Ping IT guys - XP 100% CPU question

Discussion in 'NZ Computing' started by ~misfit~, Dec 13, 2013.

  1. ~misfit~

    ~misfit~ Guest

    Hi folks,

    I've noticed in the last year or so that a machine running XP that has
    missed updates (been in stoarge) will often run at 100% CPU for a while (up
    to ~30mins was the previous longest I've seen). However as soon as it
    connects with Windows Update the CPU usage drops back to normal (1 - 5% or
    so). (I have all my machines set to check for updates and the check with
    me - so I don't get driver updates I don't want etc.)

    It's svchost.exe that's the culprit - but that's not saying much as there
    are multiple instances of svchost in Task manager, variously described as
    'SYSTEM' 'LOCAL SERVICE' or NETWORK SERVICE'. The one that's to blame in
    these cases is labeled as 'SYSTEM'.

    This hits me quite hard as I've ended up with a collection of Pentium M
    ThinkPads (that I'd originally bought to refurbish and sell on but then the
    arse fell out and I found I couldn't even recoup the price of the RAM and
    HDD upgrades yet alone my time). Consequently I've kept some... Maybe 10.

    I've got a ThinkPad here that I want to use to monitor my CCTV. I've been
    running it on-and-off for three days and it's doing as above - but not
    finding updates this time. :-( So it's constantly on 100% CPU and almost
    completely unresponsive - and I've let it run for half a day at a time with
    no change. I wonder if it's due to MS pulling XP update servers? I fired up
    another TP last month to give to my folks and it sorted itself out after an
    hour or two. LOL, at first they didn't want it desite the beautiful IPS
    screen as it was totally unresponsive but once it updated they were rapt
    with it.

    Oh, I just did a quick Google before posting and it seems that, unlike the
    last time I Googled it a couple of weeks ago, I get lots of hits and the
    general community is aware of it and the cause.
    .... seem to be the best description of the issue. I've turned off Auto
    Updates and it's running fine now. I',m pleased to see I was right about the
    cause when I first diagnosed it maybe six months back (but couldn't find
    corroborating evidence back then).

    Oh well I'll post this anyway in case anyone else is having the same

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 13, 2013
    1. Advertisements

  2. ~misfit~

    Malcolm Guest

    Have they stopped XP updates already?

    Since you have 10, install openSUSE on one, or download a live cd and
    try it out....?
    Malcolm, Dec 13, 2013
    1. Advertisements

  3. ~misfit~

    Your Name Guest

    Apparently lots of Windoze users have. Try these links for fixing
    runaway SVCHost.exe CPU usage ...

    It should also be noted that "SVChost.exe" is simply a generic and
    meaningless process name, which can also sometimes be malware ...

    It's been a while, but I think that was one of malware processes that
    eventually killed my mother's old Windows 2000 PC and was never
    recognised or removed by the likes of Avast and AVG.
    Your Name, Dec 13, 2013
  4. ~misfit~

    ~misfit~ Guest

    Hi Malcolm. :)
    No, I think that's due in about a year. However the servers seem slow.
    Ehhhh.... I've tried several alternative operating systems over the years
    but the thing is these ThinkPads were designed to run XP - with drivers for
    XP (and even for Visa / 7 for some) available. When I want to use one I want
    just that - not to spend hours / days getting it all running right. Not only
    that but one of the things I love about them is that I can run Notebook
    Hardware Control under XP and underclock the CPUs (often significatly) which
    hugely reduces heat, heat stress and power usage.

    Hope you're well, best to you and yours.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 14, 2013
  5. ~misfit~

    ~misfit~ Guest

    Thanks, bookmarked for later perusal.
    Yep, discovered that ages ago when I first had trouble (as noted above, that
    there are multiple instances running).
    Ok, I can see how that would happen.


    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 14, 2013
  6. ~misfit~

    Your Name Guest

    Unfortunately because it is just a generic name, there can legitimately
    be multiple instances running. Which is no doubt partly why the
    anti-virus software doesn't find it and why the scum writing malware
    use it.
    Your Name, Dec 15, 2013
  7. ~misfit~

    David Empson Guest

    8 April 2014, to be precise (presumably in the US, so 9 April for us).

    Less than four months away, but XP still accounts for more than 1/3 of
    all web site accesses from computers running Windows.
    David Empson, Dec 15, 2013
  8. ~misfit~

    Enkidu Guest

    svchost.exe is simply the software that allows stuff to run as a
    service. Not all services run under svchost, but some do. I believe all
    manually created services do as well as some programmatically created
    services. Most virus software is able to detect viruses that pretend to
    be svchost.exe.


    Enkidu, Dec 15, 2013
  9. ~misfit~

    Your Name Guest

    I never said everything was called that ... although in hopeless
    Microsoft world it wouldn't have surprised me in the least. :)

    Apparently they can't detect them since neither AVG nor Avast (used
    individually at different times and properly updated regularly) ever
    stoped malware appearing on my mother's old Windoze computer.
    Your Name, Dec 15, 2013
  10. ~misfit~

    Enkidu Guest

    There is no evidence that an infection of svchost.exe is how malware
    appeared on your mother's PC.

    The process by which services run is what is called a bootstrap process.
    Because services run from DLLs (dynamic libraries) and windows only runs
    ..exes, the svchost process is a stub executable which loads the service
    DLL. That's why they are different in size. The virus software should be
    able to look at the DLL which the svchost.exe stub loads. svchost.exe
    itself is irrelevant.


    Enkidu, Dec 15, 2013
  11. ~misfit~

    Your Name Guest

    Some of it was indeeed from that method.

    The technicaltilies behind it makes no difference to the facts that
    svchost.exe can be malware and, like lots of malware, is not always
    recognised nor stopped by so-called leading anti-malware software.
    Your Name, Dec 15, 2013
  12. ~misfit~

    ~misfit~ Guest

    AV software is the ambulance at the bottom of the cliff. It's up to the user
    to maintain the fence at the top.

    IOW a computer would need to be running multiple programmes at once - all
    updated regularly, running as background scans and run as full scans several
    times daily to compensate for bad computing practice.

    I have serviced several computers over the past 15+ years, mostly owned by
    'users' in the worst sense of the word. In all that time I've only struck
    three of four genuine virus issues. However I've instructed the users to
    never isert or run any media that has been used in someone else's computer
    without checking with me first - and I *don't* want to be bothered by silly

    First line of defence is controlling what gets on to the machine. You can't
    expect /free/ AV to take the place of good practice.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 16, 2013
  13. ~misfit~

    ~misfit~ Guest

    Thanks, I'd forgoten the date.

    What MS don't seem to realise is that there are still some quite capable
    machines in use that were sold during the XP years. I think this is the
    first time such a thing has happened for them - it's been common practice in
    the past that, by the time an OS becomes obsolete, the machines running it
    OEM are on their last legs. Things have changed.

    IMO MS have an obligation to the people who paid the 'MS tax' when they
    bought their computers - an obligation that doesn't stop just because they
    have decided on a date to stop it.

    (Unless of course they provide a free replacement OS that is about as easy
    on hardware requirements as XP is and will be compatible with all software
    that XP currently runs - i.e. *not* W7 and an XP VM. The reason I am still
    using XP on most of my machines is because they run it well and the software
    that I want to run doesn't do as well on later OSes - I have 10 licence COAs
    for both W7 and W8 but my ThinkPads that were very fast with XP struggle
    with these later OSes - and then can't run software that I want to run..)

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 16, 2013
  14. ~misfit~

    ~misfit~ Guest

    Somewhere on teh intarwebs ~misfit~ wrote:
    D'oh! That should have read 'undervolt' the CPU - although with NHC you can
    underclock as well.

    I have a couple of Pentium M 1.6 / 1.7Ghz CPUs that will run Prime95-stable
    on under 1v vcore at full speed - instead of the 1.34v they run normally.
    The end result is a huge drop in temps when you peg the CPU at 100% (as a
    lot of facebook games etc. do), really huge. The difference between ~75 C
    with the fan running full speed and >50 C with the fan idle.

    Not all Pentium M CPUs are created equal in this regard though. However you
    can expect in the region of a ~15% drop in vcore for any Banias and ~25% for
    a Dothan. Some CPUs respond better than others, the same as the old days
    with overclocking.

    Incidently NHC works with C2Ds (and XP) too - the T7400 T7400 LF80537GF0484M (BX80537T7400).html
    in this T60 will run at 0.95v (the lowest setting for a C2D) for the first
    six speed-steps / multipliers - 6x to 11x and only needs 0.975v for 12x -
    but jumps to 1.0125v for the full 13x / 2.16Ghz. That's compared to starting
    at .95 for 6x and increasing incrementally to 1.3v at full speed. If I set
    NHC to not step right up to 2.16, instead topping out at 2Ghz the vcore is
    an impressive 0.975 instead of 1.26v. That's a huge heat-output drop.

    That alone is worth persisting with XP for. Sadly NHC doesn't run (properly)
    under later MS OSes *or* alternate non-MS OSes (TTBOMK).

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1).
    [Sent from my OrbitalT ocular implant interface]
    ~misfit~, Dec 16, 2013
  15. ~misfit~

    Your Name Guest

    It was my mother's computer, so it was only ever used for email with
    half-a-dozen known people and an occasional website like TradeMe. No
    media was ever inserted, no "weird" applications were ever run.
    Your Name, Dec 16, 2013
  16. ~misfit~

    Your Name Guest

    The people who want to continue using XP can do so. Just because
    Microsoft won't be issuing updates doesn't mean the OS is suddenly
    broken or useless. It's just as good as it was the day before, and the
    anti-malware applications (for what they're worth) will continue to
    support it sa long as there are "enough" users.
    Your Name, Dec 16, 2013
  17. ~misfit~

    Enkidu Guest

    Maybe, but there is no issue with antivirus programs finding stuff that
    runs under sychost.exe. That was my point. Unless for some reason you
    tell it not to check DLLs of course!
    It is. It is always found by up to date antivirus software. The
    occasional one may be missed by one antivirus program but the next
    update (probably the next day) will nail it. It makes NO difference that
    it runs under svchost.exe.


    Enkidu, Dec 16, 2013
  18. ~misfit~

    Enkidu Guest

    Exactly. But people don't listen. I've known people who have been told
    not to plug stuff or opening emails hundreds of times and who still get
    infected by plugging stuff in or opening emails. They even switch the
    antivirus off (if they are allowed to) because it wouldn't allow them to
    plug stuff in or open emails.


    Enkidu, Dec 16, 2013
  19. ~misfit~

    Your Name Guest

    It's not relevant how the malware gets there. The point was that NONE
    of the anti-malware software sees nor stops all of the malware, even if
    you're constantly updating it.

    Nope. That's way there was always malware on that computer, and why it
    eventually killed itself.
    Your Name, Dec 16, 2013
  20. ~misfit~

    Enkidu Guest

    Bollocks. Go and take a computer course at your local community college.
    It was on there because someone let it on there.


    Enkidu, Dec 16, 2013
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.