Physics Forums

Physics Forums (http://www.physicsforums.com/index.php)
-   Computers (http://www.physicsforums.com/forumdisplay.php?f=190)
-   -   Excessive CPU usage by explorer.exe (http://www.physicsforums.com/showthread.php?t=167624)

anantchowdhary Apr26-07 05:00 AM

Excessive CPU usage by explorer.exe
 
I am using a 2.8Ghz Intel Dual core CPU and ive got Windows Vista

Now...after a start my computer....a thread executes itself .The threads name is
nxaEA8A.tmp.....

This uses upto 60% of the CPU acc to Process Explorer

When i kill the thread my CPU usage comes back to normal.

Any ideas on how to prevent the thread from running...or y the thread runs in the first place!

Thnx

russ_watters Apr26-07 05:54 AM

Have you run a virus scan and an AdAware scan?

austriolia Apr26-07 06:57 AM

:-) yes, you can get it with adaware, I used to run into the same problem but with different filename. :-)
You should also pay attention to what other files are running too when this tmp is on. I know this file rotation to consume tiny memories at leisure time...

dimensionless Apr26-07 07:38 AM

I'm not sure that explorer.exe can be stopped. explorer.exe definitely should not be using 60% of your CPU time though. I would suggest verifying that your Windows installation has the most recent updates.

anantchowdhary Apr26-07 09:17 AM

Ive just installed a fresh copy of Windows Vista....But still....i acnt get rid of the problem....and i dont think i hav a virus

russ_watters Apr26-07 11:16 AM

If you don't think you have a virus, that means you probably have a virus (or adware/malware). It means you haven't checked and don't actually know. Run a virus scan and an adware scan.

robphy Apr26-07 11:33 AM

Is your hard-drive light active at the same time as this high-cpu-usage thread?
Might it be indexing your files?

anantchowdhary Apr26-07 12:32 PM

No....the hard drive light(red) duznt blink..Ive also tried a scan but its of no hlp:(

BoredNL Apr27-07 04:43 PM

Did you do a fresh installation (formatting) or did you install without formatting?

Try to locate the file and scan it with an online anti-virus scanner before anything else. If it comes upnd clean, then that doesn't mean it isn't a virus or trojan, because it might be a brand new virus/trojan that isn't recognized yet. I don't know anything about windows Vista, so I don't know if the WinXP way of disabling a file from running is the same. The easiest, but unclean way to stop the file from running at boot up is to simply rename the file (after you've stopped it in Task Manager). I usually add ".disabled" to the end of the file and voila, it won't run anymore. If you forget where the file is, just run a search for "*.disabled" and it'll show up. I don't recommend deleting the file, it might be doing something real.

The following is not a complete way to analyze the problem, because I am short on time right now, but here's are a few things you can try:

I couldn't find any information on "nxaEA8A.tmp." I'm guessing that it is a randomly named file. TMP files can be all sorts of different types of files also, so figuring out what type of file it is could reveal some information about it. The next step would be to figure out what is starting the program and for what purpose. Use this website to try and figure out what type of file it is (perhaps it's a .dll file, or an .exe, I don't know).

Next I would say to try to figure out how it is running and what it's behavior is. Window's XP's tools for this include regedit (to look at/modify the startup section of the registry that msconfig doesn't look at), msconfig, and CTRL + ALT, DEL. A previous thread in this forum had some excellent recommendations for much better alternatives which will yield a lot more useful information and I would tell you to use these to gather more information and to track down the source of this file.. But I can't remember what the programs are, what thread they're listed in, and I'm at my g/f's on her laptop so I can't just look at the programs. Hmm.. They might not even work on Windows Vista either.

You might just either have to hang tight, rename the file, or reinstall windows vista. (making sure to do a completely free install, to rule out a virus)

Have you tried just letting it run through to completion though? Perhaps it's a legitimate file.

Manchot Apr27-07 05:00 PM

I think people are missing the obvious. Though I have no personal experience with it, from what I understand, Vista is SLOW (even on most new machines).

ukmicky Apr27-07 07:30 PM

What happens if you rename nxaEA8A.tmp does the machine run ok if so try running it for a few days without it.

Gib Z Apr29-07 08:50 AM

How much RAM do you have might be a reasonable question, 60% of 512 megs typical of a 3 year old 2.8 Ghz computer is more than expected running vista..

anantchowdhary Apr30-07 09:43 AM

No....as soon as i kill the thread...my computer runs pretty well!so i guess theres no prob with my PC.and yea..i formatted my disk and hav installed vista!

chaoseverlasting Apr30-07 12:52 PM

I dont know if this will work on vista, but on xp, if you want to configure the boot up process, you go to run and type in "msconfig". There, on the services/start up tabs, you can configure your system boot settings.

I used to have a virus on my comp that did something similar. Usually, its hackers who jack your comp and make it a part of a global network, I forget what this process is popularly called by.
Anyway, try shutting the internet down, maybe that makes the process inactive. In any case, if you can get msconfig to open up, you can directly force this process to not run.

anantchowdhary May1-07 07:59 AM

Ive tried everything.I know abt msconfig and it works on vista.But still its of no help.Would you like a screenshot of the thread as seen on process explorer?

Thnx

BoredNL May2-07 12:28 AM

In Windows XP there's three separate ways a file can be run. You will want to check all of these places to see where this file is running from to disable it cleanly. To simply find out where the file is so that you can rename it, use Process Explorer (It's a free and great utility which is compatible with Vista). After you start the program, locate the running process, right click on it and hit "properties." It'll give you the path of the file and all the info you'll ever need to know and then some. After you kill the process and rename it, go find out how the file was running and disable it there. You can either do this with the free and really comprehensive startup utility "AutoRuns" or you can do it manually if AutoRuns doesn't work for you.

For manual removal of startup items in Windows XP a startup program/file can be located in:
1. The startup folder in the "Programs" or "All Programs" dropdown folder in the start bar. (You'd disable the file from running by deleting the shortcut or moving it elsewhere)
2. In the msconfig utility, there are the "services" and the "startup" tab (you uncheck the file from running).
3. From the registry (This for both local and all users - I'm not sure if this is the same in windows vista - You would disable the file by deleting the registry key). I'll list a full list below with descriptions for WinXP:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
– these programs automatically start when any user is logged in. It is used for all users on this computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
– The programs here start only once when any user is logged in and will be removed after the Windows boot process would have finished.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
– The programs here start only once when any user is logged in and will be removed after the Windows boot process would have finished. Also the RunOnceEx registry key does not create a separate processes. The RunOnceEx registry key also support a dependency list of DLLs that remain loaded while either all the sections or some of the sections are being processed.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService s
– these programs automatically start when the system is loading before the user logs in. It is used for service applications - antivirus, drivers etc. In Windows NT/2000/XP it could be canceled by admin to use other service startup sections. Read more at services startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService sOnce
– these programs automatically start only once when the system is loading as service application and items are deleted after the Windows boot process have finished.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
– The programs here automatically start when the current user logs in. It is used only for current logoned user.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
– The programs here automatically start only once when the current user logs in and it will be deleted after the Windows boot process would have finished.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
– The programs here automatically will be copied into HKEY_CURRENT_USER\...\Run for every new user account.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
– The programs here automatically will be copied into HKEY_CURRENT_USER\...\RunOnce for every new user account.


Well, I hope this helps. :)

Edit: The forum added the spaces in "CurrentVersion" for some reason, they are not there in the registry or in the text I wrote here.

anantchowdhary May2-07 12:55 AM

thanks for all the help.But i am referring to a thread run by explorer.exe!

Anyways Ill try out ur recommedations

BoredNL May2-07 01:21 AM

It might not be window's explorer, it could be a virus or trojan pretending to be.

Don't rename "c:\windows\explorer.exe"

Explorer is used for a variety of things. You can open files with explorer.exe (such as text files. If I try to open an extremely large file with it, it might behave in the same manner that yours is). You can use the "bring to front" option in Process Explorer to see which window is giving the problem.


All times are GMT -5. The time now is 07:25 AM.

Powered by vBulletin Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2014 Physics Forums