i never thought i'd say it but win2k is giving me troubles :(

it's only started happening today, but at random times services.exe decides to consume all of my cpu cycles. sometimes this lasts for up to 5 minutes, rendering my computer unusable :mad:. i tried restarting but the same thing happened on startup even before any tray icons had loaded. i've also tried stopping a few services and some like the nvidia driver helper servive stopped fine. others wouldn't stop at all saying that the service did not respond in the expected time period or something.

anyone got any ideas? screeny below:

have you tried shutting down all those extra apps you have going there.. esp vmware?

my copy of services.exe is sitting on 0% usage.. then again seti is stealing all the usage ;)

whetu: yup tried closing everything down and then going back to playing warcraft 3 but it still does it. one thing i have noticed is that the number of threads keeps increasing as you can see in the shot below. it looks like somethings really fu><0r3d to me so i might either reistall or..... *gasp* upgrade to xp. :(

footnote: as i finish typing this the thread count has risen to 554... wtf??

Jesus you have a lot of apps running...... what the hell do you do if you wanna run a 2001 benchie?!?!? :eek:

Closing Apps isn't going to help with services.exe at all, thats the service control manager so its "services" you need to be looking at

Make sure you've not got Indexing setup on your drives, that will cause similar perf issues

I.R: yea i know, my 2001 benchies could probably be a lot better if i closed stuff down and did a clean reboot but it doesn't worry me enough to bother. i have 512mb of ram anyway :)

Gremlin: yea you're right. indexing service has been disabled as long as i can remember and still is, but i dont think it would cause the computer to almost freeze while it indexed...

i'm having a go with the system file checker (sfc.exe) now.

/edit: btw thread count is up to 910!! :eek:

all the vmware services are now disabled and i tried the system file checker. this time it hasn't done it within the 3 minutes since i reset so here's hoping.

this is what i would consider normal, 37 threads. there must have been something funny going on before:

got virus?

(hey, never hurts to ask)

Originally posted by SilverPriest

got virus?

(hey, never hurts to ask)
i would just like to point out something from the first post ;) :D:

I get 15 threads of task manager, if thats any help.

yea thanks deviant, i kinda realised that 910 threads was a bit much tho!! :D

your 15 does make my 37 seem high. but it's remaining constant now and not climbing, in fact its dropped to 36 so it seems to be ok. it seems to me that the threads keep opening and every 5 minutes or so services.exe checks itself and has to scan lots of threads.

this restart it's working fine but i'm not convinced that the problem is fixed for good. :confused: plus it also happened to my last install of win2k and was part of the reason that i reinstalled then, so i figured fixing it now might save me a few reinstalls later ;).

thanks for your help guys! :)

You instaled any software lately, namely Winamp3 beta3. Ppl had heaps of problems with this and high cpu usages including me.

The College I'm at had a similar problem with WINLOGON.EXE it ended up being the Klez virus.

Could be worth grabbing the removal tool and giving that a shot.

A few things that are always a good idea to do regularly:

1) Update your virus definitions and do a full scan..

2) Download the latest version of Ad Aware, run that and remove all the spy / adware crap on your system. This might break some applications (eg: getright non registered version). In any case you should really consider non ad alternatives in this situation (eg use the nice Kaaza Lite (open source) rather then Kaaza).

3) Open up the registry editor (start menu > run > regedit) and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run ....Look at what's there.. remove the crap you don't want running at startup. Post a screenshot or ask if you're worried about deleting something important.

4) Goto the control panel, open administraive tools, and goto services. You common sense and some of the many guides on the net to determine what you don't need running and set them to manual rather then automatic.

That'll do for now from me ..

thanks ragnor :)

already done the services thing and my virus scanner is using the absolute latest virus defs but i haven't done a full scan in donkey's years ;). may as well set it going tonight err... *looks at time* this morning.... :p

easier than opening up the registry is using the xp version of msconfig :).

Sydog: nope, the most recent software i installed was direct connect so i dont think it's that. i dont have winamp3 installed and even if i did it wouldn't matter because the problem is specifically with services.exe.

i think using sfc has worked however because i haven't had a freeze since i last rebooted (7 hours ago). i didn't know it existed until i thought about win98 and what i used to do when something weird happened and that was to go start, run, sfc.

the win2k version is a console proggie however and it also asks you for the win2k cd, making it quite different from the 98 version. but it's much better too. worth a shot if you have a problem you cant fix.

Yeah - I'm using XP, and my services.exe is a 15 thread process too.

It'll either be a virus or a fubar'd kernal. Either way it's not good. It WILL NOT be any program or user process on your system causing this - services.exe is a kernal process, so I doubt a user process could do any more than wake all its threads ( and there won't be 500 of those.... ).

that screams virus/trojan to me... considering the SERVICES.EXE is sitting above the "System Idle Process" and "System" entries... AFAIK this should never happen.

it could possibly be a DOS attack trojan (looking by the number of threads). if it's new your AV software won't have a clue.

my advice: reinstall. NOW.

:D

edit - have a look what Google (http://www.google.co.nz/search?q=%22SERVICES.EXE%22+trojan&ie=UTF-8&oe=UTF8&hl=en&lr=) turns up...

Originally posted by mird-OC
my advice: reinstall. NOW.


Sorry, should have said that. DITTO ;).

I wouldn't bother playing cat and mouse with it, I'd just re-install my entire boot sector. That ought to do it :D.

Hmmm - he's awfull quiet all of a sudden....

:eek: :eek:

:p

Good God, you mean i could be right!
Whats next? Sliced bread?
Those horseless carts! :eek:
Bah, hash browns kick ass :D
And norton aint all that and a pack of potato chips if ya know w0t im saying.
*shrugs*
*In santa claus voice*
McAfee!, Norton!, inoculateit!...........
Yeah u get where im going.
And i'm going to get coffee!

oh yeah, and since you're at uni, check your international traffic usage... just in case ;)

sorry, been away for a while, my internet account has been disabled!!

this has me worried guys....

few things.

firstly some of the regkeys present list on the mcafee site were in fact there (telnet server stuff), although it seems that the last one wasn't, which is the only one specific to the trojan. i have removed (after backing up of course) those keys. i really dont want to reinstall.

next, international usage....
yes there was something that i considered odd:
25-JUN-2002 20:39 W r 1 h186n2fls32o1115.telia.com 28012 1.96

the format for the above is date, time, ?, ?, ?, dns name, size in KB, cost. 27mb is a lot tho so i assumed it was someone on direct connect.

25th of June was the date and i posted this problem on the 26th...

i am looking further into this since a reinstall would take me a long time....

i've decided that it's not a trojan. NAV is up to date and a trojan scanner i downloaded turns up clean. whats more, the windows system file checker comes clean aswell.

thanks for your helpful suggestions guys. :)

Yeah that does sound like someone on Direct Connect. I've had to quick a few people from telia.com

for those who are interested... the problem is fixed ;).

after reinstalling win2k failed (you know, the repair reinstall), i noticed in the event view that i was getting a lot of type 7011 errors. these all turned out to be the same thing; "timeout (30000ms) waiting for response from dnscache service" (or words to that effect).

i looked in the service manager for it but there was no dnscache at all. so to disable it i had to edit the registry. after a restart all is well. :)

i'm not sure what the dnscache service did exactly but its name seems to give a good indication. all is well without it anyway and the cpu time on services is down to 1 second. finally! :) thanks for getting me worked up about a trojan guys!! lol :p.

good to hear, well done.

what/where was the reg entry Alex???
PS: uptime 108 hrs and going strong :p

PPS: found it....

yea its not hard to find binky.

HKLM\SYSTEM\CurrentControlSet\Services\Dnscache
i changed "Start" to 0 which i assume is disable since it was set to 2 which is obviously automatic :).

104 hours... dammit if you beat me i might have to better it again :p. problem is i tinker too much :confused:.

BWAHAHAHAHAAA....

BOW TO THE MASTER.
or something....

My record ( and no, not my box - I upgrade too often ) is over 670hours ( it crashed on the 29th day ).

IN WINDOWS ME!!

BOOYAKA!!

NT4... took it down because it was in my ex flatmate's bedroom and I was sick of him treating it like 1) a toy 2) as if he owned it

Nice. Very nice.

After the upgrades to the family rig are finished, I'm contemplating buying them XP and seeing how long I get things with an NT OS. Should be interesting.....

Was that boxen a DHCP/firewall/whatever server before you learned the ways of teh Slackware? :D

i set it to 3 (manual)
just passed 5 days.....this is about the longest i've been up ever.....(its the new PSU thats doing it)
might stay up till L3...altho i realy wanna rip another DVD or two and that requires installing the DVD drive....oh well...

Originally posted by KingJackal
Was that boxen a DHCP/firewall/whatever server before you learned the ways of teh Slackware? :D

talking to me? That boxen was and still is a DHCP/Domain server/file server (most of the files served were common installation files like the irfanview installer, various patches etc) and in its spare time it crunches seti at the amazing rate of a unit per day + 17 or so hours ;) which explains my high time per unit rate :D

As for slackware

...

I havent touched slackware in a long time.. and back when i did play with it I was totally out of my league.. and I probably still am...