On Tue, Jul 31, 2001 at 01:09:22PM -0500, Thompson, John J wrote: > Ive been keeping a close eye on the webserver and I just noticed that the > processor usage is really high. Since Ive been aware of it (about 2 hours) > the following process has been at or around 99% utilization: > PID 920 --- wlogin.exe We saw this on a Win2K machine, along with a process "w.exe". It appears to be a trojan. To remove it: find the WinLogin service in the registry and set its path back to point to "winlogon.exe". Reboot and you can delete wlogin and w. There's a bit more information at deja; I think we searched for "wlogin.exe." --Jim -- Jim Zajkowski System Administrator http://www.jimz.net/pgp-pubkey.asc ITCS Contract Services 8A9E 1DDF 944D 83C3 AEAB 8F74 8697 A823 2113 5C53
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 18:27:09 PDT