CPU usage 100% case analysis
1, dllhost process causes CPU usage to occupy 100%
Features: server normal CPU consumption Should be below 75%, and CPU consumption should be ups and downs, the server with this problem, the CPU will suddenly be 100% level, and will not fall. Looking at the task manager, you can find that DLLHOST.EXE consumes all CPU idle time. In this case, the administrator has to restart the IIS service. The strange thing is that everything is normal after restarting the IIS service, but it may be a while. After the time, the problem reappeared.
Direct Cause:
One or more ACCESS databases are corrupted during multiple reads and writes. When the Microsoft MDAC system writes the corrupted ACCESS file, the ASP thread is in the BLOCK state. As a result, other threads can only wait, IIS is deadlocked, and all CPU time is consumed in DLLHOST.
Solution:
Install “First-class information monitoring and interception system", use the "Chief Document Checker IIS Health Checker" software,
”Find deadlock module>, set:
--wblock=yes
Monitor the directory, please specify the directory where your host's files are located:
-- Wblockdir=d:\\test
The file storage location of the generated log is in the log directory of the installation directory. The file name is: logblock.htm
Stop IIS, then start “ Inspector IIS Health Checker & rdquo;, then start IIS, & ldquo; Chief Document Checker IIS Health Checker & rdquo; will record the last written ACCESS file in logblock.htm.
After a while, when the problem comes out, for example, the CPU will be at 100% level again, you can stop IIS and check the last ten files recorded by logblock.htm. Note that the most problematic Often the ACCESS file of the counter class, for example: & rdquo; ** COUNT.MDB & rdquo;, & rdquo; ** COUNT. ASP & rdquo;, you can first delete the last ten files or suspected files to the recycle bin, and then start IIS, see if the issue reappears. We believe that after a careful search, you can definitely find this file that has taken you for a while.
After finding this file, you can delete it, or download it and fix it with ACCESS2000. The problem is solved.
2, svchost.exe caused CPU usage to occupy 100%
In the win.ini file, under [Windows], “run=” and “load=” It is possible to load the "trojan" program, you must pay careful attention to them. Under normal circumstances, there is nothing behind their equal sign. If you find that the path and file name are not the startup files you are familiar with, your computer may be in the middle of the "trojan". Of course, you have to see clearly, because a lot of "trojan", such as "AOL Trojan Trojan", it disguised itself as a command.exe file, if you do not pay attention, you may not find it is not a real system startup file.
In the system.ini file, under [BOOT] there is a "shell=filename”. The correct file name should be "explorer.exe", if not "explorer.exe", but "<;shell= explorer.exe program name”, then the program that follows is "trojan" program That means you are already in the "trojan".
The most complicated situation in the registry is to open the registry editor with the regedit command and click to: HKEY-LOCAL-MACHINE\\Software \\Microsoft\\Windows\\CurrentVersion\\Run” There is no auto-starting file that you are not familiar with in the key value. The extension is EXE. Remember here: Some of the files generated by the program are very similar to the system's own files. You want to pass the camouflage, such as “Acid Battery v1”. .0 Trojan & rdquo;, it will change the Explorer key value under the registry "HKEY-LOCAL-MACHINE\\SOFTWARE\\Microsoft\\Windows \\CurrentVersion\\Run" to Explorer=“C:\\Windows\\expiorer.exe”,&ldquo The difference between the Trojan & rdquo; program and the real Explorer is “i” and “l”. Of course, there are many places in the registry that can hide the "trojan" program, such as: "HKEY-CURRENT-USER\\Software\\Microsoft\\Windows \\CurrentVersion\\Run", and "HKEY-USERS\\**** The directory of \\Software\\Microsoft\\Windows\\CurrentVersion\\Run” is possible. The best way is to find the "trojan" virus under "HKEY-LOCAL-MACHINE\\Software \\Microsoft\\Windows\\CurrentVersion\\Run" Called "Code Red II (Red Code 2)" virus, contrary to the earlier "red code" virus in the Western English system, is called the VirtualRoot (virtual directory) virus internationally. The worm exploits known vulnerabilities known to Microsoft and spreads over 80 ports to other Web page servers. The infected machine can get full control of the infected machine by hackers running scripts/root.exe via Http Get request.
Previous12345678Next page Total 8 pages
With the development of technology, the capacity of hard disks is getting bigger an
The hard disk is responsible for storing the data in the computer, so the hard disk
Speaking of the browser, this is no stranger to everyone. Everyone has a browser th
in WinXP Some WinXP users have installed Windows XP and Windows Vista dual operating systems on the
Analyze the reasons for the computer's continuous crash
WinXP prompts this operation to be cancelled due to the limitations of this computer
Why is the text garbled when copying and pasting
Wi-Fi disconnection, don't panic, help you find the reason
What should I do if the XP system desktop IE icon is missing? How does the IE icon disappear?
Clever use of office tips Word to flash
The meaning of the WinXP system boot menu is
WinXP method to install Win7 system through PE toolbox
Notepad alternatives Tips for writing Weibo
Routers are also entering the era of wireless
What happened to the blue screen on the computer? Automatically restarted
How to use WeChat on a Win7 system computer
Windows 8.2 is expected to restore the full start menu function
How does Win7 solve the IP address conflict problem?
Win10 and win8.1 which is good Win10 and win8.1 contrast
Win10 clock application how to delete the alarm in batches