Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- From: "Michael D. Ober" <mdo.@.wakeassoc..com>
- Date: Wed, 6 Apr 2005 11:13:31 -0600
I have also seen this when the physical NIC fails.
Mike Ober.
"mrklaxon" <mrklaxon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1BC41686-256F-4A4A-AAA9-CB17DFC879D0@xxxxxxxxxxxxxxxx
> There is an LSASS worm I think. I think I also saw this with McAfee AV.
>
> "Bill-MT" wrote:
>
> > > "Bill-MT" <BillMT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > I've look on the Internet and see references to WORMS doing this,
but
> >
> > "Phillip Windell" wrote:
> > > Phillip Windell [MCP, MVP, CCNA]
> > > That is the wrong thing to expect. It is probably infected.
Everytime I
> > > have heard of this happening, without exception,...it was infected.
> >
> > Thanks for your response Phillip, but...
> >
> > I doubt any of the DC's are infected themselves. They are not logged
into
> > interactively accept to do DC work (no email, no web). They always have
the
> > latest security patches applied. If it is a WORM on a client machine,
very
> > possible, (like MS-Blaster, etc) it must be a worm specific to hitting a
> > single DC. Again note, I don't see this behavior on any other machine
(other
> > DC's, member server, or clients) which I would expect to see in the case
of a
> > worm randomly walking the internal address spaces.
> >
> > Anyone have any more insight on what to look for here.
> > Anyone tell me what to look for in my sniffer captures.
> > tks. - bill.
.
- Follow-Ups:
- References:
- Prev by Date: RE: Moving dhcp to a different server
- Next by Date: Network Delay
- Previous by thread: Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- Next by thread: Re: 100% cpu usage for LSASS.EXE on DC intermittently, consistent
- Index(es):
Relevant Pages
|
Loading
