[Dshield] runaway wlogin.exe process -99% utilization

Thompson, John J ThompsonJJ at mail.medicine.uiowa.edu
Tue Jul 31 16:53:19 GMT 2001

Ive been keeping a close eye on the webserver and I just noticed that the
processor usage is really high. Since Ive been aware of it (about an hour)
the following process has been at or around 99% utilization:
PID 920 --- wlogin.exe
I checked for connections, but there were no ftp sessions and minimal web
traffic. No attacks flagged by blackice server (we upgraded since ISS
purchased them), and no more than 9 simultaneous connections viewable in
I scanned the system for viruses and didn't detect any. 
If you have any ideas, I would appreciate them!
John Thompson
Network Administrator
Dept. of Biochemistry
University of Iowa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20010731/282a5aa3/attachment.htm

More information about the list mailing list