Options

Why the hell does my DNS service spike to 100% CPU periodically?

LoneIgadzraLoneIgadzra Registered User regular
edited September 2008 in Moe's Stupid Technology Tavern
Windows XP SP3, all drivers latest version, all updates download, Windows update turned off (in control panel), no extraneous anything running. 1.8 GHz Athlon XP 1 GB ghetto rig.

No idea when this started. Possibly after installing .NET 3.5 SP1, or maybe after one of those random incomprehensible optional windows updates. Maybe earlier.

Anyway, I noticed it when I was playing Diablo 2 and suddenly the game completely froze and when it started moving again I was dead. Ran process explorer for a while to try to catch what the problem was, and it turned out to be svchost.exe - specifically, PID 1480, responsible solely for dnsrslvr.dll.

I mean what the fuck?

Also, this should be the easiest google search ever, but I can only find a handful of people with the same problem, and the only solution so far is to disable the offending process, which sounds to me like it might break the internet, but I'm not really an expert.

LoneIgadzra on

Posts

  • Options
    TofystedethTofystedeth Registered User regular
    edited August 2008
    Well worst case scenario it'd only break your internet. ;)

    Tofystedeth on
    steam_sig.png
  • Options
    Satan.Satan. __BANNED USERS regular
    edited August 2008
    Yes, that will break the internet for you. dnsrslvr.dll is DNS Resolver. It's what takes forums.penny-arcade.com and finds the IP address to get you to the site you want to get to. As to why you're spiking, I have no idea.

    Satan. on
  • Options
    .kbf?.kbf? Registered User regular
    edited August 2008
    It sounds like you either have a virus or one of the windows updates is conflicting with something.

    Run a virus/spyware scan. If that comes up nada the easiest thing would be to just do a system restore if you have that capability.

    .kbf? on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    Yeah I have XP Pro, but I have no idea how restore works, nor do I go out of my way to make restore points.

    I'll run a pccillin house call or something.

    Edit: Actually, messing with my data is out of the question because I just backed a bunch of stuff up on this computer.

    LoneIgadzra on
  • Options
    Satan.Satan. __BANNED USERS regular
    edited August 2008
    Start :arrow: Help Center or whatever the hell it's called :arrow: Some small line of text about System Restore

    Your system should do it sort of automatically from time to time, but your most recent time might be like two weeks ago.

    Satan. on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    Hey look pc cillin found a virus.

    Well shit. I don't click random crap, wonder how that got there...

    So does system restore revert the whole hard drive or just Program Files or Windows or what?

    Edit: yeah, just exe files or something - read wikipedia article. Sounds really goddamn confusing tbh and who knows when this virus came in, I haven't tried to play games on this machine in months. I'd rather reformat than roll back and spend the next 6 months figuring out just what the roll back did.

    LoneIgadzra on
  • Options
    DjeetDjeet Registered User regular
    edited August 2008
    system restore should leave your data files intact.

    it will revert your O.S. back to what it was like at the given restore point. So if the restore point you pick was for this monday, and since then you installed 2 windowsupdates, updated your sound card drivers, and uninstalled microsoft word, then your system will be restored to the state it was on Monday. And you'd be lacking those 2 windowsupdates, you'd have the older sound card drivers, and word would still be installed.

    but it leaves your data files alone.

    it's voodoo, blackest redmond voodoo.

    Djeet on
  • Options
    EgoEgo Registered User regular
    edited August 2008
    It's also a popular place for a virus to hide. Including the one you've got. A virus scanner can tell you if something is hiding in system restore (though it won't be able to kill it, you'll have to disable system restore --which will wipe you restore points-- to get at it.) Even if your restore points are clean, I would think it highly doubtful that using one of them will actually kill your virus for you.

    Ego on
    Erik
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    Goddammit I forgot to disable system restore before running this 3-hour scan.

    Also, is there some way I can change XP's security settings so that I'm not constantly running with admin privileges, making it harder for something like this to install itself? I have seen first hand how easy it is to crack XP passwords with admin access so I'll be passwording all admin accounts and disabling the DOS hash or whatever the shitty one is.

    Edit: Oh yeah removing this virus still didn't fix the dnsrslvr.dll service. Awesome. I am sort of tempted to try replacing it with one off a working PC.

    Edit 2: It looks like I didn't even have a real infection. Basically what it found were some fucked up .exe's from ancient computer science projects that I probably never would have run anyway. Now that I've turned off System Restore. AAHSGDJASJHASJSGAJD

    Edit 3: Here's something interesting: I cleared the DNS cache and basically every time I go to a site I haven't been to before the service's CPU use spikes. Otherwise it does nothing except at seemingly odd times, and unfortunately it's still catostrophic.

    LoneIgadzra on
  • Options
    DjeetDjeet Registered User regular
    edited August 2008
    Also, is there some way I can change XP's security settings so that I'm not constantly running with admin privileges, making it harder for something like this to install itself?

    Um ... use an account that's not either "Administrator" or in the administrators group?

    Djeet on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    Yeah I'll probably do that. Sorry, just thinking out loud earlier.

    Edit: What the - why does my network connections folder have a 1394 connection? I have no firewire in this computer...

    Also, uninstalling and reinstalling my ethernet card made no difference. I think I'll just end up formatting at this point because this bullshit is unacceptable and I can't think of anything else to try and it's never happened before.

    Update: Now I don't get spikes most of the time when it has to look up a site, and on the whole they've dropped off by 90%. Interesting. All I did was leave it for an hour for obama's speech. Rebooted and still can't make it spike reliably any more and was able to play some diablo without incident.

    LoneIgadzra on
  • Options
    zanetheinsanezanetheinsane Registered User regular
    edited August 2008
    It's possible that your motherboard has firewire pins on it much like you would have ones for USB connections, and you are simply not using frontports for it. You probably have firewire ports but don't have a connector to actually utilize them.

    zanetheinsane on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    No, I don't actually, it's a pretty old and basic motherboard.

    LoneIgadzra on
  • Options
    DjeetDjeet Registered User regular
    edited August 2008
    Do you see a 1394 controller in the device manager, perhaps with a bang? I had a POS USB device with crap drivers once get installed by XP as a 1394 controller.

    Not sure what was up with your DNS resolver, perhaps your ISP was having DNS issues and the resolver needed to retry a few times. If this happens again, you might try changing your TCP/IP configuration settings so it's pointing to a different DNS server (like OpenDNS).

    Djeet on
  • Options
    Zilla360Zilla360 21st Century. |She/Her| Trans* Woman In Aviators Firing A Bazooka. ⚛️Registered User regular
    edited August 2008
    Djeet wrote: »
    you might try changing your TCP/IP configuration settings so it's pointing to a different DNS server (like OpenDNS).
    Limed for truth. Everyone should use these guys, so much better service than most ISP's in every way. :)

    Zilla360 on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited August 2008
    Yeah, the problem seems to have gone away on its own, but I checked out OpenDNS and looks good. :^:

    I've had some problems with my ISP's DNS being out in the past.

    LoneIgadzra on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited September 2008
    Hey I figured it out! It was Hamachi!

    Which is too bad because I use Hamachi a lot.

    LoneIgadzra on
Sign In or Register to comment.