none
Frequent CPU spikes to 100% while idling, must reboot every time RRS feed

  • Question

  • Overall I've been fairly impressed with Windows 7, but an issue has popped up that's causing me quite a headache. At random intervals, my CPU speed goes up to around 100%, and becomes unusable. It happens regardless of what I'm doing, and what programs happen to be open. I've tried monitering the processes causing it, yet strangely when it happens the resource manager doesn't say which process is hogging the CPU. The only events that are ever logged are ones stating that the computer had been restarted without properly shutting it down.
    One possible clue: when said processor spikes happen, the network status indicator says that I only have "limited connectivity".

    I've tried updating all of my drivers, with no relief.
    I'm running an AMD Kuma dual core processor, 4gigs of ram, geforce 9800gtx graphics, and am using windows 7 build 7100 (x64).

    Please help, I'm absolutely lost!
    Tuesday, May 12, 2009 7:04 AM

Answers

  • It sounds to me that you have picked up some kind of malware / virri / trojan my friend.

    One that is hijacking your browser, attempting to 'dial home' & raping your network connection.

    I say this as I had something akin to it myself whilst using build 7xxxx befor going to RC.

    It was a bit of malware that had piggybacked on an application or had loaded from a webpage, I am leaning more towards piggybacking an app as it calls itself a toolbar & also shows up in a few other locations as.. wellI forget now.

    I managed to remove the said nasty during on of my limited times that it allowed me to access explorer...
    It protects itself well & will not allow you to access uninstall or even taskmanager via the control panel.

    However as it wasn't written for win 7 you can do the following things to get rid of it:

    Open task manager by right clicking on the toolbar by the clock (bootom right) & opening it from there, run through every process that's running, don't forget to click on 'show processes from all users' as this is where a part of it resides.

    Now as I cannot recall the exact names of the .exes & .dlls associated you will have to do what I had to do & that is to open your browser (IE8) & run google, obviously you recognize various processes, however you may not be 100% up on everything that runs under win 7 RC, so enter each process that you are not aware should be running into google until you find the culprit /culprits...

    The removal instructions I found were useless, so I did the next best thing, once aware of what they were named I located the folders they resided in & proceded to remove all traces, there will be portions that you cannot remove on the first attempt, remove each item in each folder one at a time, putting it into the trash & then empty the trash at each step of the process.

    Make note of the folder names & locations (also make not of the aliases that this nasty runs as, you will find it in other parts of windows, you will also need to remove these to)...
    You will need to go back & make other attempts to remove the folders & item within once you have gone through all of them & also stopped their processes running...
    One or two you maybe able to catch before it restarts itself...
    Anyways, with over 90% of what it needs missing, it is now time to restart...

    As integral parts of the nasty has gone from the system it won't start up, you may get a message saying that 'such & such' failed to start in an error message... make note of it as youwill want to remove it too.
    Now go back into windows & remove the remaing folders & items within the folders... (item first, then folder is my prefered method).

    You should now also have control manager, uninstall programs & task manager from control panel back :-)
    You could try to remove the 'tool bar' & other funky stuff it calls itself... you may have success, I know I didn't my firts go...

    Once removed, you could remove all associated parts from the registry, only do this is you feel comfortble with digging around & changing registry items.
    If you don't do this, the every re-boot you will get an error message about that nasty not being able to load / start as it is corrupt or other such nonesense.

    Be assured that you have killed it 100% & just be wary of what you load in future or where you surf.

    Norton has a win 7 RC anti-virus beta, don't attempt to install it before doing all the above as this nasty knows what AV is & will either side step it or just stop you from running norton 100%.


    Hope that has helped you out & that it has cleared up the problem for you.

    PM me & let me know if it was indeed the problem & that it worked for you please.





    Tuesday, May 12, 2009 1:39 PM
  • Hmm...  Malware is certainly one possibility.  At least Homelesshobbit is running an x64 build of Windows which would suggest PatchGuard and KMCS should keep malware out of the kernel.

    I was thinking it sounded more along the lines of a misbehaving wireless driver that was causing excessive interrupts or DPCs.  The xperf trace should call this out pretty readily...
    Tuesday, May 12, 2009 1:44 PM

All replies

  • Hi Homelesshobbit,

    Perhaps it would be useful to try capturing an xperf trace.  For Windows 7, download and install the Windows 7 RC1 SDK which contains xperf 4.5.  Find xperf.exe on your system (may need to look for an MSI for the Windows Performance Toolkit and install that first).  Then, from a CMD prompt change to the folder containing xperf.exe and execute:
     xperf -on DiagEasy+PROFILE

    Then, just after reproducing the problem, run:
     xperf –d merged.etl

    Then, ZIP merged.etl and password protect it.  Upload the ZIP file somewhere, and share the location either publicly or privately.  Share the password privately with those you would have analyze the log.


    Have you tried disabling (via Device Manager) any wireless network devices?
    • Edited by No.Compromise Tuesday, May 12, 2009 10:00 AM fix name typo
    Tuesday, May 12, 2009 9:59 AM
  • It sounds to me that you have picked up some kind of malware / virri / trojan my friend.

    One that is hijacking your browser, attempting to 'dial home' & raping your network connection.

    I say this as I had something akin to it myself whilst using build 7xxxx befor going to RC.

    It was a bit of malware that had piggybacked on an application or had loaded from a webpage, I am leaning more towards piggybacking an app as it calls itself a toolbar & also shows up in a few other locations as.. wellI forget now.

    I managed to remove the said nasty during on of my limited times that it allowed me to access explorer...
    It protects itself well & will not allow you to access uninstall or even taskmanager via the control panel.

    However as it wasn't written for win 7 you can do the following things to get rid of it:

    Open task manager by right clicking on the toolbar by the clock (bootom right) & opening it from there, run through every process that's running, don't forget to click on 'show processes from all users' as this is where a part of it resides.

    Now as I cannot recall the exact names of the .exes & .dlls associated you will have to do what I had to do & that is to open your browser (IE8) & run google, obviously you recognize various processes, however you may not be 100% up on everything that runs under win 7 RC, so enter each process that you are not aware should be running into google until you find the culprit /culprits...

    The removal instructions I found were useless, so I did the next best thing, once aware of what they were named I located the folders they resided in & proceded to remove all traces, there will be portions that you cannot remove on the first attempt, remove each item in each folder one at a time, putting it into the trash & then empty the trash at each step of the process.

    Make note of the folder names & locations (also make not of the aliases that this nasty runs as, you will find it in other parts of windows, you will also need to remove these to)...
    You will need to go back & make other attempts to remove the folders & item within once you have gone through all of them & also stopped their processes running...
    One or two you maybe able to catch before it restarts itself...
    Anyways, with over 90% of what it needs missing, it is now time to restart...

    As integral parts of the nasty has gone from the system it won't start up, you may get a message saying that 'such & such' failed to start in an error message... make note of it as youwill want to remove it too.
    Now go back into windows & remove the remaing folders & items within the folders... (item first, then folder is my prefered method).

    You should now also have control manager, uninstall programs & task manager from control panel back :-)
    You could try to remove the 'tool bar' & other funky stuff it calls itself... you may have success, I know I didn't my firts go...

    Once removed, you could remove all associated parts from the registry, only do this is you feel comfortble with digging around & changing registry items.
    If you don't do this, the every re-boot you will get an error message about that nasty not being able to load / start as it is corrupt or other such nonesense.

    Be assured that you have killed it 100% & just be wary of what you load in future or where you surf.

    Norton has a win 7 RC anti-virus beta, don't attempt to install it before doing all the above as this nasty knows what AV is & will either side step it or just stop you from running norton 100%.


    Hope that has helped you out & that it has cleared up the problem for you.

    PM me & let me know if it was indeed the problem & that it worked for you please.





    Tuesday, May 12, 2009 1:39 PM
  • Hmm...  Malware is certainly one possibility.  At least Homelesshobbit is running an x64 build of Windows which would suggest PatchGuard and KMCS should keep malware out of the kernel.

    I was thinking it sounded more along the lines of a misbehaving wireless driver that was causing excessive interrupts or DPCs.  The xperf trace should call this out pretty readily...
    Tuesday, May 12, 2009 1:44 PM