Crazy windows 7 computer

I have this computer at the office that is driving me crazy, it has Antivirus, I've even performed an off line scan and found nothing interesting. But out of the blue, ten or more random processes will use ten or so percent CPU each. Anyone seen anything like that on windows 7 x64?

What are the executables for these processes?

BTW, this is one of the most helpful articles I've run across about figuring out what the processes are and how they were launched.

You can figure out a lot by just adding the "Image Path Name" and "Command Line" columns to your Task Manager view.

I remember using a program awhile back that allowed you to look at what DLLs a process was using in a tree (like Process Explorer) which is really helpful since there are many types of malware that are contained in DLLs and launched by svchost.exe as a service. I can't remember what that program was called.

Edit: I just remembered. It's Spy++. LOL

@cbae:

@JoshRoss: If you add the "Command Line" column to Task Manager, you can figure out which Windows Service that svchost.exe is running.

I'd be tempted to ( a) check all drivers are up to date and (b) run Rootkit Revealer on the system. Time spent in drivers that are misbehaving can appear as random applications clocking up high CPU levels in Task Manager.

@JoshRoss: Based on the facts given so far that could be anything (legit and not legit).  Need more facts.

Download SysInternals Suite

Run ProcExp.exe

File - Show Details for All Processes

Options - verify signatures

View - select columns - Description, Company Name, Verfied Signer, Image Path, Image Type, Command Line, DEP Status

What are the specifics of the processes in question?

Try turning off your virus scanner, it's more of a pain then an actual virus.

If the indexer and Kaspersky are indeed on that list then something might be writing data to disk. Resource Monitor will show you which processes are doing disk I/O, and what files they are accessing.

3 hours ago, Maddus Mattus wrote

Try turning off your virus scanner, it's more of a pain then an actual virus.

Kind of like condoms...

Anyway.  If this is an office computer, do you have system administration staff?  I worked at one location where the blind trolls who worked in that department set up windows update to check the system in the middle of the day.

It appears that it was a heating issue. After blowing out the heat sink, it works miraculously well. Sysinterals Process Explore is what I used to verify the signatures in the first place.

Awhile back, blowdart mentioned something about an offline scanner offered on Connect, so I used that to check for the nasty bits.

Anyways, working in a relatively small office, I have to wear many hats; one of a programmer, another as a chimney sweep.

-Josh

@JoshRoss: You should also consider replacing the thernal grease between the CPU and heatsink. My notebook used to have freezing issues, and last year when I pulled off the heatsink to upgrade the CPU, I found that the thermal grease had completely dried up. After the replacing the CPU and applying a fresh coat of grease, I've had maybe one freeze since.

Anyways, working in a relatively small office, I have to wear many hats; one of a programmer, another as a chimney sweep.

I hear that.  Kudos on the diag.

I didn't know about adding other columns to Task Manager. Command Line is very useful information.

22 hours ago, cbae wrote

@JoshRoss: If you add the "Command Line" column to Task Manager, you can figure out which Windows Service that svchost.exe is running.

1 day ago, cbae wrote

@JoshRoss: If you add the "Command Line" column to Task Manager, you can figure out which Windows Service that svchost.exe is running.

Well, that's the most usefull thing I've learnt this year!

That's right up there with having File Extensions show all the time in the list of things that should be on by default.

24 minutes ago, PerfectPhase wrote

*snip*

Well, that's the most usefull thing I've learnt this year!