CPU usage 100% case analysis
1, dllhost process caused CPU usage to occupy 100%
Features: The server normal CPU consumption should be below 75%, and CPU consumption should be up and down Ups and downs, the server with this problem, the CPU will suddenly be 100% level, and will not fall. Looking at the task manager, you can find that DLLHOST.EXE consumes all CPU idle time. In this case, the administrator has to restart the IIS service. The strange thing is that everything is normal after restarting the IIS service, but it may be a while. After the time, the problem reappeared.
Direct Cause:
One or more ACCESS databases are corrupted during multiple reads and writes. When the Microsoft MDAC system writes the corrupted ACCESS file, the ASP thread is in the BLOCK state. As a result, other threads can only wait, IIS is deadlocked, and all CPU time is consumed in DLLHOST.
Solution:
Install “First-class information monitoring and interception system", use the "Chief Document Checker IIS Health Checker" software,
”Find deadlock module>, set:
--wblock=yes
Monitor the directory, please specify the directory where your host's files are located:
-- Wblockdir=d:\\test
The file storage location of the generated log is in the log directory of the installation directory. The file name is: logblock.htm
Stop IIS, then start “ Inspector IIS Health Checker & rdquo;, then start IIS, & ldquo; Chief Document Checker IIS Health Checker & rdquo; will record the last written ACCESS file in logblock.htm.
After a while, when the problem comes out, for example, the CPU will be at 100% level again, you can stop IIS and check the last ten files recorded by logblock.htm. Note that the most problematic Often the ACCESS file of the counter class, for example: & rdquo; ** COUNT.MDB & rdquo;, & rdquo; ** COUNT. ASP & rdquo;, you can first delete the last ten files or suspected files to the recycle bin, and then start IIS, see if the issue reappears. We believe that after a careful search, you can definitely find this file that has taken you for a while.
After finding this file, you can delete it, or download it and fix it with ACCESS2000. The problem is solved.
2, svchost.exe caused CPU usage to occupy 100%
In the win.ini file, under [Windows], “run=” and “load=” It is possible to load the "trojan" program, you must pay careful attention to them. Under normal circumstances, there is nothing behind their equal sign. If you find that the path and file name are not the startup files you are familiar with, your computer may be in the middle of the "trojan". Of course, you have to see clearly, because a lot of "trojan", such as "AOL Trojan Trojan", it disguised itself as a command.exe file, if you do not pay attention, you may not find it is not a real system startup file.
In the system.ini file, under [BOOT] there is a "shell=filename”. The correct file name should be "explorer.exe", if not "explorer.exe", but "<;shell= explorer.exe program name”, then the program that follows is "trojan" program That means you are already in the "trojan".
The most complicated situation in the registry is to open the registry editor with the regedit command and click to: HKEY-LOCAL-MACHINE\\Software \\Microsoft\\Windows\\CurrentVersion\\Run” There is no auto-starting file that you are not familiar with in the key value. The extension is EXE. Remember here: Some of the files generated by the program are very similar to the system's own files. You want to pass the camouflage, such as “Acid Battery v1”. .0 Trojan & rdquo;, it will change the Explorer key value under the registry "HKEY-LOCAL-MACHINE\\SOFTWARE\\Microsoft\\Windows \\CurrentVersion\\Run" to Explorer=“C:\\Windows\\expiorer.exe”,&ldquo The difference between the Trojan & rdquo; program and the real Explorer is “i” and “l”. Of course, there are many places in the registry that can hide the "trojan" program, such as: "HKEY-CURRENT-USER\\Software\\Microsoft\\Windows \\CurrentVersion\\Run", and "HKEY-USERS\\**** The directory of \\Software\\Microsoft\\Windows\\CurrentVersion\\Run” is possible. The best way is to find the "trojan" virus under "HKEY-LOCAL-MACHINE\\Software \\Microsoft\\Windows\\CurrentVersion\\Run" Called "Code Red II (Red Code 2)" virus, contrary to the earlier "red code" virus in the Western English system, is called the VirtualRoot (virtual directory) virus internationally. The worm exploits known vulnerabilities known to Microsoft and spreads over 80 ports to other Web page servers. The infected machine can get full control of the infected machine by hackers running scripts/root.exe via Http Get request.
There is a folder TEMP under the WINDOWS directory. This folder is the main system variable generati
Windows XP system memory read and write errors are often problems in our use, especially when we run
If you are a careful person, you will find a lot of useful tools hidden in the support directory of
Normally, a computer on the LAN must pass through the port if it wants to successfully access the sh
If the MSN can not log in under Windows
Introduce several first aid methods after Windows XP system crashes
How can I make the computer faster after reinstalling the system? (2)
Masters don't want to slow down: XP quickly starts the latest tips
WinXP: Ten cool application tips
Teach you how to refuse Trojans to read your hard disk
Disable five functions to make the XP system extremely fast.
Four ways to safely remove Windows XP SP2
Dust removal guide for computer maintenance tutorials
Microsoft accepts reality, provides iOS and Android management tools
Win7 wireless network connection limited solution
How to uninstall IE9 and then restore to IE8?
How does Win7 share folders? Win7 shared folder tutorial
Win10 system prompts windows can not install the required files and error code 0X80070570 solution
Win8 start menu alternative application Pokki users up to 500,000
Using Windows 7's own features to protect USB hard drive data
The perfect strategy for installing .Net3.5 under Win8