Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


CPU runs at 100% sometimes

  • Please log in to reply
2 replies to this topic

#1 dubbleii


  • Members
  • 18 posts
  • Gender:Female
  • Local time:03:57 AM

Posted 03 January 2011 - 12:52 PM

Is this a virus or is Norton, (this computer's antivirus program) just a crappy antivirus product?
We have Windows XP 2002.

I have updated iE and also chrome.

I also did the Live Update for Norton today.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,093 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:57 AM

Posted 03 January 2011 - 03:21 PM

ccsvchst.exe is related to Symantec (Norton) products.

If you do a Google Search for ccsvchst.exe high cpu usage, you will find this is a common complaint from Symantec users.

However, determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitmate file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.

Tools to investigate running processes and gather additional information to identify them and resolve problems:-- These tools will provide information about each process, CPU usage, file description and its path location.

-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.

-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

Edited by quietman7, 03 January 2011 - 03:30 PM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • Gender:Male
  • Local time:08:57 AM

Posted 03 January 2011 - 05:35 PM

Just wondering, I assume your machine is a single-processor, single-core machine?

On a multi-processor and/or multi-core machine, you could set the affinity of the Norton process to a single core, thereby limiting the performance hit you notice.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users