Questions

ntvdm.exe consumes 99% of CPU

+
0 Votes
Locked

ntvdm.exe consumes 99% of CPU

rob.w.westcott
Hi, I am running XP Home (actually re-installed a month ago from scratch) and find that if the PC is left unattended for about an hour the ntvdm.exe process starts up and slows everything down as it consumes 99% of CPU load. It never starts on initial boot, only after significant unattended time.

I have run Virus scanners and Spybot to see if it clears it, turned off screensavers, etc. but can't find out what is starting it.

Can anyone give me some tips on tracking what is setting ntvdm.exe running, ie. can I use Process Explorer or similar to trace it?
  • +
    0 Votes
    Bax2x

    I would just delete the file. I had this happen to a friend's machine. It was a quicktime file actually that ate up all the open CPU usage. I deleted it and the problem was solved.

    +
    0 Votes
    rob.w.westcott

    Thanks for the suggestion. In desperation I did try this, however Windows managed to get another copy of the file from somewhere (I'm guessing in a CAB file or similar). I found one of these alternates and deleted it but it is still coming back!

    +
    0 Votes
    boxfiddler Moderator

    but the link below will tell you what it is. It is likely not a good idea to delete it.

    http://www.processlibrary.com/directory/files/ntvdm/24761


    edit: add a line

    +
    0 Votes
    rob.w.westcott

    Thanks for all the suggestions.

    I tried many other spy and virus removal techniques. None of them stopped the problem, and none of the tools ever detected anything malicious on my machine.

    The only suspicious thing I found was a lot of extra entires in the hosts file, which is a symptom of some type of malware getting through.

    Eventually I gave up and just re-installed XP, so far so good, will keep my fingers crossed.

    +
    0 Votes
    ComputerCookie

    if you search your computer for ntvdm.exe it will show up in system32 files and it hasn't gone away as it's used to run 16bit apps in a 32bit environment.

    The only way that I could see it running is if you run a 16bit app, so if you go to run same again you may see the problem recur. I would think the process would only display that type of behaviour if the application had an error or was incorrectly terminated.

    You will need to check task manager and end the process if after running a 16bit app if it is still running.

    +
    0 Votes
    rob.w.westcott

    Yes I know that it is meant to run when a 16-bit app runs, and yes I can kill it. But I am not running any 16-bit apps (that I know of), in fact it actually starts up after some idle time when I haven't been running anything. What no-one can tell me so far is how to find out what 16-bit app is being started (remembering it only starts after a period of idle time so isn't a boot process).

    Reinstalling XP seems to have fixed whatever it was in any case.

    +
    0 Votes

    You

    Jacky Howe

    probably wasn't getting an error message because it was probably running from startup.
    I think that one of these were damaged.
    ? Config.nt
    ? Autoexec.nt
    ? Command.com

    http://support.microsoft.com/kb/324767

    +
    0 Votes
    seanferd

    Like Pyro?

    Anyway, you would use some type of system information tool to find out what 16-bit apps or modules are loaded. Norton's (old) Sysinfo did that, and I believe Sysinternals Process Monitor will display that info also.

    +
    0 Votes
    Jacky Howe

    have been a nasty that had enough time to modify the file before it got zapped. One of those files could have set off the exe with no instructions.

    +
    0 Votes
    david.wallis

    Run MSCONFIG - Click Startup tab - Find the NTVDM.EXE program and take the tick away! However, on my computer the program was NOT visable! There was a BLANK line where I took the tick away. After that, NTVDM.EXE did not load and this was the end of the problem. You can also press CTRL-ALT-DEL and in Processes stop NTVDM.EXE running.


    and this


    Close all running programs. Locate ntvdm.exe in the \Windows\System32 folder
    and delete it (it's probably corrupt). Reboot the system. See if the problem
    goes away, as the file will be replaced by one from the system cache (System
    File Protection at work).

    on another forum... the process is used by winnt for running dos stuff and not needed by XP ....

    if you still have problems you can right click on the process and change its priority :)

    +
    0 Votes

    So

    Jacky Howe

    it looks like a currupt ntvdm.exe :)
    I wasn't far off. :)

    +
    0 Votes
    ComputerCookie

    This link will explain how to reinstall XP and keep your data and programs intact.

    How to perform an in-place upgrade (reinstallation) of Windows XP
    http://support.microsoft.com/default.aspx/kb/315341

  • +
    0 Votes
    Bax2x

    I would just delete the file. I had this happen to a friend's machine. It was a quicktime file actually that ate up all the open CPU usage. I deleted it and the problem was solved.

    +
    0 Votes
    rob.w.westcott

    Thanks for the suggestion. In desperation I did try this, however Windows managed to get another copy of the file from somewhere (I'm guessing in a CAB file or similar). I found one of these alternates and deleted it but it is still coming back!

    +
    0 Votes
    boxfiddler Moderator

    but the link below will tell you what it is. It is likely not a good idea to delete it.

    http://www.processlibrary.com/directory/files/ntvdm/24761


    edit: add a line

    +
    0 Votes
    rob.w.westcott

    Thanks for all the suggestions.

    I tried many other spy and virus removal techniques. None of them stopped the problem, and none of the tools ever detected anything malicious on my machine.

    The only suspicious thing I found was a lot of extra entires in the hosts file, which is a symptom of some type of malware getting through.

    Eventually I gave up and just re-installed XP, so far so good, will keep my fingers crossed.

    +
    0 Votes
    ComputerCookie

    if you search your computer for ntvdm.exe it will show up in system32 files and it hasn't gone away as it's used to run 16bit apps in a 32bit environment.

    The only way that I could see it running is if you run a 16bit app, so if you go to run same again you may see the problem recur. I would think the process would only display that type of behaviour if the application had an error or was incorrectly terminated.

    You will need to check task manager and end the process if after running a 16bit app if it is still running.

    +
    0 Votes
    rob.w.westcott

    Yes I know that it is meant to run when a 16-bit app runs, and yes I can kill it. But I am not running any 16-bit apps (that I know of), in fact it actually starts up after some idle time when I haven't been running anything. What no-one can tell me so far is how to find out what 16-bit app is being started (remembering it only starts after a period of idle time so isn't a boot process).

    Reinstalling XP seems to have fixed whatever it was in any case.

    +
    0 Votes

    You

    Jacky Howe

    probably wasn't getting an error message because it was probably running from startup.
    I think that one of these were damaged.
    ? Config.nt
    ? Autoexec.nt
    ? Command.com

    http://support.microsoft.com/kb/324767

    +
    0 Votes
    seanferd

    Like Pyro?

    Anyway, you would use some type of system information tool to find out what 16-bit apps or modules are loaded. Norton's (old) Sysinfo did that, and I believe Sysinternals Process Monitor will display that info also.

    +
    0 Votes
    Jacky Howe

    have been a nasty that had enough time to modify the file before it got zapped. One of those files could have set off the exe with no instructions.

    +
    0 Votes
    david.wallis

    Run MSCONFIG - Click Startup tab - Find the NTVDM.EXE program and take the tick away! However, on my computer the program was NOT visable! There was a BLANK line where I took the tick away. After that, NTVDM.EXE did not load and this was the end of the problem. You can also press CTRL-ALT-DEL and in Processes stop NTVDM.EXE running.


    and this


    Close all running programs. Locate ntvdm.exe in the \Windows\System32 folder
    and delete it (it's probably corrupt). Reboot the system. See if the problem
    goes away, as the file will be replaced by one from the system cache (System
    File Protection at work).

    on another forum... the process is used by winnt for running dos stuff and not needed by XP ....

    if you still have problems you can right click on the process and change its priority :)

    +
    0 Votes

    So

    Jacky Howe

    it looks like a currupt ntvdm.exe :)
    I wasn't far off. :)

    +
    0 Votes
    ComputerCookie

    This link will explain how to reinstall XP and keep your data and programs intact.

    How to perform an in-place upgrade (reinstallation) of Windows XP
    http://support.microsoft.com/default.aspx/kb/315341