Windows Server CPU Running 100%

By etjr334
Sep 6, 2006
Topic Status:
Not open for further replies.
  1. Our computer began shutting down Friday. McAfee VirusScan Enterprise found the rdriv.sys (NTROOTKIT-J) Trojan Tuesday and would not delete, move, or clean. McAfee Firewall has been disabled and will not start. Installed all Windows Security Updates installed Latest VirusScan Version 8 spent over 4 hours with Tech Support. The Network is slowed to a snail's pace and remote computers cannot log on and server will not access the internet through router. Access to router limited to basic setup only. If I islate the Server it will access the internet.
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Go and read this thread HERE.

    I have to tell you, that getting rid of a rootkit infection can be next to impossible. It might turn out, your only option is to reformat and reinstall.

    Regards Howard :wave: :wave:

    This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. etjr334

    etjr334 Newcomer, in training Topic Starter

    I appreciate your assistance. Could you take a quick look at my HJT log. I changed our domain name to (*.com) to protect our ignorance.
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your system has quite a few nasties onboard.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)

    This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. etjr334

    etjr334 Newcomer, in training Topic Starter

    I am running F-Secure online scan, however these other suggestions do not mention the onlne scan will work on Windows Server 2000. Meanwhile, computers on the LAN side of our network have been systemically shutting down and when they are re-started they do not see the Network computers. I have uninstalled and reinstalled McAfee Firewall on the Server 5 times and in the process I see it running at 50% CPU Usage, but I am unable to Launch the Program interface. I looked at Kerio, but it does not run on Windows Server 2000. Could you offer any suggestions for a good firewall for Server 2000.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Follow as many of the instructions as you can, in the link I gave you.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of etjr334 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. etjr334

    etjr334 Newcomer, in training Topic Starter

    Here is the latest HJT Log
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    As far as I can tell, your HJT log looks clean.

    However, I`m not familiar with Windows server edition, so can`t be sure.

    How`s your system running?

    There are many items in your HJT log, that I can`t find any info on. This doesn`t necessarily mean they`re nasty.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.