Hardware Canucks

Hardware Canucks (http://www.hardwarecanucks.com/forum/)
-   O/S's, Drivers & General Software (http://www.hardwarecanucks.com/forum/o-ss-drivers-general-software/)
-   -   dedi box with win2k3 problems (http://www.hardwarecanucks.com/forum/o-ss-drivers-general-software/60619-dedi-box-win2k3-problems.html)

nasrott April 9, 2013 05:52 PM

dedi box with win2k3 problems
Have about a 5 or 6 year old os on a dedicated box ( record for me ) of win2k3, in task manager winlogon.exe and csrss.exe go nuts and open for a few seconds only but continuously 10-20 processes totaling about 40% cpu usage on 2 dual xeons. Have run malwarebytes and have clamwin antivirus running on the box.

Antivirus finds nothing, malware found a few thing and I deleted them. Magnpics program was one of them and found this installed in my programs which I didn't install. This is driving me nuts cant seem too figure it out. Would really like to fix this without getting my isp to remote install a new os and all that is involved with redoing everything ie: gameservers, ftp, ect.

Any help would be appreciated.


JD April 9, 2013 07:41 PM

Long shot, but try disabling Automatic Updates? I've seen similar issues on XP and disabling Auto Updates usually fixed it.

nasrott April 10, 2013 01:49 AM

Will give it a shot .

stlouis1 April 13, 2013 01:02 AM

if it's just those two processes that are causing the spike in cpu usage, it could be user profile specific

do you have any kind of an RMM reporting this, or is this what you're seeing when you log into the machine and look at the task manager?

if that's what you're seeing in task manager, what happens if you login with a different account?

also, have you checked the eventviewer at all to look for any kind of errors or warnings? anything might be helpful

nasrott April 13, 2013 09:56 AM

Login and looking in task manager, no have not tryed from another account do have other admins they see also.

nasrott April 14, 2013 04:49 AM

ended up changing port on my rdp was a brute force attack on the box, basically were trying likr 5-10 instances at once with various pw to get in as admin.

ZZLEE April 14, 2013 05:58 AM

I replaced a router fore something similar a wile back some people don't like No fore some reason. :censored:

nasrott April 14, 2013 06:13 AM

ya been rebooting my server to stop this now for months, hopefully this solves the problem havent see anything return so far since adjusting the port, knock on wood.

JD April 14, 2013 09:39 AM

You should probably consider setting up a VPN tunnel then for remote management and closing as many external ports that you can.

Granted changing the port will thwart them off for now, but they could just port scan the IP and try on whatever open ports they find.

nasrott April 14, 2013 12:17 PM

Ya if it happens again will get one of the guys to set it up, Thx for the help.

All times are GMT -7. The time now is 10:01 PM.