Question CPU Usage and Temps maxed out unless Task Manager is open ?

hamishs

Reputable
Oct 17, 2019
38
0
4,530
Recently, I was noticing terrible lag in a game I was playing and saw extremely high temps and utilization in MSI afterburner, so I opened task manager to see if this old game was somehow using all of these resources, when I notice that the CPU temps and utilization immediately drop when opening the task manager back to normal levels. To further this, the performance in said game returned to acceptable levels.

Confused, I ran through this scenario in multiple different scenarios (other games, desktop) and this seems to be an reoccurring situation, that being that a minute or two after task manager closes, everything skyrockets and performance tanks. Thinking it's some sort of malicious behaviour, I ran my computer through Malwarebytes and adwcleaner, however nothing substantial was picked up. After this I grabbed my utilization in PowerShell when the util went up and found that a process called archiver is using around 40% of my 3600x. Sounds like a windows process but it really shouldn't be doing that.

Is this behaviour of Windows 11 or a normal system or am I getting duped? I'm not sure what to do with this information.
 

hamishs

Reputable
Oct 17, 2019
38
0
4,530
windows Search indexer perhaps?

I am not familiar with archiver but I had a problem in the last few weeks where indexer would run every day, and kept finding new items. I have disabled that now. CPU happier.

What details shows in Powershell? What command did you use?

Get-Counter '\Process(*)\% Processor Time' | Select-Object -ExpandProperty countersamples| Select-Object -Property instancename, cookedvalue| ? {$.instanceName -notmatch "^(idle|_total|system)$"} | Sort-Object -Property cookedvalue -Descending| Select-Object -First 25| ft InstanceName,@{L='CPU';E={($.Cookedvalue/100/$env:NUMBER_OF_PROCESSORS).toString('P')}} -AutoSize

just grabs processes and sorts by utilization without opening tm
 

Colif

Win 11 Master
Moderator
running that on mine just creates a stack of errors as it doesn't know what instanceName command is.

the only results i find for archiver is to do with creating zip files. That doesn't feel right.

can you share a screenshot of results you get from command?

is it only CPU usage? Not memory as well?

Services that disappear when you open task manager just smell suspicious.

reminds me of this - https://forums.tomshardware.com/threads/explorer-exe-high-idle-cpu-usage.3767720/#post-22727325
 
Last edited:

hamishs

Reputable
Oct 17, 2019
38
0
4,530
running that on mine just creates a stack of errors as it doesn't know what instanceName command is.

the only results i find for archiver is to do with creating zip files. That doesn't feel right.

can you share a screenshot of results you get from command?

is it only CPU usage? Not memory as well?

Services that disappear when you open task manager just smell suspicious.

reminds me of this - https://forums.tomshardware.com/threads/explorer-exe-high-idle-cpu-usage.3767720/#post-22727325

dont know why it spits errors when copied into the forum, i got it from View: https://www.reddit.com/r/software/comments/e8co8m/lag_until_i_open_task_manager/

ill look into memory but im 90% sure it dosent change
 
running that on mine just creates a stack of errors as it doesn't know what instanceName command is.

the only results i find for archiver is to do with creating zip files. That doesn't feel right.

can you share a screenshot of results you get from command?

is it only CPU usage? Not memory as well?

Services that disappear when you open task manager just smell suspicious.

reminds me of this - https://forums.tomshardware.com/threads/explorer-exe-high-idle-cpu-usage.3767720/#post-22727325
https://docs.microsoft.com/en-us/do...ormancecountersample?view=powershellsdk-1.1.0

its called InstanceName, not sure if its case sensitive, but requires atleast powershell 5.1.0.0
 

Colif

Win 11 Master
Moderator
i copied what he showed me, I not aware of which version comes with win 11 but I get same error with new version as well - 7.2.5
5bPDy2m.jpg


it doesn't really matter what I see though.

memory dump only goes so far. identifying processes running from it, is something I am not sure of.
 
i copied what he showed me, I not aware of which version comes with win 11 but I get same error with new version as well - 7.2.5
5bPDy2m.jpg


it doesn't really matter what I see though.

memory dump only goes so far. identifying processes running from it, is something I am not sure of.
yes, its that undefined variable $.
it should be $_.
Code:
Get-Counter '\Process(*)\% Processor Time' | Select-Object -ExpandProperty countersamples| Select-Object -Property instancename, cookedvalue| ? {$_.instanceName -notmatch "^(idle|_total|system)$"} | Sort-Object -Property cookedvalue -Descending| Select-Object -First 25| ft InstanceName,@{L='CPU';E={($_.Cookedvalue/100/$env:NUMBER_OF_PROCESSORS).toString('P')}} -AutoSize
 

hamishs

Reputable
Oct 17, 2019
38
0
4,530
that smell like virus, no exe file should be located in roaming folder

deleted it and stored it in cloud as it was labelled as sus by autoruns and havent ran into high util yet so might be it
guess ill see

well, all I did was copy...

nvm

can you right click the exe file and look at properties? it might give us a clue or just be empty.

it just said copyright 2009-2021 with no previous file versions or anything
 

Colif

Win 11 Master
Moderator
i should have suggested it, although I did in the other thread I linked.

viruses playing hide and seek with task manager is a new behaviour I hadn't seen before this year. It would also be hidden to Process Explorer as they use same methods. Maybe even Process Monitor as well. Makes it hard to find them.
 
viruses playing hide and seek with task manager is a new behaviour I hadn't seen before this year. It would also be hidden to Process Explorer as they use same methods. Maybe even Process Monitor as well. Makes it hard to find them.
google calls those viruses "rootkits", they are hard to remove
i got one year ago and it took me ~1hr to get rid of it (no antivirus helped)
winpe + registry editor manually deleting keys, then rebuilding kernel through dism
 

Colif

Win 11 Master
Moderator
virustotal pretty good at identifying them as it uses results of 75 other AV programs to see if any have seen it before. Its what is built into Autoruns.

at least we don't find many injected into UEFI at least.

I have noticed they don't seem to run if you have hwinfo running, as any monitoring software seems to set them to off. So even if I did have one, I wouldn't know as hwinfo is always running on my desktop. 2 charts showing Core temps and CPU activity.

Other thread I linked to has a coinminer. That would seem to me to be what you had too.
 
Last edited: