0
So I was troubleshooting this problem where a computer was occasionally becoming unresponsive to the point that the only option was a power-cycle to bring it back to life. I tried the following:
- Checked for Malware & removed some adware using MBAM
- Applied all updates
- Check Disk status with HDTUNE (no smart errors, but very slow disk performance (<10mbits/sec with jumps to 200mbits/sec)
- Did cleanup with CCLEANER
- Did full scan with Webroot (nothing found)
- Reviewed the log files and found multiple messages about process or application timing out with some messages even indicating that the problem was likely a hardware based issue.
- The memory, CPU, and HD were spiking to 100% regularly and I couldn't find any application using more than 150MB.
I migrated the machine to a Toshiba SSD and ended up with a "not as bad" version of the same issue where everything was very sluggish, but at least basic tasks were possible with some patience.
I downloaded Process explorer and quickly discovered that every application looked okay except for some Wild Tangent process. It was using 64K working set bytes, but 2GB of Private Bytes. I uninstalled the Wild Tangent system and everything seems to be working great.
Even with the reported usage of 2GB of Private Bytes, the numbers still don't add up. The machine is running Windows 8 with 8GB RAM. Without WildTangent installed, 5.4GB of Available memory is reported in Task Manager instead of 0 and the system is running like a champ.
Can anyone give me some insight on what the heck was going on? Even with the 2GB of private Bytes being used, I should have still had 3GB of available memory or really should have had 5.4GB of available memory because Private Bytes are active memory usage, right???
Signed, Jeff the confused
Jeffery Smith
Posted 2017-06-27T19:04:51.583
Reputation: 1
There are potentially poorly written games for WT, so memory leaks. But if you haven't been playing the games, then you might suspect there is a problem with silent auto-update feature. There have been buffer overflow exploits for WildTangent such as ( http://www.cvedetails.com/cve/CVE-2004-2034/ ) and also, flash and flash-based advertising are a classic vector for injection of code. WT facilitates flash games and flash ads and provides a potential back door to be knocked on. It is/was sometimes preinstalled on OEM machines, so there is a large enough install base to make exploits attractive
– Yorik – 2017-06-27T19:46:09.537All speculative of course. – Yorik – 2017-06-27T19:46:36.637
So, speculatively, you think that the game may have been compromised and was technically speaking acting wonky? :) That or corruption is the way I am leaning too. What I'm still confused about is how was active memory being used that didn't show up in task manager or process explorer. If process explorer didn't identify that 2GB of private bytes were being used, I would have never thought of WT as the culprit since it was identified as using 64K of memory and never showed a blip on the CPU usage. Even if it was a memory leak, should that have shown up as a program with bloated memory usage? – Jeffery Smith – 2017-06-28T20:00:43.977
private bytes is allocated and blocked from the perspective of other programs, but also can reflect shared libraries usage Working set does not include shared libraries I think . none of them reflect all memory and paging etc. ( https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/using-performance-monitor-to-find-a-user-mode-memory-leak ) and ( https://stackoverflow.com/questions/1984186/ )
– Yorik – 2017-06-29T14:21:42.477Yorki, I wishi I could give you a thumbs-up, a star, or some recognition. Your answers are awesome and right to the point of the question. – Jeffery Smith – 2017-08-13T01:49:10.630