Server shuts down without warning, CPU at 100%
I have a Windows 2000 server SP4 running IIS. It just shut down a couple of times today without warning. I scanned the machines for viruses and Trojans and couldn't find anything. I took the network cable out for about 40 minutes, and it didn't shut down after that. I plugged back the network cable, and it hasn't shut down yet for the past hour. What is weird is that services.exe is taking up all the processing capacity, and the CPU performance always shows a 100%. I cannot turn any service off. I am wondering whether I am being hacked or used to hack some other machine on the network. Is there any way to find out what services are taking up so much processing capacity?
Start by launching the Services console from within Administrative Tools. Review the list of services for anything you don't recognize. Some viruses and worms have been known to install a new service and cause the behavior you've described.
In Windows Server 2003, the WMIC PROCESS command can reveal which specific service is causing problems. However, I don't know of an elegant way to identify what services are consuming resources within the services.exe process in Windows 2000. So I would suggest stopping services one-by-one, starting with the least necessary services. If one of the services refuses to stop, or if the processor utilization drops after stopping a service, you've identified your culprit.
This was first published in October 2003