Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: High CPU usage caused by cmd.exe

339 views
Skip to first unread message

Jon

unread,
Dec 10, 2006, 9:52:50 AM12/10/06
to

"Carbonated" <Carbo...@discussions.microsoft.com> wrote in message
news:8A739C57-78D1-4B58...@microsoft.com...
>A process 'cmd.exe' appears in the task manager after a few minutes i
>start
> up my computer and uses the most cpu usage which caused my cpu usage to
> 100%
> and made my computer very lag...
>
> So, everytime i start up my computer, i will wait for it to appear in the
> task manager and end it before i open any other applications and im
> getting
> bored of doing so.
>
> And im suspicious the 'cmd.exe' which uses a lot of cpu usage isn't the
> original 'cmd.exe' because last time i opened task manager and the
> 'cmd.exe'
> is in the 'processes' tab with a lot of cpu usage.. then, before i end it,
> i
> went to start > run > cmd, then another process called 'cmd.exe' appeared
> and
> did not use any cpu usage.. means totally have 2 'cmd.exe' processes in my
> task manager which one of them used the most cpu usage and the other one
> did
> not use any.
>
> So..i hope someone can help me with the problem.. thanks.


Any links to (buggy) batch files in your startup folders?

Start > Run > msconfig > Startup

You will always get an extra instance of cmd.exe in Task Manager doing what
you describe. That is normal.

--
Jon

Better to ask the way than go astray

Carbonated

unread,
Dec 10, 2006, 10:48:01 AM12/10/06
to

"Jon" wrote:

In the startup tab, there are
-svhost32
-realsched
-raid_tool
-rundll32
-CMGrdian
-avgcc
-ypager
-Skype
-rund1132
-Microsoft Office

well my task manager did not show any 'cmd.exe' process which uses a lot of
cpu usage before this..
>

Ayush

unread,
Dec 10, 2006, 10:53:30 AM12/10/06
to
Replied to [Carbonated]s message :
-----------------------------------------------------------

> In the startup tab, there are


> -rundll32


Uncheck this

> -rund1132

If this is really rund1132 then it can be a virus. Uncheck it immediately.

--
Ayush [ Good :-) Luck ]
-------------
Search - www.Google.com | Wikipedia - http://en.wikipedia.org
Snip your long urls - http://snipurl.com/
-------------


Jon

unread,
Dec 10, 2006, 10:57:48 AM12/10/06
to


Latest reports suggest that it was "Carbonated"
<Carbo...@discussions.microsoft.com> in message
news:8C422FCC-70A7-4236...@microsoft.com who said something
like...


>
> In the startup tab, there are
> -svhost32
> -realsched
> -raid_tool
> -rundll32
> -CMGrdian
> -avgcc
> -ypager
> -Skype
> -rund1132
> -Microsoft Office
>

If you've spelt those correctlly then 'svhost32' and 'rund1132' stick out
like a sore thumb as probably malware related.

So I would suggest some virus / malware scans.


--
Jon

Birds of a feather flock together

Carbonated

unread,
Dec 10, 2006, 11:18:00 AM12/10/06
to

"Ayush" wrote:

Unchecked.. should i delete the file also?

Jon

unread,
Dec 10, 2006, 11:57:22 AM12/10/06
to

It may well be worth recalling that "Carbonated"
<Carbo...@discussions.microsoft.com> had already stated in
news:B776D4F7-84F3-42BD...@microsoft.com...
> some screenshots of cmd.exe causing cpu usage to 100%
>
> [IMG]http://i61.photobucket.com/albums/h54/xXNightLoadXx/cmd.jpg[/IMG]
> [IMG]http://i61.photobucket.com/albums/h54/xXNightLoadXx/cmd2.jpg[/IMG]
> [IMG]http://i61.photobucket.com/albums/h54/xXNightLoadXx/cmd3.jpg[/IMG]
>
>
> i opened cmd.exe and there are 2 cmd.exe processes now..1 is using a lot
> of
> cpu usage and the other one isnt..
> [IMG]http://i61.photobucket.com/albums/h54/xXNightLoadXx/cmd4.jpg[/IMG]
>

Once you've unchecked the 3 entries mentioned (as you appear to have done)

ie

svhost32
rund1132
rundll32 (this one may well be legitimate)

then reboot your system.

But you'll probably need to do a more thorough examination of your system,
for which it would be simplest to run a virus or malware scanner. There are
plenty of free ones available online, alongside the ones you appear to have
already. Let them clear up your system.

Don't delete 'rundll32.exe' though (although by all means uncheck it). It is
probably a legitimate Windows file, although the file it references (usually
a dll) may not be.

--
Jon


Jon

unread,
Dec 10, 2006, 12:29:07 PM12/10/06
to


I have it on good authority that "Carbonated"
<Carbo...@discussions.microsoft.com> said in
news:2FE1FEBC-38F5-403F...@microsoft.com...


>
>
> "Jon" wrote:
>
>> Once you've unchecked the 3 entries mentioned (as you appear to have
>> done)
>>
>> ie
>>
>> svhost32
>> rund1132
>> rundll32 (this one may well be legitimate)
>>
>> then reboot your system.
>>
>

> Do they related to the 'cmd.exe' process which caused 100% cpu usage?
>>
>>
>>

They could easily start a cmd.exe process (perhaps invisibly) yes, and then
themselves exit.

But there are countless other possibilities, (such as a Scheduled Task set
to run at boot time). So your best bet is to run a scan.


--
Jon

Malke

unread,
Dec 10, 2006, 12:32:08 PM12/10/06
to
Carbonated wrote:

>
>
> "Jon" wrote:
>
>> Once you've unchecked the 3 entries mentioned (as you appear to have
>> done)
>>
>> ie
>>
>> svhost32
>> rund1132
>> rundll32 (this one may well be legitimate)
>>
>> then reboot your system.
>>
>

> Do they related to the 'cmd.exe' process which caused 100% cpu usage?

As you've been told numerous times, they relate to the fact that your
computer is infected. You need to clean it up, not just uncheck entries
in Startup.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/). Do all prep/finishing work
and follow instructions to do all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA). Please be
aware that not all local shops are skilled at removing malware and even
if they are, your computer may be so infested that Windows will need to
be clean-installed. Have all your data backed up before you take the
machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Jon

unread,
Dec 11, 2006, 5:13:41 PM12/11/06
to

I have it on good authority that "Carbonated"
<Carbo...@discussions.microsoft.com> said in
news:F61D1D7F-0F69-4FE7...@microsoft.com...
>i followed the instructions at
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> and run system scans and i think my computer is clean now because the
> 'cmd.exe' process does not show up anymore.. ^^
>
> thanks a lot, Jon and Malke. =)
>
> Cheers.


Glad to hear that Carbonated. Sounds like you probably cleared up alot more
than just the 'cmd.exe' problem in the process.

--
Jon

0 new messages