Ask the Expert

Server shuts down without warning, CPU at 100%

I have a Windows 2000 server SP4 running IIS. It just shut down a couple of times today without warning. I scanned the machines for viruses and Trojans and couldn't find anything. I took the network cable out for about 40 minutes, and it didn't shut down after that. I plugged back the network cable, and it hasn't shut down yet for the past hour. What is weird is that services.exe is taking up all the processing capacity, and the CPU performance always shows a 100%. I cannot turn any service off. I am wondering whether I am being hacked or used to hack some other machine on the network. Is there any way to find out what services are taking up so much processing capacity?

    Requires Free Membership to View

Start by launching the Services console from within Administrative Tools. Review the list of services for anything you don't recognize. Some viruses and worms have been known to install a new service and cause the behavior you've described.

In Windows Server 2003, the WMIC PROCESS command can reveal which specific service is causing problems. However, I don't know of an elegant way to identify what services are consuming resources within the services.exe process in Windows 2000. So I would suggest stopping services one-by-one, starting with the least necessary services. If one of the services refuses to stop, or if the processor utilization drops after stopping a service, you've identified your culprit.

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: