Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Iwamoto2021-03-11 12:17:09
RDP
Iwamoto, 2021-03-11 12:17:09

How to find hidden processes eating CPU resources (Windows Server (RDP))?

The picture was taken in the task manager running on behalf of SYSTEM:
6049f9786b034366342353.gif

Colleagues!
I'm in pain, I just can't.
Terminal server (Windows Server 2008r2), sometimes the processor is 100% high, I tear off processes and do not see a single process that eats resources and rots the processor.

The same applies to virtually any server before Windows Server 2019, the essence is always the same - there are processes that eat resources, but they are not visible anywhere in the task manager or resource monitor. How to find the guilty processes and strangle them in this case? How can you see such processes and explore?

Utilities like ProcessHacker / ProcessExplorer and others also show nothing. Or I did not find where to look ....

PS: It has been noticed for a long time that if you cut down the rundll.exe process that has appeared in a circle, then the load drops to normal.

@echo off
@:loop
@taskkill /f /im rundll*
@ping 127.0.0.1 -n 15 2>nul>nul
@goto loop

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
vreitech, 2021-03-11
@fzfx

the graph shows that the CPU consumes code running in kernel mode, and if so, then this code may not correspond to any of the running processes (i.e. it is a driver or the kernel itself). that is why you do not see a single process loading the system.
answering the question: in your case, there is no way to find processes that eat processor resources, because there are none.

Report
A
Alexey Dmitriev, 2021-03-11
@SignFinder

Start collecting the necessary logs through Performance Monitor, then analyze the collected ones.
Here is a good article https://windowsnotes.ru/windows-server-2008/schetc...

Report
R
rPman, 2021-03-11
@rPman

Ohh! 2008 server, I suppose and iron of the same time? by chance there is no ide running in pio mode (software mode, working with the disk wildly loaded the processor, it looked exactly like that).
Are the drivers installed on the server? Because such a load is usually given by nuclear processes, they are not displayed in the task manager. I also observed such a picture on win, when I heavily loaded win32 gdi, actively drawing something with system calls (few people do this now, all gui frameworks draw into memory themselves)
The video in the post shows that there is a svchost.exe process 60% load show the command line for it , it will be seen what kind of service launched it ... or it's a virus that mimics a service

Similar questions
S
Saiputdin Omarov2019-10-11 17:18:09
RDP connection loss? 0Reply
S
shaivam2015-05-26 23:04:25
Is there an alternative rdp client for windows? 1Reply
G
Goretckii2021-04-16 17:35:42
How to track all events on the server at a specific time? 0Reply
M
Mark Rosenthal2015-06-08 11:25:49
How to properly set up RDP on Ubuntu? 4Reply
L
lukoie2017-06-01 18:07:07
Which RDP client to use for Ubuntu? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question