Help with Task Manager & Processes Identification

Discussion in 'Trading Software' started by hapaboy, Apr 16, 2003.

  1. Hi there. I've got Windows 2000 SP3 installed, 256MB of RDRAM.

    I notice that when I leave my computer on for a couple of days, the Available Physical Memory as shown in my Task Manager gets less and less. What is causing this leak? :confused:

    Also, when I click on the "Processes" tab of the Task Manager, I see 3 listings of the same process: svchost.exe

    Combined these 3 svchost.exe processes are taking up almost 27Megs of memory.

    How can I find out what svchost.exe really is? I mean, when I do a file search for it and, upon getting the results look at its Properties, I see that it is in my WINNT\system32 folder, and its description is "Generic Host Process for Win32 Services." What the heck does that mean? And why are there 3 of it running at the same time? :confused:

  2. keeda


  3. gnome


    Just fishing here, but on mine (W2K, SP2) there are only 2 svchost.exe processes, using only 14mg of memory. Mine has been on for 6 hours and has used only 3 seconds of CPU time.

    Your 3rd svchost.exe could possibly be a file someone has placed on your machine (perhaps without your knowledge) and it's acting as part/all of a server for somone else's functions... that is, "somebody is using your machine and you don't even know it".

    If you never volunteered to be part of an "off hours function", then your machine may have been invaded. (I'm not sure how safe it is to just delete things here, so go slowly. If nothing else, you can always back up your valuables and reinstall W2K to get rid of it.)

    If the 3rd svchost.exe is running some unknown function, that would be consistent with they memory symptons you described.
  4. CalTrader

    CalTrader Guest

    SVCHost is probably not the issue: We have had these service packs runing on production servers for several months and they are stable with our production apps - which have been extensively tested to confirm no memory leaks - and the MS suite of server products: uptime 99.9xx.

    Memory leaks can be difficult to find: if you have the debug build of all your apps then you might have a shot but if you have a lot of off the shelf apps then any number of them could be the culprit. Most of the available tools - short of an ICE - are not very useful. You can use the performance counters and log the entries for the various running processes and over time you should be able to identify the culprit .....
  5. JayF_eSignal

    JayF_eSignal eSignal

  6. for all the responses. Very enlightening.

    In checking out the various links, I discovered something that I would like to ask.

    I'm running Win2K Pro, NOT Server.

    Yet in my processes list there is one called "regsvc.exe" and when I look it up I get the following explaination:

    Microsoft’s Remote Registry Service. This service runs on Windows 2000 Server and Advance Server. Whenever you install Microsoft software such as SQL on Windows 2000 Server, and your setup program needs to write keys to the Registry, it interacts with the Remote Registry Service (REGSVC.EXE) and the Remote Registry Service does the actual writing of the registry keys. This background service is also required if you intend to edit the registry from a remote computer using Windows 2000’s Remote Administration facilities.

    Recommendation :
    While it is not always required, the Remote Registry Service will eventually be used at some stage in the life of most Windows 2000 Servers/Advanced Servers. This process should therefore be left alone.

    Since I'm NOT running Server or Advanced Server, WHY IS THIS PROCESS RUNNING? Has my computer been invaded somehow? Is my system being used by someone else?!?

    :confused: :confused:

    p.s. When I try to terminate the process I get the "UNABLE TO TERMINATE PROCESS, the operation could not be completed, Access is Denied" message.

    p.s.s. Now there are 4 svchost.exe processes running!

    p.s.s.s. Uh-oh! I'm also running mad.exe, which I'm told is also a SERVER process. What's going on?
  7. gnome


    Poor hapaboy... he's been thrust against his will into cyberhaze... where neither black nor white are as they appear. In fact, not even grey... He finds himself wandering in a realm where all the inhabitants have twisted necks from looking back to see who might next be secretly invading their computers... He's firmly entrapped in The [Processes] Twilight Zone...
  8. CalTrader

    CalTrader Guest

    .... a clue to the way out of the twilight zone and back to earth is to use virus checking software and a firewall .....
  9. Check on both, and no detection via either method.

    So I'm still wondering why all these Server processes are running on my non-server OS?!?:confused:
    #10     Apr 17, 2003