Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CPU usage 100% after doing Microsoft Windows Security Bulletin Summary 6

Status
Not open for further replies.

1Zeus

IS-IT--Management
Apr 7, 2004
15
US
After downloading and applying the updates that microsoft put out today, by system CPU is 100% in task manager. The system cpu usage is at 100% even when booting into safemode.
The system is dog slow now, I can't even get into the control panel to uninstall the security updates. Please Help.
 
waistedtime said:
I noted a V1.1 of the patch, dated 4-21. Thought, cool, let's try it.

The only modification made in the V1.1 release was to the text notes that accompany the Hotfix bulletin, not to any of the files involved.

Sorry, but MS is fully aware of problems in some Win2k situations and promises relief.
 
I've had the problem described in this thread, my machine couldn't finish to boot even after waiting for 1 hour... so it was impossible to uninstall the update using add/remove programs. I used a DOS boot floppy, and copied C:\WINNT\$NtUninstallKB835732$\ntoskrnl.exe to C:\WINNT\System32, overwriting the new version installed by the update, and it worked. Of course, this is not "clean", but it works...
 
I ran Windows Update earlier this afternoon on a user's Dell Latitude running 2000 and am now suffering from the same problem. We have ran the same update on other machines this afternoon without problems. I am trying to go through Safe Mode now to uninstall the patch. At the pace it is crawling I wouldn't think it possible to remove it, but everyone says it will get there eventually, so I'll keep the faith.
 
Safe Mode did not work, could not bring up Add/Remove Programs in either mode. So I pulled up a command prompt and used the following method I found and modified... go into the $NTUninstallKB835732$ directory in WINNT. In the spuninst directory is a file called spuninst.txt. Rename that to spuninst.bat, then run the bat file. Reboot and all is back to normal. Whole process took about 5 minutes.
 
I had the same problem when the updates were applied to a Dell Latitude C640. I resolved the problem in the manner described by bcastner in his April 16 posting except that I was in normal mode since the computer would not let me login in Safe Mode. The other method difference was that I did not change the priority of MSHTA.exe but did change the priority of spunist.exe to high after the program removal started. Probably took 40 mintues total to remove the hotfix. On the first reboot, I received a tsistrm.sys error message related to a LapLink 2000 driver. So the problem with the hotfix may be driver related. I was lead to this thread after using a program procexp.exe from to identify that ntoskrnl.exe, which is a subprocess under SYSTEM.exe, was using most of the CPU. The procexp.exe program breaks down SYSTEM.exe (and other processes) so that the CPU usage for each subprocess can be seen.

What, if any, are the consequences of the hotfix not being installed? Is there a way to install it so that the problem is not encountered?
 
Thanks, our machine that experienced the problem had VPN software installed using the IPSec driver. At least now I know which machines will clash with the fix.
 
Oddly enough I have found that once the KB835732 is uninstalled, you can restart the PC and reinstall the update with no problems. At least that holds true for the machines I have done this with.
If you are in a situation where you can clone the hard drive from another machine...do it instead of uninstalling. Removing KB835732 is a booger any way you look at it. But if you can't sacrifice the files, grin and bear it.
This makes a real believer out of those who don't back up files!
Good luck everyone!
 
Found a fix! - We worked with Microsoft (like extracting teeth) and found a prerequisite patch for Windows 2000 clients that experience the 100% CPU utilization problem. I applied the patch to my system (which had the problem in question) and then reapplied the KB835732 patch and restarted without a hitch. Note one small caveat... This is not a published / released patch - you must request it specifically from Microsoft. They will determine if you are worthy to receive it. Reference patch No. KB841382 or "KB Article Number(s): 841382" when you call / submit an incident report with IBM and they will provide you with an executable. This is an important patch because it fixes the security hole exploited by the latest SASSER WORM virus strain. Good Luck!
 
Sorry for my goof up in the last post (even though I proof read it 5 times.) Call / Contact Microsoft - not IBM! :)
 
The MS 04-011 is a pain, but in most cases it can be applied. Thank you DWalrus and eighty3jag for the possible resolutions to applying the hotfix.

See also:
This site is changed several times an hour. See this MS KB article about issues with MS 04-011, and known workarounds, this KB is revised constantly to stay on top of any issue with the hotfix:
 
We had a couple of machines out of a few hundred that had problems after installing kb835732. The PC's were running the same op systems (windows 2k) and had the service packs on (sp3). They would randomly freeze after installing the patch, upon removal of the patch they worked normally without any problems.

We have since fixed this issue by installing service pack three again on the affected PC's - hey presto cured.
 
Ok, here's what worked for me. I uninstalled kb835732 from add and remove programs ( took several hours). I did set spuninst and explorer to realtime. I got the fix from Microsoft (shock it went pretty smoothly getting it) and installed that. Rebooted and reinstalled the hotfix. Thankfully all seems to be ok now.
 
Has anyone tried to "slip-stream" this into the unattended install process? We create sysprep'd images to deploy new computers and re-base existing ones with problems. These images get pulled from the network and the ones without the patch built into the image, can get the virus before the system is ready. This was big in the blaster days.
We use a process to have the patches applied during an unattended install, but every time I "slip-stream" this patch, the system goes into a loop reboot after the PnP process. It can't find the winsrv.dll file which is new in this patch.

I had to recreate the i386 install directory with the sp3 CD and apply our previous patches before the MS04-011. Tested that and it worked fine. Now, I just added the MS04-011 patch and am testing again. We'll see if it blows up again. Has anyone heard of this?
 
Some of our computers are displaying similar symptoms. We rolled out 835732 on Tuesday morning and some computers are now intermittently showing explorer.exe running at 98-99%
This is different from the other posts on this page where the system process seems to be responsible. The computer becomes sluggish but not excruciatingly so. I was wondering whether you thought this was the same issue? I have not uninstalled the patch as the explorer process can simply be terminated and restarted after which the system runs normally again for about 2-3 hours. The PCs this is occurring on are all the same spec and differ from other computers in that they have Matrox G200 graphics cards installed. All our computers are running Win2k Pro SP4. I will try uninstalling the hotfix and post again with the result.
 
Well, following my earlier post, having removed the patch from the affected systems, things seemed to be back to normal for a day or so. Now the symptoms have returned. The process explorer.exe is taking up 99% of the cpu time on a single processor machine around 50% on a dual. Are there any diagnostic tools that I can run to see what may be causing the problem? I have checked for spyware and the systems appear to be clean.
 
Pauldr,

I'm experiencing the same problem on the W2K machines at work and like you've also said, I don't know if removing the kb will resolve the issue. Can anyone also let me know of any fix for this particular symptom?
 
Block ports 135 and 445 in your firewall, and remove the patch for now.
 
Just an FYI on this issues, In my office, I am the only one with this problem and it occured when I did an update to adobe acrobat from 6.0 to 6.01 and/or related to acrobat atmosphere reader. Out of over 100PC's I am the only one with the problem. It seem to have started when I updated acrobat. I am able to fix it from provided instructions

Also during the removal process it says that acrobat may be effected.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top