Hunt For The Hole.

My "System Idle Process" is showing 95-98% CPU usage and peaking off the charts. I'm using Sysinternals ProcessExplorer to view it. Under "TCP/IP" I'm finding that my System Idle Process is performing many connections to the internet.

I did a whois and found the IP's to be from:

NTT America, Inc.
RIPE Network Coordination Centre
Global Crossing
Akamai Technologies
Yahoo Inc.

And several others. The first 4...I don't think they're Internet Service Providers (ISP's)

Below are screenshots:

http://i534.photobucket.com/albums/ee341/mediaarts/12Untitled12.jpg

---

http://i534.photobucket.com/albums/ee341/mediaarts/1Unti2tled1.jpg

---

http://i534.photobucket.com/albums/ee341/mediaarts/1313.jpg

---

http://i534.photobucket.com/albums/ee341/mediaarts/Un223titled.jpg

---

Yesterday I did a full National Security compliant drive wipe of every sector, every piece of data, everything on my hard drive; It took about 7 hours.

I just installed Windows Vista Home Premium today.

The only programs I have installed are Firefox, Kaspersky Internet Security, and System Mechanic Pro 8.0.

My hard drive is defragged, I've disabled services that are no longer needed, disabled all remote access services, and customized my security settings.

Why is my system idle process communicating to over 100 different IP addresses...even when Idle...??

What is this nfsd-status thing about?

Why is it using so much (98-99percent)

And why is my computer not crawling if that much is being used?

Most important question is why it is communicating to the internet...?

 

Good questions.

System Idle Process % is the % of your CPU that is not being used , so that the total cpu on your system adds up to 100%.

So if your System Idle Process % is 95% , your system is using 5%.
If you hit ctrl-alt-del , and see the graph , only a small line will be shown.

Your PC is not connecting to the internet. Only if STATE column in your 2nd or 4th screenshot shows "ESTABLISHED" , is it connecting to the internet.

Hope this helps.

 

Like Joyethedude already said, the System Idle Process is an... idle process. It basically tells you the CPU's perspective on "How lazy am I feeling today?" or "How much processing power do I have left?" If the System Idle Process is taking 5 % CPU, that means that real processes that are actually doing something (like, say, Microsoft Access) take 95 % and your CPU is busy working on things. If the System Idle Process is taking 90+ % of CPU, that means your system is hanging around doing nothing and waiting for you to give it some numbers to crunch so it can feel some purpose in its life. In short, small CPU usage by System Idle Process means a very busy system, and large CPU usage means an idle system that is doing pretty much nothing that is actually challenging to the CPU. So, you might say that large System Idle Process CPU usages are "good".

The System Idle Process is not a real process, and it cannot make any TCP/IP connections anywhere. The connections that Process Explorer is showing you are connections originally made by other processes that are in TIME_WAIT state, meaning connections that are being "closed, but waiting around a moment to see if the other party has anything more to say before I hang up." For example, Firefox connects to Wilders and downloads you this forum page. When it's done, the connection will go to TIME_WAIT for a moment because your system wants to see whether Wilderssecurity.com still has something more to say. Process Explorer shows these closing connections as belonging to the System Idle Process, but that doesn't mean that the System Idle Process is actually connecting anywhere. You could say that it's just other processes dumping connections they don't need anymore on the System Idle Process so it can throw them in the dumpster.

In short, what you are experiencing is completely normal and nothing out of the ordinary.

 

With specific regard to the servers you looked up, I quite commonly run across Akamai (typically "looking up ..." or "connecting to ..." in the status bar) when browsing. If I remember the contexts correctly, it's typically when logging into sites requiring login, particularly secure sites like my bank or the accounts section of Amazon.