[Dshield] runaway wlogin.exe process -99% utilization

Thompson, John J ThompsonJJ at mail.medicine.uiowa.edu
Tue Jul 31 16:53:19 GMT 2001


Ive been keeping a close eye on the webserver and I just noticed that the
processor usage is really high. Since Ive been aware of it (about an hour)
the following process has been at or around 99% utilization:
PID 920 --- wlogin.exe
 
I checked for connections, but there were no ftp sessions and minimal web
traffic. No attacks flagged by blackice server (we upgraded since ISS
purchased them), and no more than 9 simultaneous connections viewable in
netstat. 
 
I scanned the system for viruses and didn't detect any. 
 
If you have any ideas, I would appreciate them!
 
John
 
------------------------------------
John Thompson
Network Administrator
Dept. of Biochemistry
University of Iowa
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20010731/282a5aa3/attachment.htm


More information about the list mailing list