If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Whats going on
Windows XP Pro
Running sysinternals Process Explorer TCPView Process explorer say CPU being eaten up (down to 0% available) by svchost -k netsvcs (taking 50% or more) But TCPView shows very little network activity. |
Ads |
#2
|
|||
|
|||
Whats going on
frustrated wrote:
Windows XP Pro Running sysinternals Process Explorer TCPView Process explorer say CPU being eaten up (down to 0% available) by svchost -k netsvcs (taking 50% or more) But TCPView shows very little network activity. If you run process explorer as administrator, you can drill into the SVCHOST and see the name of the service doing it. It will, of course, be Windows Update wuauserv. How many other services do you know of, that spread that much joy to users ? Paul |
#3
|
|||
|
|||
Whats going on
frustrated wrote:
Windows XP Pro Running sysinternals Process Explorer TCPView Process explorer say CPU being eaten up (down to 0% available) by svchost -k netsvcs (taking 50% or more) But TCPView shows very little network activity. Of course, it's Windows Update service (wuauserv) Have a look at this from January 2014: http://windowsitpro.com/windows-xp/c...sue-windows-xp and this: https://blogs.technet.microsoft.com/...-exe-high-cpu/ (mind the wrap) XP is dead. Let it die. |
#4
|
|||
|
|||
Whats going on
"frustrated" wrote
| Windows XP Pro | svchost -k netsvcs (taking 50% or more) | Why are you enabling Windows Update on XP? There's nothing to update. (Unless you're one of those trying the kiosk trick.) It sounds like you need to weed your services. See he http://www.blackviper.com/ I'm currently running XP. I have about 15 services running. WMI and WIA. (Because I use them.) DCOM Server Process Launcher, because WMI needs it. Most people won't need any of those. (WIA is used mainly for scanning, as an alternative to TWAIN. WMI is a potential security risk. I enable it because I use it in Windows scripting. In general it's mostly only used by some system info utilities.) Other things I have running: Shell hardware detection, 3rd-party firewall, security center, Acrylic DNS server, themes, RPC (no choice with that one) plug n' play, protected storage, network connections, disk manager (not really necessary, but occasionally I like to check Windows version of hard disk layout), event log. Nearly everything else is risky or unnecessary on a standalone computer. You might need a slightly different combination. For instance, if you don't use a fixed IP you need DHCP. If you use remote desktop functionality then you'll be forced to enable some risky things. If you network your home computers you might need more services enabled. But you should know why you have something enabled. Many of the default services are risky because they're designed for corporate workstations running on safe intranets. That's why widespread attacks using DCOM ports are still common. |
#5
|
|||
|
|||
Whats going on
George wrote:
frustrated wrote: Windows XP Pro Running sysinternals Process Explorer TCPView Process explorer say CPU being eaten up (down to 0% available) by svchost -k netsvcs (taking 50% or more) But TCPView shows very little network activity. Of course, it's Windows Update service (wuauserv) And how do you know wuaserv is the process rolled under the instance of svchost that the OP is looking at? You don't. The OP never said what processes were rolled under the svchost process that the OP was looking at. In Process Explorer the OP was using, looking at properties of a svchost process has a TCP/IP tab to show what, if any, connections are made by those rolled up processes. https://en.wikipedia.org/wiki/Svchost.exe There will typically be several svchost instances. Some will have processes rolled into them that do networking. Some will not. XP is dead. Let it die. You very likely have some tools that are even older and no longer covered by warranty. Those tools are dead. Discard them. Yeah, right. |
#6
|
|||
|
|||
Whats going on
In message , Mayayana
writes: [] need DHCP. If you use remote desktop functionality then you'll be forced to enable some risky things. If you network [] Is that both ways round, or? I sometimes use TeamViewer to help others (i. e. I see and manipulate _their_ desktops), especially a few blind friends; however, I don't remote into my desktop here, or let anyone else do so. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "Bother," said the Borg, "we assimilated a Pooh." |
#7
|
|||
|
|||
Whats going on
"J. P. Gilliver (John)" wrote
| Is that both ways round, or? I sometimes use TeamViewer to help others | (i. e. I see and manipulate _their_ desktops), especially a few blind | friends; however, I don't remote into my desktop here, or let anyone | else do so. I don't know the details. I don't use anything like that, for security reasons. I was just trying to list some typical exceptions, to make it clear that there's no set list of what services are necessary. I guess you could look at what services you have running and check whether TV still works with them disabled. Since they don't have to call into your machine it might be OK. Or TV might even have its own libraries. I had to install WinPCap for something or other. Maybe it was for a sniffer. It installed a service without asking, called "Remote Packet Capture Protocol (Experimental)" The description is creepy: "Allows to capture traffic on this machine from a remote machine." Yet it lists no other services as dependencies. So I guess it's some kind of standalone network driver. |
#8
|
|||
|
|||
Whats going on
On Wed, 28 Jun 2017 15:30:06 -0400, "Mayayana"
wrote: "J. P. Gilliver (John)" wrote | Is that both ways round, or? I sometimes use TeamViewer to help others | (i. e. I see and manipulate _their_ desktops), especially a few blind | friends; however, I don't remote into my desktop here, or let anyone | else do so. I don't know the details. I don't use anything like that, for security reasons. I was just trying to list some typical exceptions, to make it clear that there's no set list of what services are necessary. I guess you could look at what services you have running and check whether TV still works with them disabled. Since they don't have to call into your machine it might be OK. Or TV might even have its own libraries. I had to install WinPCap for something or other. Maybe it was for a sniffer. It installed a service without asking, called "Remote Packet Capture Protocol (Experimental)" The description is creepy: "Allows to capture traffic on this machine from a remote machine." Yet it lists no other services as dependencies. So I guess it's some kind of standalone network driver. Wireshark and a few others use it. Set it to load manually. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|