Solved

Infected  SBS 2003 server?

Posted on 2011-02-16
12
980 Views
Last Modified: 2012-05-11
I am monitoring an SBS 2003 Premium server which in saying the CPU is 33% to 80% busy while System Idle Process is constantly 87% to 95%.

The Server is protected by Symantec Endpoint and if it wasn't a server I would run Combofix.

Any ideas?
0
Comment
Question by:mikeabc27
  • 7
  • 4
12 Comments
 

Author Comment

by:mikeabc27
ID: 34908952
Sorry I meant to add Show processes from all users is ticked.
0
 
LVL 2

Expert Comment

by:treetop3
ID: 34909036
Hi,

Although it may appear to users that their CPU is being monopolized by the idle process, it is merely acting as a sort of placeholder during "free time" (therefore, whenever the idle process appears to be consuming most of the CPU, it is proof that no other process wants that CPU time)

In other words when this process is consuming the CPU there are no other processes looking to use the CPU, the CPU is Idle and free.

Is the Server Slow ?
0
 

Author Comment

by:mikeabc27
ID: 34909099
Yes, it feels like more than 60% of cpu being used. Slow to save and just got msg Disk is Full.

I was just surprised that CPU Usage doesn't equal System Idle minus running processes.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Expert Comment

by:treetop3
ID: 34909124
Clear out the disk to free up space with tresizer and atfcleaner this will improve speed as the page file is filling up
0
 

Author Comment

by:mikeabc27
ID: 34909231
101GB showing as free and available, so I checked the quotas and 2 were on 99.9% full but no warning received. I've increased these from 1GB to 5GB and the CPU is running at 1% to 4%
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34909236
Last time I say something like that, the system was suffering from a high hardware interrupt rate - found this using Process Explorer.  Is this a proper server or a home built system acting like a server?

Do cleanup the C: drive - for 20+ things you can do, see http://www.lwcomputing.com/tips/static/bootdrivesize.asp
0
 

Author Comment

by:mikeabc27
ID: 34914163
Checked remotely this and CPU usage still at 20% to 40% while System Idel around 2% to 10% - no indication of why the CPU is so busy.

I built the server myself around 7 years ago and it started life with an Adaptec 3920 and 2 x 53GB SCSIs, high end (workstation) motherboard and P4 cpu. When the Adaptec died I switched the disks for a 250GB SATA, They have to replace this in the next 6 months, I'm just trying to get it to last a little longer.

I'll check out the article.
0
 
LVL 2

Expert Comment

by:treetop3
ID: 34914722
Do you have a VirusScan or some sort of indexing software or Shadow Copy enabled
0
 

Author Comment

by:mikeabc27
ID: 34914998
I have had to stop the disk cleam up as no-one can connect to server. Will do over the weekend.

treetop -Using Symantec Enfdpoint on the server but cannot see any processes using excess CPU power. What I do not get is CPU usage - 40% I would expect = System Idle + running process = 60%. but I am getting - system idle = 92% and other processes 4%, as if CPU usage was only 96%.

When the CPU usage read 40% it feels like it.
 
0
 
LVL 2

Expert Comment

by:treetop3
ID: 34917463
Do you have the relevant exclusions set for Symantec

System Idle is only run once nothing else is running and the CPU is Idle
0
 

Accepted Solution

by:
mikeabc27 earned 0 total points
ID: 34969456
Sorry for delay in reply. Certain scheduled programs were causing problems and when these were rescheduled it resolved the problem.
0
 

Author Closing Comment

by:mikeabc27
ID: 35106974
resolved myself
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question