Solving an 100% CPU usage problem

Discussion in 'ESET Smart Security' started by bruteforce, Oct 24, 2008.

Thread Status:
Not open for further replies.
  1. bruteforce

    bruteforce Registered Member

    Oct 24, 2008
    Hi all,

    I have been using ESET SmartSecurity on 4 of my computers, 2 desktops and 2 laptops, for more than a year without any troubles.
    However at some moment I noticed that the my IBM ThinkPad X41 was extremely slow. Process Explorer would show CPU utilization being constantly at 100% and the culprit was ekrn.exe.
    If I disabled Real-time file system protection then CPU went down to normal. When I reenabled it then back to 100%.
    To start with I left the laptop open for a couple of days so maybe ESET would get done with something it was doing but of course that was a silly thought without results.
    Then I tried to uninstall and reinstall it but this was just another silly thought and of course the problem remained.
    So I decided to use the artillery. I opened up Process Monitor by SysInternals just to take a look at what ekrn.exe was doing.
    It was scanning over and over a 9MB html file!
    The location of this file?
    C:\Program Files\ThinkPad\ConnectUtilities and the name of it AddConnAdvanced.html

    So I added this file to the exclusion list and my laptop became normal again.

    I thought maybe my laptop downloaded some software update that screwed things up, so I decided to look at what could a 9MB html file possibly hold.

    Surprise (again)!

    It was the IBM utilities debug log... I had a problem with the wifi of the laptop about two months ago. So I turned on the debug diagnostics and forgot it on even after I solved the problem.
    It seems that the IBM developers wanted to appear slick I guess, so a .TXT file was not good enough for them but instead they output an HTML file which eventually gets huge, it is an HTML file so it gets scanned by adivirus software because it might be malicious ending up in a frustrated user :mad: . Bravo!

    I do device driver development for a living and as a result I have a "lean and mean" mentality. I just hate it when people use HTML for something that could be done with a plain txt, or use .NET for a config utility because they want to add a silly jpg on the dialog and don't know how to do this in plain Win32.
    Things are simple: When you do more than you absolutely have to, then you increase your application's "problem surface". More and more things can go wrong and you DON'T want things to go wrong with low level stuff like debug logs and config utilities.

    Anyway, ESET is not to blame here, but it would help if they provided some statistics screen/report with the most scanned files so we can solve such problems in an easier way, without using super natural powers :p

    Tip: If a similar thing happens to your PC and it in so slow that it is almost unusable because a process is taking 100% CPU and you don't want to kill the process (so that you can study what is going on) then try lowering the process priority of the offending process. This will permit you to use your computer again so that you can solve the problem.

    Warm Regards,
    Dimitris Staikos
  2. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    please compress that html file with WinRAR/ZIP and send it to samples[at] with this thread's url in the subject.
Thread Status:
Not open for further replies.