Topic: 100% CPU Usage (XP SP1, NAV 2003-V9.05) @ AskWoody

100% CPU Usage (XP SP1, NAV 2003-V9.05)
Home » Forums » AskWoody support » Windows » Windows Vista, XP and earlier » Questions: Vista, XP back to 3.1 » 100% CPU Usage (XP SP1, NAV 2003-V9.05)
- This topic has 46 replies, 4 voices, and was last updated 21 years, 9 months ago.
Author

Topic
New Reply

Albert M Avery
AskWoody Plus

August 27, 2003 at 2:29 pm #392653

As you can see from the attachment – my desktop is running continuously at or above 70% CPU usage. In the TM-Processes list, the NAVAPSVC process (Norton’s auto-protect) is consuming substantially more time than even the system idle process – NAVAPSVC = 48 hrs, SIP = 22 hrs over a slightly greater than 3-day period. So I asked Symantec about it. They told me that this was caused by not performing a restart after installing NAV. I performed an uninstall and a re-install of NAV, restarted and the problem stayed the same.

Naturally, disabling NAV’s auto-protect capability (right-click on NAV task bar icon and choose “disable auto-protect”) immediately drops the CPU usage to the 30-35% range. This action puts the NAVAPSVC process in suspension. Since I’d rather not disable auto-protect, I dealing with a slow-response system. For example, it takes upwards of 30 seconds for the system to display a new IE window.

Another thought I had was to kill the NAVAPSVC process. This disabled auto-protect, of course, and the CPU usage dropped precipitously to the high 20s. Once I restarted auto-protect, the CPU usage rose to the low 30s and stayed there. I thought this was great.

However, there was a horrible side effect and I’m assuming it was related to killing and restarting the NAVAPSVC process. The reason for my assumption is that I have restarted my system and run it for just over 3 days without performing any of the above actions and I’m not having the problem described as follows. After a few hours, icons began losing definition, text in windows began disappearing and the system slowed down tremendously. Finally, the system came to a dead stop, began dumping memory (BSOD) and then restarted itself. This happened a few times. I cannot remember exactly what the BSOD error message was – something with BAD and POOL, but not BAD POOL CALLER, as I recall.

Hardware info – 1.8GHz CPU, 1GB physical memory, 60GB disk

Any ideas?

Many thanks,

Reply | Quote

Viewing 12 reply threads
Author

Replies
- WSjscher2000
  AskWoody Lounger
  
  August 27, 2003 at 11:06 pm #706430
  
  What are your settings for NAV? Is it just waiting for you to touch a file, or is it running around calculating checksums for everything? If it’s just waiting, that’s an outrageous amount of resouces to consume. Does it have a real-time monitor that lets you see what it’s doing, or a log? Maybe you can exclude certain files or folders that some other process is accessing and bring it back in line.
  
  Reply | Quote
- WSjscher2000
  AskWoody Lounger
  
  August 27, 2003 at 11:06 pm #706431
  
  What are your settings for NAV? Is it just waiting for you to touch a file, or is it running around calculating checksums for everything? If it’s just waiting, that’s an outrageous amount of resouces to consume. Does it have a real-time monitor that lets you see what it’s doing, or a log? Maybe you can exclude certain files or folders that some other process is accessing and bring it back in line.
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 28, 2003 at 3:17 am #706576
  
  Al–
  
  I’d run Spybot and Adaware anytime any program is giving this problem. I don’t think NAV is doing this alone–it’s having help to cause this mischief from somewhere else. I don’t buy Symantec’s explanation here. I’d also uninstall and reinstall NAV. Further because of the strange behavior with your icons, I’d update to the newest video driver for your card, and if you have it, I’d uninstall and reinstall it–perhaps it was corrupted.
  
  SMBP
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 28, 2003 at 3:17 am #706577
  
  Al–
  
  I’d run Spybot and Adaware anytime any program is giving this problem. I don’t think NAV is doing this alone–it’s having help to cause this mischief from somewhere else. I don’t buy Symantec’s explanation here. I’d also uninstall and reinstall NAV. Further because of the strange behavior with your icons, I’d update to the newest video driver for your card, and if you have it, I’d uninstall and reinstall it–perhaps it was corrupted.
  
  SMBP
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 28, 2003 at 3:27 am #706578
  
  Al–
  
  I’d also check msconfig’s start tab for anything you don’t need starting up, because Norton Antivirus has been known to kick up mischief with all kinds of applications.
  
  I’d also have a good look at the processes running when you startup and you can also refernce and context them at:
  
  Black Viper’s Windows XP Service Configurations
  
  SMBP
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 28, 2003 at 3:27 am #706579
  
  Al–
  
  I’d also check msconfig’s start tab for anything you don’t need starting up, because Norton Antivirus has been known to kick up mischief with all kinds of applications.
  
  I’d also have a good look at the processes running when you startup and you can also refernce and context them at:
  
  Black Viper’s Windows XP Service Configurations
  
  SMBP
  
  Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 28, 2003 at 4:16 am #706582
  
  Thank you to everyone who has replied so far.
  
  Here are some facts about the system I’m having the problem with:
  
  I have been running AdAware every night for many months. So, unless AdAware is not doing its job, we can rule out spyware.
  
  Virus checking goes on all the time and virus definitions are current as of today (8/27) – LiveUpdate checks daily.
  
  Here’s what Symantec says “auto-protect” (NAVAPSVC) does:
  [indent]
  
  Norton AntiVirus Auto-Protect loads into memory when Windows starts, providing constant protection while you work.
  
  Using Auto-Protect, Norton AntiVirus automatically:
  
  Eliminates viruses, worms, and Trojan horses, including macro viruses, and repairs damaged files
  
  Checks for viruses every time you use software programs on your computer, insert floppy disks or other removable media, or use document files that you receive or create
  
  Monitors your computer for any unusual symptoms that may indicate an active virus
  
  Protects your computer from Internet-borne viruses
  
  [/indent]
- Unfortunately, NAV has no RT monitor capability.
- I have uinstalled and re-installed NAV with the same resulting behavior.
- I’ll take a look at Black Viper’s Windows XP Service Configurations and see if it helps.
- Video driver – I changed my Windows error reporting to send me MSFT’s response on error submission. After one BSOD, MSFT told me that this was a device driver problem. Okay – it must be the video driver, says I. I locate and update the driver – same behavior.
  [/list]Gang, this is a real stumper!
  
  At the moment, I am running with auto-protect turned off and CPU usage is running below 20%.
  
  I’ve attached Symantec’s latest response as a text file – after their server decided to let my support response through (hence the “welcome back”… in the message).
  
  Thanks again,
Reply | Quote

WSHoward Kaikow
AskWoody Lounger

August 28, 2003 at 5:00 am #706598

Al–

Make sure with AdAware that you’re hitting the globe at the top to update it’s data base which changes every 3-5 days. Also I’d complement it with Spybot and a pre-emptive guard for spyware, malware, unstable BHO’s.

You said that “Virus checking goes on all the time and virus definitions are current as of today (8/27) – LiveUpdate checks daily.”

I wish that were true but it just ain’t so. Live Update updated you yesterday because when it’s Wednesday at Symantec in Cupertino, California that’s when it does it [/b]weekly.[/b] It doesn’t matter how cute they make the Live Update in that yellow box, or how many progress bars jump up and down–it’s only weekly if you passively rely on it and that’s not good enough. If they were thinking they’d eliminate it all together; have it update daily, or tell you explicitly to use the response site but they don’t–I did.[/b]

Security Response Web site shows more recent virus definitions than LiveUpdate or a virus write-up shows that more recent definitions are available Document ID:2002021908382713 LastModified :07/22/2003

This is what you need to use to get daily updates: It takes 25 seconds and 3 mouse clicks.[/u]

Symantec Security Response Updates Definitions Monday through Friday: Drag this link to Quick Start

This advice gets your viral definition updates optimal, but doesn’t help you with the main CPU problem now. The BSOD indicates something is going on, possibly hardware–possibly driver related. “After one BSOD, MSFT told me that this was a device driver” What was the error or info on your BSOD? Did it have a lot of zeros and a 7B in it? That might help us. Whatever’s going on here that’s CPU intensive is involving more than any Norton component I feel sure. Norton is doing to you what it does so well–it’s redherring away your attention from the real culprit who may or may not be in concert with Norton but I doubt seriously this is just Norton.

SMBP

Reply | Quote
WSHoward Kaikow
AskWoody Lounger

August 28, 2003 at 6:43 am #706635

Al–

At the time you got the BSOD–what was the error message that was probably written to your Event Viewer–it could help? Also since the icon phenomenon was a symptom of low memory, why don’t you go to System Properties>Advanced>Settings>Advanced and up your paging file values from the Windows XP default of 2.5 times ram? See what happens for a little while. You can change it back to default in seconds.

SMBP

Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 29, 2003 at 4:20 am #707437
  
  I’ll go dig out the Event Viewer log entry.
  
  At your urging, I have turned auto-protect back on again and the brakes went on again.
  
  I’m installing Spybot and updating AdAware, which I noticed was out of date, versionwise. Question – do I really gain anything from AdAware-Plus over the basic freeware product for $26.95?
  
  I’m going to perform the kill NAVAPSVC process and turn auto-protect back on to see if I can recreate the BSOD and its error messae.
  
  Thanks,
  
  Reply | Quote
- - WSHoward Kaikow
    AskWoody Lounger
    
    August 30, 2003 at 4:03 am #707725
    
    Hi Al–
    
    Have a look here. I don’t know what version of NAV you have, but they’ll put up KB’s for one version that applies to another:
    
    Post 289081.
    
    Computer slows down as Norton AntiVirus Auto-Protect CPU utilization reaches 95% or higher
    
    It seems clear that NAV is the problem, and while I have a ton of appreciation for CBD’s info and what I learn from him, I haven’t found NAV to be a resource hog with XP even on machines with modest RAM but I certainly did using Win 9X–but one of those 9X’s was ME far and away the most consistent and largest memory leaker in the history of Windows OS’s.
    
    I haven’t used Adaware plus but I think bigaldoc Hoffman does or Viking and they may want to weigh in. I’ve found the free version of Ad Aware and Spybot to be a very helpful duo. One point on AdAware I see people forget from time to time with friends is to click the globe on the upper right of the box that updates the reference data base–it changes every few days and can make a difference. There are a number of other free pre-emptive “spy-bouncers” to screen you can try like Spyguard, Spyblaster, BHO demon and I use them from time to time– (you can google for Anti-spyware), but those two are the main ones I use and they have worked very very well compared with the days when I didn’t know to use them. I never underestimate the ability of malware, or an unstable BHO to screw things up–I respect that they can freeze and CPU gobble and crash very effectively. Showbar.exe (an unstable BHO) can crash IE often in a NYC hearbeat.
    
    If you’re able to get any error info from Event Viewer or the BSOD, because something was going on there with this which may or may not be important and related now. I know this is old and you probably do this carefully, but check device manager that no bangs are on the drivers and the video and other drivers are reasonably up to date because they can deteriorate or corrupt.
    
    “After a few hours, icons began losing definition, text in windows began disappearing and the system slowed down tremendously. Finally, the system came to a dead stop, began dumping memory (BSOD) and then restarted itself. This happened a few times.”[/size]
    
    SMBP
    
    Reply | Quote
  - WSHoward Kaikow
    AskWoody Lounger
    
    August 30, 2003 at 4:03 am #707726
    
    Hi Al–
    
    Have a look here. I don’t know what version of NAV you have, but they’ll put up KB’s for one version that applies to another:
    
    Post 289081.
    
    Computer slows down as Norton AntiVirus Auto-Protect CPU utilization reaches 95% or higher
    
    It seems clear that NAV is the problem, and while I have a ton of appreciation for CBD’s info and what I learn from him, I haven’t found NAV to be a resource hog with XP even on machines with modest RAM but I certainly did using Win 9X–but one of those 9X’s was ME far and away the most consistent and largest memory leaker in the history of Windows OS’s.
    
    I haven’t used Adaware plus but I think bigaldoc Hoffman does or Viking and they may want to weigh in. I’ve found the free version of Ad Aware and Spybot to be a very helpful duo. One point on AdAware I see people forget from time to time with friends is to click the globe on the upper right of the box that updates the reference data base–it changes every few days and can make a difference. There are a number of other free pre-emptive “spy-bouncers” to screen you can try like Spyguard, Spyblaster, BHO demon and I use them from time to time– (you can google for Anti-spyware), but those two are the main ones I use and they have worked very very well compared with the days when I didn’t know to use them. I never underestimate the ability of malware, or an unstable BHO to screw things up–I respect that they can freeze and CPU gobble and crash very effectively. Showbar.exe (an unstable BHO) can crash IE often in a NYC hearbeat.
    
    If you’re able to get any error info from Event Viewer or the BSOD, because something was going on there with this which may or may not be important and related now. I know this is old and you probably do this carefully, but check device manager that no bangs are on the drivers and the video and other drivers are reasonably up to date because they can deteriorate or corrupt.
    
    “After a few hours, icons began losing definition, text in windows began disappearing and the system slowed down tremendously. Finally, the system came to a dead stop, began dumping memory (BSOD) and then restarted itself. This happened a few times.”[/size]
    
    SMBP
    
    Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 29, 2003 at 4:20 am #707438
  
  I’ll go dig out the Event Viewer log entry.
  
  At your urging, I have turned auto-protect back on again and the brakes went on again.
  
  I’m installing Spybot and updating AdAware, which I noticed was out of date, versionwise. Question – do I really gain anything from AdAware-Plus over the basic freeware product for $26.95?
  
  I’m going to perform the kill NAVAPSVC process and turn auto-protect back on to see if I can recreate the BSOD and its error messae.
  
  Thanks,
  
  Reply | Quote
WSHoward Kaikow
AskWoody Lounger

August 28, 2003 at 6:43 am #706636

Al–

At the time you got the BSOD–what was the error message that was probably written to your Event Viewer–it could help? Also since the icon phenomenon was a symptom of low memory, why don’t you go to System Properties>Advanced>Settings>Advanced and up your paging file values from the Windows XP default of 2.5 times ram? See what happens for a little while. You can change it back to default in seconds.

SMBP

Reply | Quote
WSjscher2000
AskWoody Lounger

August 28, 2003 at 6:56 am #706639

> At the moment, I am running with auto-protect turned off and CPU usage is running below 20%.

Well, I think you should turn it back on. What’s good’s an idle CPU if you get whacked with a virus?

Do you have the Indexing service running? I wonder whether that causes NAV any excitement.

Maybe SysInternals, which has a variety of free monitoring tools, has one that can keep an eye on the Norton executable’s activities?

Reply | Quote
WSjscher2000
AskWoody Lounger

August 28, 2003 at 6:56 am #706640

> At the moment, I am running with auto-protect turned off and CPU usage is running below 20%.

Well, I think you should turn it back on. What’s good’s an idle CPU if you get whacked with a virus?

Do you have the Indexing service running? I wonder whether that causes NAV any excitement.

Maybe SysInternals, which has a variety of free monitoring tools, has one that can keep an eye on the Norton executable’s activities?

Reply | Quote
WSjscher2000
AskWoody Lounger

August 28, 2003 at 7:10 am #706643

(Edited by jscher2000 on 28-Aug-03 01:10. Link problems…….)

Sorry, Plan B: download PC-cillin, a competing product, and try that for 30 days.

Trend Micro is running a “$20 off” special for PC-Cillin, which makes it $30 (check the SOBIG.F page, since I can’t paste the link). There’s a $25 mail-in rebate for Norton/McAfee users: http://www.trendmicro.com/ftp/products/pcc…llin-rebate.pdf%5B/url%5D; I don’t know if these are combinable… if they are, $5 is a pretty good deal!

Reply | Quote

WSHoward Kaikow
AskWoody Lounger

August 28, 2003 at 7:30 am #706659

Jefferson–

Some people I know who do IT adminstration have said in the last two weeks that they prefer Trend Micro over Symantec products because they have significantly better ‘real time’ or current defnition development. I know you know Trend very well–have you heard any of this?

SMBP

Reply | Quote

WSjscher2000
AskWoody Lounger

August 28, 2003 at 5:03 pm #707027

I don’t have any inside information I can share.

Trend Micro had a lead of a few years over Symantec and McAfee in centrally managed, corporate antivirus and gateway scanning. But their visibility among home users is low. Only so many marketing dollars to go around, I guess.

I got a rejection of a SOBIG message today from a user at the US Postal Service. SOBIG is redefining 6 degrees of separation. What I found really annoying was that the message (see below) wanted me to open an HTML message for information. What are they thinking?! Well, I saved the message as an MSG to my desktop and opened it in notepad. Any McAfee users, please complain. There’s no reason to send this out as HTML:

VIRUS INFECTION ALERT

VIRUS INFECTION ALERT

The WebShield

Reply | Quote
WSjscher2000
AskWoody Lounger

August 28, 2003 at 5:03 pm #707028

I don’t have any inside information I can share.

Trend Micro had a lead of a few years over Symantec and McAfee in centrally managed, corporate antivirus and gateway scanning. But their visibility among home users is low. Only so many marketing dollars to go around, I guess.

I got a rejection of a SOBIG message today from a user at the US Postal Service. SOBIG is redefining 6 degrees of separation. What I found really annoying was that the message (see below) wanted me to open an HTML message for information. What are they thinking?! Well, I saved the message as an MSG to my desktop and opened it in notepad. Any McAfee users, please complain. There’s no reason to send this out as HTML:

VIRUS INFECTION ALERT

VIRUS INFECTION ALERT

The WebShield

Reply | Quote

WSjscher2000

AskWoody Lounger

August 28, 2003 at 7:06 pm #707102

(Edited by jscher2000 on 28-Aug-03 13:06. Uhhhh…it’s not that easy.)

In response to your additional urging, here is some data on the frequency and timing of updates. The server polls for updates once per hour, so the release could have been any time during the previous 59.99 minutes. I assume the time is Pacific Daylight Time; could be GMT.

Tuesday, July 01, 2003 15:09:27	Virus pattern file:579
Thursday, July 03, 2003 16:09:32	Virus pattern file:581
Monday, July 07, 2003 07:10:55	Virus pattern file:583
Tuesday, July 08, 2003 16:10:30	Virus pattern file:585
Friday, July 11, 2003 13:11:08	Virus pattern file:587
Tuesday, July 15, 2003 14:11:49	Virus pattern file:589
Tuesday, July 22, 2003 15:11:40	Virus pattern file:591
Wednesday, July 23, 2003 22:11:42	Virus pattern file:593
Tuesday, July 29, 2003 15:11:59	Virus pattern file:595
Friday, August 01, 2003 11:15:18	Virus pattern file:597
Friday, August 01, 2003 15:14:57	Virus pattern file:598
Tuesday, August 05, 2003 15:14:09	Virus pattern file:600
Monday, August 11, 2003 03:15:43	Virus pattern file:602
Monday, August 11, 2003 15:15:57	Virus pattern file:604
Tuesday, August 12, 2003 04:15:33	Virus pattern file:606
Wednesday, August 13, 2003 13:15:04	Virus pattern file:608
Wednesday, August 13, 2003 21:14:44	Virus pattern file:610
Friday, August 15, 2003 18:15:04	Virus pattern file:612
Monday, August 18, 2003 07:15:13	Virus pattern file:614
Monday, August 18, 2003 23:14:25	Virus pattern file:616
Tuesday, August 19, 2003 06:14:31	Virus pattern file:618
Thursday, August 21, 2003 08:17:12	Virus pattern file:620
Tuesday, August 26, 2003 07:12:56	Scan engine for Windows XP/2000/NT:6.640
Tuesday, August 26, 2003 07:13:29	Scan engine for Windows Me/98/95:6.640
Tuesday, August 26, 2003 14:14:45	Virus pattern file:622

Note: the gap between the numbers is a result of the beta release cycle. As a general rule, the missing numbers were emergency releases that were made available before testing was completed. These do not auto-download but must be applied manually. Once testing is complete, the number is incremented and will be auto-downloaded. (It’s also possible there were two updates within a single hour, but that seems unlikely.)

To determine exactly what each update addressed would be a big task, too big for a short lunch hour, but if you visit the Trend Micro site and sort the virus advisories by pattern number, you can get an idea.

Added: Actually, detection for SOBIG.F was included in pattern file 618, not 620, but apparently the detection was updated in 620. I don’t think you’re going to be able to accurately correlate this data.

- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 12:33 am #707333
  
  Jefferson–
  
  Thanks for going to this trouble. I appreciate it.
  
  SMBP
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 12:33 am #707334
  
  Jefferson–
  
  Thanks for going to this trouble. I appreciate it.
  
  SMBP
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 2:24 am #707405
  
  Looking at this table, and doing it superficially because there’s a lot betwen the lines I might not appreciate from both companies, if you’re manually downloading from both Symantec, and Trend, on several days, including times in August when Blater and SoBig.f were at their peak, Trend is offering updates more frequently (Pacific times):
  
  ***Two on Friday August 1
  ***Two on Monday August 11
  ***Two on on Wed August 13 (including 9:14PM
  ***Two on Monday August 18 (including 11:14PM)
  ***Three on Tuesday August 26 (two ‘Scan Engines for Win 9X and Win NT Kernel)
  
  There were days of the week Mon-Fri when Symantec did offer definitions that aren’t on this chart. I understand the time the server poles.
  
  I don’t know enough to correlate the data accurately, but this is interesting and there is an answer to definitions most currently available over a period of time. Thanks again for taking the time to do this.
  
  SMBP
  
  Reply | Quote
- WSsinjin
  AskWoody Lounger
  
  August 29, 2003 at 3:29 pm #707683
  
  Sorry to join the fray late in the thread but in cleaning up old newsletters on the plane last night I read about this issue in either a winnetmag article or a Brian’s Buzz update. The good news there was a mention of a work-around fix. I am sorry I do not recall any more than this even after 3 cups of coffee. I deleted all that I read as I wasn’t having the problem. If you Google for “NAV 100% CPU usage” you should find several solutions. Good luck.
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 4:04 pm #707707
  
  Sinjin
  
  When you get caught up and get some time, and can find the win.net mag article, I’d be interested in seeing. I get it, so I’ll also look–I think I have archive search with my subscription. I always enjoy the CPU articles.
  
  Thanks,
  
  SMBP
  
  Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 29, 2003 at 11:57 pm #707933
  
  Everyone,
  
  After 5 days of running essentially CPU bound, I decided to restart this morning. My intent was to recreate the BSOD I got a number of times since “I knew” that I’d run into the cpu-bound problem again. I was blown away. With NAVAPSVC running and the system running all day now, CPU usage has been in the 5-20% range and the page file size, which had risen to over 1GB, is now a reasonable 380MB.
  
  In my event viewer, System, I found what might have led to the error the BSODs were telling me about – “The server was unable to allocate from the system paged pool because the pool was empty.” Between 8/15 and 8/23 there were 218 such entries. Of the 218, 180 occurred between 08/15-19:15.30 and 08/15-222:17.30 at about one second intervals. None have occurred since 8/23.
  
  There’s so much good information in this post that it will take me a while to absorb it.
  
  Thanks to you all,
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 30, 2003 at 4:06 am #707979
  
  This is beginning to read like a good Richard North Patterson or Steve Martini novel. When you find what caused those entries, please let us know. I wonder if they had anything to do with DHCP renewal or issus with your ISP. Have a good weekend.
  
  SMBP
  
  Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 30, 2003 at 4:17 am #708005
  
  This is j-u-s-t a little off the subject and will probably get deleted but, ah, ha, you like these novelists, too? I’m reading Protect and Defend and my emotions are swinging wildly between teeth-gnashing ( lawyers) to great empathy for the young woman.
  
  I don’t know whether I’ll be able to ferret out the cause for all those entries …
  
  Thanks so much for your advice and help.
  
  Reply | Quote
- WSsinjin
  AskWoody Lounger
  
  August 31, 2003 at 5:18 am #708408
  
  I bet you will find that the problem was a memory leak in Windows causing the NAV task scheduled not to complete on time and to build up an internal to do list like crazy as it could not complete its task and rescheduled to try again immediately. This snowball effect is not uncommon. It can be caused by driver conflicts with other software demands.
  
  Reply | Quote
- WSsinjin
  AskWoody Lounger
  
  August 31, 2003 at 5:18 am #708409
  
  I bet you will find that the problem was a memory leak in Windows causing the NAV task scheduled not to complete on time and to build up an internal to do list like crazy as it could not complete its task and rescheduled to try again immediately. This snowball effect is not uncommon. It can be caused by driver conflicts with other software demands.
  
  Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 30, 2003 at 4:17 am #708006
  
  This is j-u-s-t a little off the subject and will probably get deleted but, ah, ha, you like these novelists, too? I’m reading Protect and Defend and my emotions are swinging wildly between teeth-gnashing ( lawyers) to great empathy for the young woman.
  
  I don’t know whether I’ll be able to ferret out the cause for all those entries …
  
  Thanks so much for your advice and help.
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 30, 2003 at 4:06 am #707980
  
  This is beginning to read like a good Richard North Patterson or Steve Martini novel. When you find what caused those entries, please let us know. I wonder if they had anything to do with DHCP renewal or issus with your ISP. Have a good weekend.
  
  SMBP
  
  Reply | Quote
- Albert M Avery
  AskWoody Plus
  
  August 29, 2003 at 11:57 pm #707934
  
  Everyone,
  
  After 5 days of running essentially CPU bound, I decided to restart this morning. My intent was to recreate the BSOD I got a number of times since “I knew” that I’d run into the cpu-bound problem again. I was blown away. With NAVAPSVC running and the system running all day now, CPU usage has been in the 5-20% range and the page file size, which had risen to over 1GB, is now a reasonable 380MB.
  
  In my event viewer, System, I found what might have led to the error the BSODs were telling me about – “The server was unable to allocate from the system paged pool because the pool was empty.” Between 8/15 and 8/23 there were 218 such entries. Of the 218, 180 occurred between 08/15-19:15.30 and 08/15-222:17.30 at about one second intervals. None have occurred since 8/23.
  
  There’s so much good information in this post that it will take me a while to absorb it.
  
  Thanks to you all,
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 4:04 pm #707708
  
  Sinjin
  
  When you get caught up and get some time, and can find the win.net mag article, I’d be interested in seeing. I get it, so I’ll also look–I think I have archive search with my subscription. I always enjoy the CPU articles.
  
  Thanks,
  
  SMBP
  
  Reply | Quote
- WSsinjin
  AskWoody Lounger
  
  August 29, 2003 at 3:29 pm #707684
  
  Sorry to join the fray late in the thread but in cleaning up old newsletters on the plane last night I read about this issue in either a winnetmag article or a Brian’s Buzz update. The good news there was a mention of a work-around fix. I am sorry I do not recall any more than this even after 3 cups of coffee. I deleted all that I read as I wasn’t having the problem. If you Google for “NAV 100% CPU usage” you should find several solutions. Good luck.
  
  Reply | Quote
- WSHoward Kaikow
  AskWoody Lounger
  
  August 29, 2003 at 2:24 am #707406
  
  Looking at this table, and doing it superficially because there’s a lot betwen the lines I might not appreciate from both companies, if you’re manually downloading from both Symantec, and Trend, on several days, including times in August when Blater and SoBig.f were at their peak, Trend is offering updates more frequently (Pacific times):
  
  ***Two on Friday August 1
  ***Two on Monday August 11
  ***Two on on Wed August 13 (including 9:14PM
  ***Two on Monday August 18 (including 11:14PM)
  ***Three on Tuesday August 26 (two ‘Scan Engines for Win 9X and Win NT Kernel)
  
  There were days of the week Mon-Fri when Symantec did offer definitions that aren’t on this chart. I understand the time the server poles.
  
  I don’t know enough to correlate the data accurately, but this is interesting and there is an answer to definitions most currently available over a period of time. Thanks again for taking the time to do this.
  
  SMBP
  
  Reply | Quote

WSjscher2000

AskWoody Lounger

August 28, 2003 at 7:06 pm #707103

(Edited by jscher2000 on 28-Aug-03 13:06. Uhhhh…it’s not that easy.)

Tuesday, July 01, 2003 15:09:27	Virus pattern file:579
Thursday, July 03, 2003 16:09:32	Virus pattern file:581
Monday, July 07, 2003 07:10:55	Virus pattern file:583
Tuesday, July 08, 2003 16:10:30	Virus pattern file:585
Friday, July 11, 2003 13:11:08	Virus pattern file:587
Tuesday, July 15, 2003 14:11:49	Virus pattern file:589
Tuesday, July 22, 2003 15:11:40	Virus pattern file:591
Wednesday, July 23, 2003 22:11:42	Virus pattern file:593
Tuesday, July 29, 2003 15:11:59	Virus pattern file:595
Friday, August 01, 2003 11:15:18	Virus pattern file:597
Friday, August 01, 2003 15:14:57	Virus pattern file:598
Tuesday, August 05, 2003 15:14:09	Virus pattern file:600
Monday, August 11, 2003 03:15:43	Virus pattern file:602
Monday, August 11, 2003 15:15:57	Virus pattern file:604
Tuesday, August 12, 2003 04:15:33	Virus pattern file:606
Wednesday, August 13, 2003 13:15:04	Virus pattern file:608
Wednesday, August 13, 2003 21:14:44	Virus pattern file:610
Friday, August 15, 2003 18:15:04	Virus pattern file:612
Monday, August 18, 2003 07:15:13	Virus pattern file:614
Monday, August 18, 2003 23:14:25	Virus pattern file:616
Tuesday, August 19, 2003 06:14:31	Virus pattern file:618
Thursday, August 21, 2003 08:17:12	Virus pattern file:620
Tuesday, August 26, 2003 07:12:56	Scan engine for Windows XP/2000/NT:6.640
Tuesday, August 26, 2003 07:13:29	Scan engine for Windows Me/98/95:6.640
Tuesday, August 26, 2003 14:14:45	Virus pattern file:622

WSHoward Kaikow
AskWoody Lounger

August 28, 2003 at 7:30 am #706660

Jefferson–

Some people I know who do IT adminstration have said in the last two weeks that they prefer Trend Micro over Symantec products because they have significantly better ‘real time’ or current defnition development. I know you know Trend very well–have you heard any of this?

SMBP

Reply | Quote

WSjscher2000
AskWoody Lounger

August 28, 2003 at 7:10 am #706644

(Edited by jscher2000 on 28-Aug-03 01:10. Link problems…….)

Sorry, Plan B: download PC-cillin, a competing product, and try that for 30 days.

Trend Micro is running a “$20 off” special for PC-Cillin, which makes it $30 (check the SOBIG.F page, since I can’t paste the link). There’s a $25 mail-in rebate for Norton/McAfee users: http://www.trendmicro.com/ftp/products/pcc…llin-rebate.pdf%5B/url%5D; I don’t know if these are combinable… if they are, $5 is a pretty good deal!

Reply | Quote

Albert M Avery
AskWoody Plus
August 28, 2003 at 4:16 am #706583
Thank you to everyone who has replied so far.

Here are some facts about the system I’m having the problem with:
1. I have been running AdAware every night for many months. So, unless AdAware is not doing its job, we can rule out spyware.
2. Virus checking goes on all the time and virus definitions are current as of today (8/27) – LiveUpdate checks daily.
3. Here’s what Symantec says “auto-protect” (NAVAPSVC) does:
  [indent]
  
  Norton AntiVirus Auto-Protect loads into memory when Windows starts, providing constant protection while you work.
  
  Using Auto-Protect, Norton AntiVirus automatically:
  
  Eliminates viruses, worms, and Trojan horses, including macro viruses, and repairs damaged files
  
  Checks for viruses every time you use software programs on your computer, insert floppy disks or other removable media, or use document files that you receive or create
  
  Monitors your computer for any unusual symptoms that may indicate an active virus
  
  Protects your computer from Internet-borne viruses
[/indent]
Unfortunately, NAV has no RT monitor capability.
I have uinstalled and re-installed NAV with the same resulting behavior.
I’ll take a look at Black Viper’s Windows XP Service Configurations and see if it helps.
Video driver – I changed my Windows error reporting to send me MSFT’s response on error submission. After one BSOD, MSFT told me that this was a device driver problem. Okay – it must be the video driver, says I. I locate and update the driver – same behavior.
[/list]Gang, this is a real stumper!

At the moment, I am running with auto-protect turned off and CPU usage is running below 20%.

I’ve attached Symantec’s latest response as a text file – after their server decided to let my support response through (hence the “welcome back”… in the message).

Thanks again,

WSHoward Kaikow

AskWoody Lounger

August 28, 2003 at 6:39 am #706623

I agree–Norton can be a resource hog, particularly on more memoring leaking OS’s like Win 9X. But they also have literally a couple thousand KB’s and papers detailing all their conflicts. I run it with 55 windows open and several resource using applications, as it is right now, and my total CPU usage is 9% and all the Norton processes aren’t taking near as much as is being reported here. I still think it’s something else helping, but its possible. I wonder if tweaking virtual memory (paging file) minuum maximum size on the Advanced Tab>Settings button of the System Properties dialogue box would help Al–it might be a workaround that works–only takes a few seconds to try.

“After a few hours, icons began losing definition, text in windows began disappearing and the system slowed down tremendously” And what’s up with this? Just out of memory, maybe but was his BSOD unrelated? It surely gave an error message that was written to Event Viewer.

SMBP

WSHoward Kaikow

AskWoody Lounger

August 28, 2003 at 6:39 am #706624

SMBP

WSHoward Kaikow

AskWoody Lounger

August 28, 2003 at 6:30 pm #707067

This makes plenty sense. I missed how much memory he had.

SMBP

WSHoward Kaikow

AskWoody Lounger

August 28, 2003 at 6:30 pm #707068

This makes plenty sense. I missed how much memory he had.

SMBP

Albert M Avery

AskWoody Plus

August 29, 2003 at 4:09 am #707435

Corrrect.

Viewing 12 reply threads

100% CPU Usage (XP SP1, NAV 2003-V9.05)

VIRUS INFECTION ALERT

VIRUS INFECTION ALERT

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

My Profile

Key Links

Remembering Woody

100% CPU Usage (XP SP1, NAV 2003-V9.05)

VIRUS INFECTION ALERT

VIRUS INFECTION ALERT

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

My Profile

Login and Registration

Key Links

Remembering Woody