities by searching for the file. Generally, you will only find a program under the directory "C:\Windows\System32". If you find a program in other directories, it is likely that it is poisoned.
Another way to confirm whether it is poisoned is to observe the execution path of the process in the task manager. However, since the task manager that comes with Windows system cannot view the process path, you need to use a third-party process viewing tool.
The above briefly introduces the relevant situation of the process. In short, it is the core process of a system, not a virus process. But due to the special nature of the process, the virus will do everything possible to invade. You can confirm whether you are poisoned by observing the execution path of the process.
3. Causes 100% of CPU usage
symptom
On Windows 2000-based computers, the CPU usage in them may intermittently reach 100% and the computer may stop responding (hang). When this problem occurs, users connected to the computer (if it is a file server or domain controller) will be disconnected. You may also need to restart your computer. This symptom occurs if the error handles the way to flush files to disk.
Solution
Service Pack Information
To resolve this issue, get the latest Microsoft Windows 2000 Service Pack. For additional information, click the article number below to view the corresponding articles in the Microsoft Knowledge Base:
260910 How to get the latest Windows 2000 Service Pack
Fixed program information
Microsoft provides supported patches, but this program is only intended to resolve the issues described in this article. This hotfix is only available if the computer encounters the specific problem mentioned in this article. This hotfix may undergo some other tests. Therefore, if this problem does not have a serious impact on you, Microsoft recommends that you wait for the next Windows 2000 Service Pack that contains this hotfix.
To resolve this issue immediately, contact Microsoft Product Support Services for this hotfix. For a complete list of "Microsoft Product Support Services" phone number and support fee information, please visit the Microsoft Web site:
Note: In special cases, if Microsoft Support Professionals determine that a specific update program can solve your problem, they can waive the usual telephone support service fee. Support fees will be charged normally for other support issues and matters that cannot be resolved by a specific update program.
The following table lists the file properties (or updated properties) for the global version of this hotfix. The dates and times of these files are listed as Coordinated Universal Time (UTC). When viewing file information, it will be converted to local time. To understand the time difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
state
Microsoft has confirmed that this is a problem in the Microsoft products listed at the beginning of this article. This issue was initially corrected in Microsoft Windows 2000 Service Pack 4.
4. Normal software causes CPU usage to occupy 100%
First, if the above situation occurs after the power is turned on until the power is turned off. Then it may be caused by a software that logs in with the system at the same time. You can open the "System Utility Configuration Tool" by running the input "msconfig" and enter the "Startup" tab. Next, cancel the hook in front of the suspicious option and restart the computer. Test repeatedly until the software that caused the failure is found. Or the above purpose can be achieved through some optimization software such as "Optimization Master". In addition: If the keys in the keyboard are stuck, it may also cause the above problems when powering on.
If you are using a computer, you can call up the task manager (WINXP CTRL+ALT+DEL WIN2000 CTRL+SHIFT "ESC), enter the "Process" tab, look at the "CPU" column, and find the program that occupies high resources (SYSTEM IDLE PROCESS is normal, and its value is generally very high. Its function is to tell you how much CPU resources you are currently available, so the higher the value, the better). Through the search function, it can find which software this process belongs to. Then, you can upgrade, close, uninstall this software or simply find a similar software to replace it, and the problem can be solved.
5. Viruses, *s, and spyware cause CPU usage to occupy 100%
The failure of 100% CPU occupancy is often caused by virus *s, such as oscillating wave viruses. The virus database should be updated first and the computer should be scanned for the entire computer. Next, use the anti-spyware Ad-Aware to check whether there is any spyware. Many friends on the forum have encountered the use of 100% of the CPU, which is often a manifestation of poisoning.
System services in Windows are implemented in the form of dynamic link libraries (DLLs). Some of them point executable programs to which they call the dynamic link libraries of the corresponding services and add corresponding parameters to start the service. It is precisely because of its particularity and importance that it is easier to become a host of some virus *s.
6. Processes cause CPU usage to occupy 100%
In the file, there is a "shell=filename" under [BOOT]. The correct file name should be "". If it is not "", but "shell= Program name", then the program followed is the "*" program, which means that you have already been infected with the "*".
The situation in the registry is the most complicated. Open the registry editor through the regedit command, and click on the directory "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" to check if there are any unfamiliar automatic startup files in the key values. The extension is EXE. Remember here: the files generated by some "*s" programs are very similar to the system's own files. They want to get away with it by disguising them, such as "Acid Battery v1.0 *s", which will under the registry "HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
The key value of Explorer is changed to Explorer="C:\Windows\". There is only the difference between "i" and "l" between the "*" program and the real Explorer. Of course, there are still many places in the registry that can hide "*" programs, such as: "HKEY-CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY-USERS\****\Software\Microsoft\Windows\CurrentVersion\Run", are possible. The best way is to find the file name of the "*" program under "HKEY-LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", and then search in the entire registry.
7. Hyperthreading causes CPU usage to occupy 100%
The common reason for this type of failure is that they all use P4 CPUs with hyperthreading functions. I searched for some information but had no clear explanation for the reason. According to some netizens, hyperthreading seems to have conflicts with the Skynet firewall. It can be solved by uninstalling Skynet and installing other firewalls, or it can be solved by turning off the hyperthreading function in the BIOS.
8. AVI video files cause CPU usage to occupy 100%
In Windows XP, after clicking a larger AVI video file, the system may have a false death, and the process usage rate is 100%. This is because the system needs to scan the file first, check all parts of the file, and establish an index. If the file is large, it will take a long time and cause a 100% CPU usage. Solution: Right-click the folder where the video file is saved, select "Properties -> General -> Advanced", remove "For quick search, allow the index service to index the folder" in the check box in front of the check box.
9. Antivirus software CPU usage rate occupies 100%
Nowadays, antivirus software has generally been added, and the instant air monitoring function for web pages, emails, and personal privacy will undoubtedly increase the burden on the system. For example: it will be very slow when playing games. Turning off the antivirus software is the most direct solution.
10. CPU usage is too high when processing larger Word files
The above problems generally cause computers to be faked. These are all caused by WORD's spelling and grammar checking. Just open the "Tools-Options" of WORD, enter the "Spellow and Grammar" tab, and remove the hooks in the check boxes before the two items "Check spelling when typing" and "Check grammar when typing".
11. Network connection causes CPU usage to occupy 100%
When your Windows 2000/xp is a server, after receiving a connection request from port 445, the system will allocate memory and a small amount of CPU resources to serve these connections. The above situation will occur when the load is too heavy. To solve this problem, you can solve it by modifying the registry. Open the registry, find HKEY-LOCAL-MACHNE\SYSTEM\CurrentControlSet\Services\lanmanserver, and create a new DWORD value named "maxworkitems" on the right. Then double-click the value. If your computer has more than 512 memory, set it to "1024"; and if it is less than 512, set it to 256.
Some imperfect drivers can also cause excessive CPU usage
Regular use of the standby function will also cause the system to automatically turn off the hard disk DMA mode. This will not only greatly reduce the system performance and slow down the system startup speed, but will also cause the system to use 100% CPU and cause pause when running some large software and games.