Saturday, January 16, 2010

An Incredibly Annoying Bug In Windows XP Home

An Incredibly Annoying Bug In Windows XP Home

And maybe in other versions of Windows as well. My wife's PC runs Windows XP Home--and for several months, she has been complaining about her computer locking up. I spent some time watching what she was doing, and it looked like the problem was that something was gobbling up processor time. But what?

It is pretty common for application memory leaks to slow down PCs. If you don't know what an application memory leak is... Most application programs use RAM to store information, such as your document, spreadsheet, video, whatever. The programs allocate memory from the heap in relatively small chunks, and return it as they are done with it. Applications sometimes fail to give those chunks back to the heap. An application that crashes may not give heap memory back, but the operating system should be smart enough to figure that out. (Not all are that smart, and I know that DOS certainly wasn't that smart--I would hope that Windows is.)

If enough memory "leaks," new programs that you start may start having to swap RAM in and out from the hard disk, through a process called virtual memory. This is much slower than operating entirely within RAM, and definitely slows a computer down. I thought that this was perhaps the problem that my wife was having, so I encouraged her to reboot her PC every couple of days, and see if this helped.

The problem became more severe in the last few days, and her frustration climbed with the severity of the problem--which sometimes locked her PC up so badly that we had to use the power switch to reboot. (This is not a good idea, but it is sometimes unavoidable.)

So I spent some time trying to figure out why CPU Usage was at 100% but we weren't doing anything. A bit of hunting around the Internet indicated that:

1. The spoolsv.exe service which spools print jobs, is sometimes infected with a nasty Trojan called backdoor.cia.b.html, and this causes the problem.

2. Sometimes the problem isn't a virus at all, but spooled print jobs for printers that aren't in actual use.

I dug around a bit and discovered that c:\windows\system32\spool\printers had a bunch of files in it, some from as far back as 2007, that seem to be print jobs that had never printed. I think that I must have reinstalled printer drivers a few times since then, and these were "orphaned" print jobs. The spoolsv.exe service was apparently still trying to print these orphaned print jobs to a printer that was no longer there.

Anyway, it is behaving better, but still not perfectly. I am wondering what other orphaned services there might be causing the slows.

UPDATE: Microsoft has a program called Process Explorer for Windows XP and Vista that provides a lot more information than the Task Manager. You can see not only the name of the guilty party (svchost.exe, in my case), but also who invoked it.

UPDATE 2: While I now think my wife's PC's problems are not related to the spooler issue, I find that there are a number of orphaned spool files on my computer as well. It's only about 30 MB of wasted space--but I can remember a time when a 30 MB hard disk was something PC owners had an aspirational target.

No comments:

Post a Comment