The system is overloaded, what should I do? The system process loads the processor: why does this happen and how to fix the problem
Question from a user
Hello.
Lately my laptop has started making a lot of noise and slowing down. In the task manager I saw that the “System.exe” process creates a large load (it even reaches 40-50%!). What is it, and what can be done about it, how to find the cause of the problem? It wasn't like this before...
PS Laptop ASUS X501, Windows 10 Pro
Andrey
Good day.
Well, in general, such a system process as "System" exists, but "System.exe" - as far as I know, does not! (and its very name looks very suspicious, as if it is being disguised). This could be anything: from a virus to a program for mining cryptocurrency (recently such “add-ons” have become popular).
So, let's get down to business...
What to do with a “suspicious” process...
1) Look at its location
The first thing I recommend doing is task manager (to launch it, press the combination Ctrl+Shift+Esc) right-click on this process and select “Open file location” (if there is no such link, select “details”). The screenshot below shows an example.
In general, a similar problem with "System.exe" watched it several times:
- in one the cause was "Kms-Auto" used by some programs for registration. By deleting and closing this “utility” the problem was completely resolved.
- in another, the process was related to Windows Media Center. Having removed it from the installed programs, such a process no longer loaded the CPU.
Let me remind you that the original “System” refers to the system folder C:\Windows\System32 to the file “ntoskrnl.exe”.
Addition!
If the "viral" folder or file will not be deleted, use antivirus utility and advice.
2) If the processor is busy with something, but the task manager does not show this process or file location
This happens quite often. In this case, I recommend using special utility from Microsoft. We are talking about Process Explorer.
Process Explorer
This utility helps you find out which program opened a particular file. The program allows you to view information about open by process handles and DLLs loaded by them.
I note that not a single process running on a PC will “escape” it. Much more informative than a regular task manager.
3) How to distinguish a real process from a fake one (which of the Svchost, System, etc. processes is not real)
One of the most simple ways, this is to use an anti-virus utility (link to the official website). In her arsenal there is a special "Process Manager" (to open it, use the "Tools/Process Manager" menu) .
The essence of this dispatcher is that it can distinguish between processes that can be trusted (they are marked green), and processes about which he knows nothing.
For example, you suspect that one of the processes Svchost or System not real - just look at the list of these processes. All "normal" ones will be marked in green (plus pay attention to the "Description" and "Manufacturer" columns, Microsoft and Windows will be listed in them).
4) Prevention
As a preventative measure (so as not to catch something like this), we can recommend some rather banal things:
- do not install various extremely suspicious applications that promise you some money (or view interesting “photos” received by mail from an unknown recipient);
- download programs from official websites, do not use different keys, etc. (especially now, when many programs have free analogues, trial periods, etc.);
- install one of the modern antiviruses and configure it to be updated regularly. I noted the best products in this article: .
- and, of course, sometimes make backups of important data. It's even better to set up synchronization of your documents with cloud disk. You can find out what it is and how to use it here:
That's all, good luck!
Date of publication: 07/20/2010Article updated 12/09/2011
Symptoms:
Your computer suddenly began to freeze and slow down the system. At the same time, you have an antivirus with the latest antivirus databases. Click Ctrl+Alt+Delete and click on the tab Processes. You will see a list of all processes that are running in this moment; at the same time, you will see that one of the processes is consuming a lot of computer resources (although you are not currently using any programs). Here you will see a certain process svchost(there will be several processes with the same name, but you need exactly the one that loads the system at 100%).
Solution:
1) First of all, try simply restarting your computer.
2) If after a reboot this process continues to load the system, then right-click on the process and, in the list that opens, select End process tree. Then restart your computer.
3) If the first two methods did not help you, then go to the folder Windows and find the folder there Prefetch(C:\WINDOWS\Prefetch). Delete this folder ( delete exactly the folder Prefetch; DO NOT accidentally delete the folder itself Windows!!!)
Next, follow the second point (i.e. delete the svchost process tree). Restart your computer.
How many processes should there be in total?svchost.exe in the "Processes" tab?
The number of processes with this name depends on how many services are running through svchost. Quantity may depend on Windows versions, properties of your computer, etc. Therefore, there can be from 4 processes (the absolute minimum) to infinity with the name “svchost.exe”. On my 4-core computer with Windows 7 (including the services being launched), there are 12 svchosts in the “Processes” tab.
How to determine which one is a virus?
You can see in the screenshot above that in the “User” column next to each svchost there is the name of the source that launched this very process. In normal form, next to the svchosts it will be written “system”, or “network service”, or “local service”. Viruses launch themselves as “user” (can be written “user” or “administrator”).
What is a process anyway?svchost.exe?
If we talk in simple language, then the svchost process is an accelerator for the launch and operation of services. svchosts are launched through the system process services.exe
What happens if I click on “End process tree” and accidentally end a system process?svchost, and not the virus itself?
Nothing bad will happen. The system will give you an error and restart your computer. After a reboot, everything will fall into place.
What viruses masquerade assvchost.exe?
According to Kaspersky Lab, the following viruses are disguised as svchost.exe: Virus.Win32.Hidrag.d, Trojan-Clicker.Win32.Delf.cn, Net-Worm.Win32.Welchia.a
According to unconfirmed reports, some versions of Trojan.Carberp also disguise themselves as svchost.exe
How do these viruses work?
These viruses, without your knowledge, access special servers, from where they either download something else dangerous, or send information to the server (namely your passwords, logs, etc.)
Processsvchost.exe loads the system, but in the “User” column it says “system". What it is?
Most likely, this means that some service is working hard. Wait a little and this process will stop loading the system. Or it won't stop... There are some viruses (for example: Conficker) that use real svchosts to corrupt your system. These are very dangerous viruses, and therefore you should check your computer with an antivirus (or better yet, several at once). For example, you can download DrWeb CureIt - it will find such viruses and remove them.
Why do you need to terminate the process tree and delete the folder?Prefetch?
If you terminate the process tree of your system-slowing svchost, the computer will reboot immediately. And at startup, when the virus tries to start again, the antivirus (which you must have installed) will immediately detect and remove it. Although there are many modifications. For example, the original source of such a virus may be located in the Prefetch folder. This folder is needed to speed up the operation of services. Removing it will not harm your computer.
Your advice didn't help me. Processsvchost.exe continues to load the system.
First of all, check your computer with an antivirus. Better yet, check your computer with several antiviruses.
I can also advise you to clean out the System Volume Information folder. This folder contains restore points for your computer. Viruses register themselves in this folder, since the system does not allow the antivirus to delete anything from this folder. But this is unlikely to be of use to you. I have not yet heard of such modifications of viruses that pretend to be svchost.exe and are located in the System Volume Information folder.
If you have any more questions, I will be happy to answer them.
Latest tips from the Computers & Internet section:
Council comments:
Thank you very much! Everything is clear and without water. All unnecessary processes have disappeared. Thank you!
Windows6.1-KB3102810 x86 (x64) - for 7, whose updater eats up a lot of RAM.
In short, I figured out why svchost loaded percent by 30%, the Spyware Process Detector utility helped to uncover this mysterious process (you can find it on the Internet with a crack), and it turned out not to be some kind of malware, but an ordinary system process Defrag exe, and it was rattling around. In short, I disabled the Disk Defragmentation service, svchost is no longer arises. The problem is solved.
I tried everything, and disabled the update center, and deleted Prefetch, and completed the process tree, nothing helps, svchost still loads at 30%.
Ilya, thank you very much! It helped! I did everything as written. Only on my XP the service is called Automatic Update. After disabling autorun, as soon as I managed to stop the service, this process disappeared and the CPU load subsided. For those who don't care about XP or updates, I recommend this method.
Ivan, thank you very much for your comment) It helped. I denied access and everything returned to normal. Nothing helped before!
I deleted the Prefetch folder, but after a reboot it appears again, just like the problem with the RAM.
on Win XP I solved the problem simply - by disabling system updates. Probably the soft ones are in this way unobtrusively pushing users to leave XP and 7.
Rustam, the article clearly states that this folder is not for system files(which lie in windows folder). Here is a quote from the article "Removing it will not harm your computer." READ THE ARTICLE CAREFULLY, cykablyat!
I looked into the svchost folder, but found there only the root folders of all programs running on the computer. when deleting, a catastrophe could occur, but the main thing is: a complete shutdown of all life-supporting programs, which ultimately would lead to the fact that after a reboot the computer would stop working altogether, and I would have to reinstall Windows. So, I did not risk deleting the entire host folder . I will look for other solutions to problems. And for those who think that disabling the update solves the problem, I’ll say: I did this once, and the virus that got into the computer ate the entire motherboard and the hard drive stopped working. in fact, it starts the laptop, but immediately freezes and does not even respond to ctrl-alt-del. And on the start and shutdown button of the computer. I have to take out the battery... since then the laptop has been retired... not a single workshop will undertake to repair it. some kind of nonsense.....
I demolished this folder - it helped. Thank you!
who can help with svchot? my contact details WhatsApp Viber +7 999 171 60 74 Skype West00073 I will be grateful. I tested the computer in every possible way and it doesn't help.
who can help this SWSHOT just tortured me, tried everything. Is there anyone who can solve this issue?
All the methods indicated in the article did not help me, I decided to read the comments and they most often said that it was not a virus but updates and I turned off these updates and everything went away
Thank you!! took down the folder. corrected ;)
I apologize, my mistake. other processes in Sestem32
What if the process that consumes the CPU is located not like all other svchosts in Win32, but in AppDataRoaming?
Thanks, I deleted the folder and everything is fine.
The advice from the comments from Roman on 08/30/2016 helped me, namely the second (additional) method, through Administration!
Thank you everything fell into place!
Can I contact you on Skype?
If RAM overloaded, but the system works.
Yours operating system consumes a large number of memory? And overloaded from session to session. Don't panic. As paradoxical as it may seem, especially for those who suffered from a lack of RAM on old computers, the condition in which the RAM is overloaded is sometimes absolutely normal. “Underloaded” memory is just a waste of that same memory.
Let's separate the causes and problems
But first, let's clarify the situation. If the RAM is overloaded, this is sometimes a bad sign. If the memory is full, and the computer begins to slow down, the hard disk loading indicator blinks continuously, and the system begins to fill the paging file on the hard drive with operational data. If this happens, there is only one conclusion: there are many applications running that consume too many Windows resources, or there is a process running against you in the system. The nature of these applications can be judged by Task Manager, which describes all programs currently running. These could be tasks you started or viruses. Often programs are able to camouflage themselves even from the Manager, so if the RAM is overloaded “for no reason”, you should think about changing your antivirus or it’s time to add an anti-malware. But the first thing I would start with is checking the RAM with the utility.
And again, the situation is different. If you notice that the memory begins to fill to capacity precisely when you connect to the network or when you try to download something (and the Windows Manager is silent, like a guerrilla), it’s worth remembering whether some software or special drivers to enhance loading. In any case, check your network drivers. And the easiest way to check whether a specific device is working against you is to Safe mode without network drivers.
Let's continue further. Comrade Russinovich, who, together with his colleagues, has written a lot of useful things for Windows, has a separate copy that significantly expands the functions of the Task Manager in the area of RAM operation. We're talking about a utility. Anyone who has wondered about the use of RAM should have this utility appear on their computer.
Working with the utility - and within this... go directly to the tab File summary: it can already clarify a lot, because it gives a list of not just abstract programs and services, but a NAMED LIST of files that are SPECIFICALLY eating up your RAM right now. Frankly speaking, this is one of the few utilities that can really help to catch the culprit of problems with RAM, not in the form of “Yes, Chrome eats a lot!”, but will show a specific document on the hard drive, which, among others in the running service, is the culprit of the situation.
AMENDMENT
In this article, I am not looking at special cases when the RAM is overloaded so much that the system simply stops and it becomes impossible to work with it. Moreover, it does not matter what amount of RAM is installed on the computer: 4 GB or 16 GB - the memory is completely filled almost immediately after the system starts. In this case:
- If your computer is particularly slow when accessing the Internet, read the article. There we will look at an example of how to identify the cause of such slowdowns.
- The task manager shows that the system is slowed down by one of the specific processes, but for no reason visible to the user. Read the article
- The RAM is completely occupied, the system stops, but the Task Manager cannot indicate the reason: visually all processes consume a non-critical amount of memory. This is a virus or malware that “edits” network drivers. Dig this way.
So you should separate the situation with a full RAM load as a result of the actions of malicious programs or broken drivers and a malfunction of the “RAM-slot-waterbox” connection and the scenario where in fact everything works correctly, only a few programs are open, and there are signs of a slowdown in the computer is not observed, but the RAM is still overloaded.
One of the ways to find out the reason or try to get to the bottom of the reasons for RAM overload is to create a another account. With administrator rights. And compare everything you can compare: running processes and services in the Task Manager, information from System Monitoring, Startup folders and System Configuration from msconfig. If there is a problem, it may manifest itself.
Caching
Those who experienced Windows XP remember well how freshly installed Windows consumed 150-250 MB of RAM. For owners of Windows 7 and later, the situation has changed radically. It consumes at least 1.3 GB of RAM by default. Hence, many of the users made the wrong conclusions about the advantages of the previous system over Windows 7. RAM for the modern system is used much more profitably than in the days when the immortal Windows XP was born. It is now a cache for frequently used files and program data. It is the RAM cache that is responsible for storing a copy of the files that you recently accessed (if the system goes to the HDD constantly, it will stop moments after starting).
Thus, for the first time, technology appeared in Windows Vista SuperFetch(super sample). SuperFetch is an internal service that runs internally system processsvchost. Technology SuperFetch allows you to determine the user's most frequently used applications, create their database, and re-upload the data into memory in ready-made blocks each time the program is launched. As a result, programs load faster. Constantly updating the list of user preferences, SuperFetch right during operation, it can change the speed itself Windows operation, observing the user's actions.
SMALL INSTRUCTIONS FOR MEMORY DIAGNOSTICS
Now I will show with a small example how you can use some of the built-in and special programs in finding missing RAM in Windows.
- So, what do you need to know about cache and how to control it? Using Windows tools - almost nothing. However, since the current size of the RAM cache is easy to check (its size in the current session can tell you something), let's take a look at it: in the Task Manager it is in the tab Performance. So, in Windows 10 it is here:
For now the situation is normal, but in moments it will begin to change
The main thing you should understand now: if you have installed 4 GB RAM, it is full, and the cache is allocated in the area 200 MB, you have serious problems. Means…
- open the tab Processes Manager and for ease of viewing, rank the column with processes according to the amount of RAM consumption, and by adding the values, estimate whether all processes really consume so much physical memory that the 4 GB mentioned in the example is not enough? We discovered a failure and half were missing:
even offhand - there’s not even a gigabyte of RAM here
- in the same Dispatcher we need . Here everything is in more detail and some inconsistencies are already evident (it just paints a real picture of how RAM in the system is distributed and where it is currently used):
the situation does not require intervention: the most consuming applications are visible in full view - these are the Chrome and Edge browsers
- however, in a few minutes the situation will change and the time comes - it becomes warmer:
too much for a “small” part of the system cache
For those who are interested, but have forgotten: A metafile is part of the system cache and consists of NTFS metadata. And this, in turn, is the MFT table, folder names, paths to them and assigned attributes. But something already hurts too much...
- In general, further research may not be interesting to you. The event log showed that the defragmentation service was trying to analyze everything system volumes hard drive on schedule, but every time I came across an error in one of them. Fortunately, the situation was successfully resolved by correcting errors on the disk and starting the defragmentation service along with the MFT table. It took a lot of time (all night on a 500 GB partition), but after the reboot, tears of joy appeared on the face of the computer owner: 1.2 GB maximum RAM load instead of 4 GB before. For a weak system, the increase is significant.
What else is there in the arsenal to speed up the system?
Windows developers continue to care about the user by loading the system with a set of functions that allow you to respond to problems without waiting for massive reviews. For this purpose, a third of Windows services are only diagnostic in nature, which work on the “started-observed-notice-report” principle. Whether the system is stable or not, the services will be started. The processor is loaded, the RAM is full. Who's feeling good? No, this is not about stopping all “unnecessary” services. The question is in the area of “articulation” between an aging computer and a shoehorned version of Windows. In general, drivers and more drivers.
By the way, the most likely option to get rid of one of these services is to stop, for example, the monitoring service Network Diagnostic Usage(aka NDU). Only the developers know what she’s looking at there. Personally, after turning it off, I felt a little better and the amount of free RAM increased by 10 percent:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndu
parameter Start I deduce from the meaning 2 on 4 :
I repeat, there can be quite a few such services in the system, as evidenced by the paragraph NonpagedPool windows of the same RAMMap. Or it may not exist at all.
When the system process loads the processor, it causes a lot of problems for the owner of a PC or laptop running Windows OS.
This most often results in non-critical crashes such as freezing, slow loading, and poor performance.
At the same time, the greatest difficulty for the user may be that a PC that was working properly yesterday suddenly refuses to work properly today.
What's going on and how to find out
It is not difficult to make sure that it is the system process that is loading the processor. But this task can be completed by a user with knowledge that slightly exceeds the basic ones.
In order to check the processor load, you will need to launch Task Manager.
There are several ways to launch it, but the easiest one is to left-click on the taskbar to bring up the menu.
The taskbar is a rectangular area, traditionally [by default] located at the bottom of the screen
In the menu that appears, you will need to select the line Task Manager, after which a small window will appear in which a list of running processes will be displayed on one of the tabs.
rice. 1 - appearance task manager in Windows 7
Its appearance may differ significantly depending on the version of the operating system, for example, but the essence remains the same.
The higher the number in the CPU column, the more the process will load the hardware, which will ultimately impact performance.
In critical situations, this figure reaches 100% and it becomes impossible to fully work on a PC.
There may be several reasons for such unusual activity of processes hidden from the user, and they can all be solved in different ways.
Automatic system update
A common reason for the System process to run excessively is automatic system updates, including downloading new drivers. This function, although useful, is not always convenient.
How to clean your computer so it doesn't slow down? Options with free programs and manually
technical issues
Hardware problems that affect user interaction with the system are also a common occurrence that users encounter. There may be several reasons for this:
- Lack of appropriate drivers.
- The driver is not working correctly.
- Incompatibility of hardware and operating system.
- Late physical maintenance.
Each of these reasons requires more detailed consideration, since the way to solve them is not always the same.
In the first case, the System process may become excessively active when the user accesses a device that was physically connected to the PC, but its operation was not configured accordingly.
Most often this happens with new components for which the manufacturer did not provide a driver disc in the packaging. In this case, you will need to install it manually.
If you have an Internet connection, this is easy to do.
The user must have administrative rights to make these changes, so if Account has restrictions, it will need to be changed to Administrator.
After this, you need to use the Start menu, from which you want to launch Control Panel. You need to launch the section from it device Manager.
In the manager dialog, a device without drivers will have a [?] sign.
For it, you will need to right-click the Properties line and in the dialog that opens, on the Driver tab, use the buttons to install.
Tip: if you have problems with the wizard, download drivers manually from official sites
rice. 4 – Control Panel in Windows 7
Incorrect driver operation
In the second case, when the driver is installed, the same problems may occur only because the device driver version does not match.
In this case, you will have to update it using the Device Manager mentioned above.
To do this, you will need to select the problematic component in the Manager window and, using the right mouse button, run the command Update driver.
This operation, as in the previous option, will launch the setup wizard.
In the third case, processor overload will be due to incompatibility between software and hardware.
This situation may be caused by installing new, untested hardware or installing an operating system update.
In this case, correct operation of the equipment with the previous version of the software will be less problematic.
Accordingly, you will have to take radical measures - either return, change or remove the modules that cause the error, for example, a network or video card, which is most often the case.
But such problems can also occur when the above-mentioned hardware components are simply not properly maintained.
A temporary solution to the problem in this case is to turn off the power to the PC.
It allows you to remove static voltage from the device, but after a short period of use the problem returns.
In this case, basic cleaning of dust from the internal components will help.
rice. 5 – Device Manager window in Windows 7
When opening the Task Manager, you should always monitor CPU usage. The total workload is indicated at the very bottom of the window. Sometimes the “System” process can completely overload the system, up to 99%. And this is far from the norm. But it is quite possible to solve this situation on your own.
Most often, the reason for the CPU overload of the “System” process is associated with the Automatic Update mode of the Windows operating system being enabled. To troubleshoot, you must open a command prompt with administrator rights. Insert the phrase “net stop wuauserv” into the line and confirm your action. A window should open in front of you notifying you that the service has stopped.
After that, open the Task Manager again and check the CPU load. If the indicators remain critical, you need to restart the disabled service. Open the command line again and enter the same phrase.
If you have Windows XP operating system installed, the cause of CPU overload may lie in the IPSEC service. Therefore, it is worth trying to disable it. To do this, type the hotkey combination Win+R and in the opening window command line enter “control ADMINTOOLS” and confirm your action. A list will open in front of you, in which you only need the “Services” item.
We go into it and look for the IPSEC service. Right-click on the file and select the “Stop” function from the drop-down menu. After this, we check the CPU load. If the problem is not resolved, you can enable the IPSEC service in the reverse order.
Sometimes the cause of CPU overload is due to the antivirus not working correctly. Try uninstalling the antivirus and viewing the task manager again. If the problem is resolved, just download a new antivirus. If you installed a paid version of the antivirus, you need to contact technical support to resolve the problem. Also, you should definitely check your system for viruses. In this case, the current antivirus will be Dr.WEB. Download it and conduct a full check.
Loading...
