1

[EDIT]: This issue has been solved by a recent Windows update.

Good day folks,

I have an issue and hope you can help me out with it. Here it goes:

After 5 minutes my computer enters away mode and "ntoskrnl.exe" shown as "System" in Task Manager starts consuming CPU like crazy: from 0.2-0.3% that it consumes normally it goes to 17-20% of CPU usage. If you do as little as moving the mouse the "System" usage goes back to normal.

"ntoskrnl.exe" is found in the Windows/System32 folder.

I got to the point where I made a C++ program to keep the computer awake so it does not go into away mode. I included this program to the startup list. Its a patch but so far it works.

I will include the code for that. To explain it briefly, it sets up some flags to request the screen to stay awake - like a video application, not unlike VLC or YouTube through a browser, and then waits forever with calls only for more waits. If there is any way to make it even less "heavy" on the PC let me know.

using namespace std;

#include <chrono>
#include <thread>
#include <Windows.h>

int main()
{
    chrono::duration<int, milli>sleep_duration(900000);
    SetThreadExecutionState(ES_CONTINUOUS | ES_DISPLAY_REQUIRED | ES_SYSTEM_REQUIRED | ES_AWAYMODE_REQUIRED);
    while (true)
    {
        this_thread::sleep_for(sleep_duration);
    }
}

Is there a way to inspect in more detail what "System" does/ calls? The tricky thing is that it would have to be done without user input as that prevents the program to act up.

Alternatively I will also ask if there is a fix for this, although I have searched a lot of forums and only found that the problem acts up when the computer goes into "away mode". Obviously it only acts up on windows. And I found a post with a similar issues from like 2016 on a laptop.

Some posts also suggest turning off the "Windows Search" service. I did this and it lessened the issue (from 40% CPU usage to about 18%). I turned it back on since it did not fix it completely. Is it possible that other Windows services are causing this ?

I noticed the issue start during this winter but it may have started earlier.

I have considered mining malware but both Windows Defender and Malwarebytes found nothing and the issue persists without internet access so I don't think that is the case.

I use windows laptop.

Thanks for everything.

enter image description here

Mare Sorin-Alexandru
  • 174
  • 1
  • 2
  • 11
  • Ntoskrnl.exe is not a normal PE executable, but a kernel mode area. You cannot do anything to it from user mode, you would need a kernel mode debugger and kernel-level inspection. If it is indeed malware, then it's unlikely that an AV would be able to capture it since, at the kernel level the malware has full and total control to the antivirus. – Michael Chourdakis Feb 07 '20 at 11:41
  • Open *Task Scheduler* to see all Windows built-in tasks that are scheduled to run when the PC is idle (there are dozens, and some cannot be disabled even by Administrator). You're supposed to either (1) let them run to completion once, or (2) use another OS. – rustyx Feb 07 '20 at 12:29

0 Answers0