none
Winmgmt.exe holds the CPU upto 99% all the time RRS feed

  • Question

  • We have one Windows 2000 SP4 running Oracle database. We're facing a problem that the machine is really slow to response. After an investigation, we found that a process called Winmgmt.exe is holding almost 100% of the machine's cpu. I tried to search for the solution and found one article from Microsoft (http://support.microsoft.com/default.aspx/kb/830075) that setting the WMI logging level to "errors only" should help. But it's already set to "errors only" in my Win 2000 machine. Is it possible that my Winmgmt.exe is infected by a malware or virus? Anyone could give me a solution to investigate further on this?

    Thanks,

    chaiyong
    Sunday, November 15, 2009 3:35 AM

Answers

  • Hi,

     

    Thanks for the post.

     

    Please check if this issue occurs in Clean Boot Mode.

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:

    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.  

    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Does it work?

    Meanwhile, please collect the Process Explorer log for further research.

     

    1. Please download Process Explorer from the following link:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

     

    2. Open Process Explorer, click View->Lower Pane View->DLLs

    3. Now please highlight the "Winmgmt.exe" process and then click “File”->”Save”.

    4. Use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give me the download address.

     

    Thanks,

     

    Miles

    Monday, November 16, 2009 4:01 AM
    Moderator
  • Hi,

     

    Thanks for the post.

     

    Please check if this issue occurs in Clean Boot Mode.

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:

    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.  

    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Does it work?

    Meanwhile, please collect the Process Explorer log for further research.

     

    1. Please download Process Explorer from the following link:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

     

    2. Open Process Explorer, click View->Lower Pane View->DLLs

    3. Now please highlight the "Winmgmt.exe" process and then click “File”->”Save”.

    4. Use Windows Live SkyDrive (http://www.skydrive.live.com/ ) to upload the file and then give me the download address.

     

    Thanks,

     

    Miles


    Hi Miles,

    Thanks for you reply. It is very informative & helpful. However, I just found the root cause of the problem yesterday. The problem is caused by a third-party program called PRTG Network Monitor which probes all the registered machin by using WMI. I believe that why winmgmt.exe holds almost of the CPU time. After remove my Windows 2000 server out of the PRTG program. The cpu fell down to be around 1% - 5% again.

    Thanks all of you guys for helping me on this problem :-)

    Chaiyong
    chaiyong
    • Marked as answer by chaiyong Thursday, November 19, 2009 4:25 AM
    Thursday, November 19, 2009 4:25 AM

All replies

  • Hi

    Have you seen this KB article to resolve this issue.

    http://support.microsoft.com/kb/830075

    Thanks...

     


    Deva --Self-trust is the first secret of success.
    Sunday, November 15, 2009 8:20 AM
  • Hi

    Have you seen this KB article to resolve this issue.

    http://support.microsoft.com/kb/830075

    Thanks...

     


    Deva --Self-trust is the first secret of success.
    Yeah, I already checked that out. But the logging level on my Windows 2000 server is already set to "Error only." So, it doesn't help solving my problem. :-(

    chaiyong
    Monday, November 16, 2009 1:57 AM
  • Hi,

     

    Thanks for the post.

     

    Please check if this issue occurs in Clean Boot Mode.

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:

    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.  

    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Does it work?

    Meanwhile, please collect the Process Explorer log for further research.

     

    1. Please download Process Explorer from the following link:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

     

    2. Open Process Explorer, click View->Lower Pane View->DLLs

    3. Now please highlight the "Winmgmt.exe" process and then click “File”->”Save”.

    4. Use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give me the download address.

     

    Thanks,

     

    Miles

    Monday, November 16, 2009 4:01 AM
    Moderator
  • Hi,

     

    Thanks for the post.

     

    Please check if this issue occurs in Clean Boot Mode.

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:

    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.  

    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Does it work?

    Meanwhile, please collect the Process Explorer log for further research.

     

    1. Please download Process Explorer from the following link:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

     

    2. Open Process Explorer, click View->Lower Pane View->DLLs

    3. Now please highlight the "Winmgmt.exe" process and then click “File”->”Save”.

    4. Use Windows Live SkyDrive (http://www.skydrive.live.com/ ) to upload the file and then give me the download address.

     

    Thanks,

     

    Miles


    Hi Miles,

    Thanks for you reply. It is very informative & helpful. However, I just found the root cause of the problem yesterday. The problem is caused by a third-party program called PRTG Network Monitor which probes all the registered machin by using WMI. I believe that why winmgmt.exe holds almost of the CPU time. After remove my Windows 2000 server out of the PRTG program. The cpu fell down to be around 1% - 5% again.

    Thanks all of you guys for helping me on this problem :-)

    Chaiyong
    chaiyong
    • Marked as answer by chaiyong Thursday, November 19, 2009 4:25 AM
    Thursday, November 19, 2009 4:25 AM
  • Hi Chaiyong,

    I am glad to hear that the issue has been resolved. Hope you will enjoy our TechNet Forum.

    Thanks,

    Miles
    Thursday, November 19, 2009 5:49 AM
    Moderator