Coffeehouse Thread

16 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Weird CPU cycles

Back to Forum: Coffeehouse
  • User profile image
    W3bbo

    I spotted this a while ago, I've no idea what's causing it, but its all caused by the System process (plus the graph shows that its kernel times)

    What do you guys think?

  • User profile image
    Sven Groot

    I think that guy needs to have his pacemaker checked! Tongue Out

  • User profile image
    ZippyV

    Maybe it's a rootkit?

  • User profile image
    W3bbo

    Beer28 wrote:
    I think windows has LIMITED renicing in the taskman, I think it has a wopping 3 levels of process priority which it relabels as "thread" priority. I could be wrong though.

    Is the system process your init process?


    Only 3? ...how did you do on elementary maths:

    Task Manager lets me change the base priority for new threads to:

    Realtime
    High
    Above Normal
    Normal
    Below Normal
    Low

    So that's 6 levels, not 3.

  • User profile image
    eddwo

    The system process accounts for time used by kernel mode threads. Drivers such as antivirus filesystem filters can create kernel mode threads. An error in a virus definition update from Trend Micro earlier this year caused affected PCs to show 99%+ time spent by the System process, as everything else ground to a halt.

  • User profile image
    Minh

    I usually switch to the "Processes" view & sort on CPU descending & see which process pop up to the top.

    n.m. you already knew the offending process.

  • User profile image
    jonathanh

    W3bbo wrote:
    Beer28 wrote: I think windows has LIMITED renicing in the taskman, I think it has a wopping 3 levels of process priority which it relabels as "thread" priority. I could be wrong though.

    Is the system process your init process?


    Only 3? ...how did you do on elementary maths:

    Task Manager lets me change the base priority for new threads to:

    Realtime
    High
    Above Normal
    Normal
    Below Normal
    Low

    So that's 6 levels, not 3.
    It's even more levels than that. A quick check with procexp shows that "realtime" actually maps to level 24, "high" to level 13, "normal" to level 10, and then all the way down to "idle" at level 4.

  • User profile image
    W3bbo

    Guys.... this thread has digressed long enough.

    What's causing my strange kernel behaviour!?

  • User profile image
    RobChartier

    Hit sysinternals.com and grab thier Process Explorer tool.  Find the offending process and then use that tool to dig into the process.  You can list all the DLL's which are involved and such.  Find any *weird* one's.  Typically you can/should be able to ignore all the Microsoft one's and focus on the others.  It should be obvious at that point what is causing it.

  • User profile image
    W3bbo

    RobChartier wrote:
    Hit sysinternals.com and grab thier Process Explorer tool.  Find the offending process and then use that tool to dig into the process.  You can list all the DLL's which are involved and such.  Find any *weird* one's.  Typically you can/should be able to ignore all the Microsoft one's and focus on the others.  It should be obvious at that point what is causing it.


    I already explained that its the System Kernel causing the spikes.

  • User profile image
    JChung2006

    Use Process Explorer.  It gives you more information about process activity and resources than Task Manager.

  • User profile image
    msemack

    W3bbo wrote:

    I already explained that its the System Kernel causing the spikes.


    "System" is a loose term that referrs to just about anything running in kernel mode.

    It could be some form of malware.  It could also be a mis-behaving driver.

    Process Explorer from Sysinternals can give you the details of what's actually executing.

  • User profile image
    SlackmasterK

    I think we're all missing the most important point here... why are you running MSN messenger? Trillian's the way.

  • User profile image
    NeoTOM

    SlackmasterK wrote:
    I think we're all missing the most important point here... why are you running MSN messenger? Trillian's the way.


    Trillian is what it is: a glorified AIM client. Nothing more. MSN has many more features, none of which AIM or Trillian support.

    Also, that's Windows Messenger, tard.

  • User profile image
    W3bbo

    SlackmasterK wrote:
    I think we're all missing the most important point here... why are you running MSN messenger? Trillian's the way.


    I run Windows Messenger Smiley

  • User profile image
    Wells

    If I were you I'd run Rootkit Revealer, just to make sure there aren't any nasties lurking in your kernel:

    http://www.sysinternals.com/utilities/rootkitrevealer.html

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.