Mase2k
asked on
TCPSVCS.exe process takes up huge amounts of Virtual Memory
I am having a problem with a process on some of my servers that is taking up large amounts of pagefile space. The TCPSVCS.exe process is currently sucking up 1.9 GB of VM on several of my servers. I am unable to figure out what is causing it to grow so high and why some of my servers do not grow like this. The servers are all domain controllers with at least 3GB of RAM. They are all running 2003 Server Standard. They all run DHCP, DNS, WINS, and print services. Any ideas would be greatly appreciated. Thank you!
ASKER
Gurutc,
We currently run Symantec Anti-Virus Corporate Edition 8.1. It runs on all of our DC's. Other than that though we have no other adware/spyware running. I am not sure what you mean by driving on the VM config. Can you tell me how to get this information for you? Thank you!
We currently run Symantec Anti-Virus Corporate Edition 8.1. It runs on all of our DC's. Other than that though we have no other adware/spyware running. I am not sure what you mean by driving on the VM config. Can you tell me how to get this information for you? Thank you!
ASKER
Here is a picture of what im talking about. Not sure if it will help.
It loks to me like you have a trojan, because normally this process should not use so much of memory.
Check e.g. this link, for more info:
http://www.symantec.com/security_response/writeup.jsp?docid=2002-021121-4532-99&tabid=2
Best luck!
Check e.g. this link, for more info:
http://www.symantec.com/security_response/writeup.jsp?docid=2002-021121-4532-99&tabid=2
Best luck!
ASKER
IE8 is kicking my butt this morning. Apparently it doesn't like experts-exchange...Here it is again
Capture.JPG
Capture.JPG
I was brain dead, thinking vm was virtual machine, not virtual memory, duh, but I still think you're probably infected.
- gurutc
- gurutc
ASKER
Ok. I am looking into it now. I don't see any obvious infections, but I will dig :)
ASKER
I will give it a try. I checked the Virusscan logs on Symantec and do not see any virus reports or infections.
ASKER
It does not appear that I will be able to run the housecall as it is taking too many resources away from the servers. I forgot to mention that these servers are also Terminal Servers for up to 20 users.
Hmmm, try it later when all the users are offline perhaps?
I don't see a way of thoroughly checking the servers that won't interfere with user sessions.
- gurutc
I don't see a way of thoroughly checking the servers that won't interfere with user sessions.
- gurutc
ASKER
Is the Symantec Corporate AntiVirus solution not thorough enough? It scans the systems nightly as well as updates itself daily.
Just speaking from my experience, no single-vendor solution is totally capable of detecting and/or fixing every malware threat out there.
Sometimes, the only solution I've found that works is using an off-line scanning solution such as the Ultimate Bood CD for Windows, found at:
www.ubcd4win.com
With this CD, you can boot entirely from cd and run scans, taking out the possibility of a well-hidden rootkit loading from the hard drive and messing up the scan.
- gurutc
Sometimes, the only solution I've found that works is using an off-line scanning solution such as the Ultimate Bood CD for Windows, found at:
www.ubcd4win.com
With this CD, you can boot entirely from cd and run scans, taking out the possibility of a well-hidden rootkit loading from the hard drive and messing up the scan.
- gurutc
ASKER
I understand. I am mostly concerned with the number of servers that are doing this. It seems very sporadic, but one trend I have found is it only appears to affect servers with the original 2003 Server Standard and not the R2 version. I have found several references on the Internet regarding this process, but nothing that really shows how to resolve it. Hardly any point to a virus infection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you kindly. And thank you very much for your quick attention on this.
Do you have any Antivirus/Anti-spyware running? Also what driver are you using on the VM config?
Good Luck,
- gurutc