Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- From: "mrklaxon" <mrklaxon@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Apr 2005 07:27:04 -0700
There is an LSASS worm I think. I think I also saw this with McAfee AV.
"Bill-MT" wrote:
> > "Bill-MT" <BillMT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > I've look on the Internet and see references to WORMS doing this, but
>
> "Phillip Windell" wrote:
> > Phillip Windell [MCP, MVP, CCNA]
> > That is the wrong thing to expect. It is probably infected. Everytime I
> > have heard of this happening, without exception,...it was infected.
>
> Thanks for your response Phillip, but...
>
> I doubt any of the DC's are infected themselves. They are not logged into
> interactively accept to do DC work (no email, no web). They always have the
> latest security patches applied. If it is a WORM on a client machine, very
> possible, (like MS-Blaster, etc) it must be a worm specific to hitting a
> single DC. Again note, I don't see this behavior on any other machine (other
> DC's, member server, or clients) which I would expect to see in the case of a
> worm randomly walking the internal address spaces.
>
> Anyone have any more insight on what to look for here.
> Anyone tell me what to look for in my sniffer captures.
> tks. - bill.
.
- Follow-Ups:
- Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- From: Michael D. Ober
- Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- From: Bill-MT
- Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- References:
- Prev by Date: Deploying to all stations.
- Next by Date: Re: Deploying to all stations.
- Previous by thread: Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- Next by thread: Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- Index(es):
Relevant Pages
|
Loading
