Server 2008 R2 spawning 100's of DNS.exe and java.exe wireshark
Posted on 2014-04-23
A client of mine has a server, win 2008 r2, 64x, 16gb ram, etc. Starting a couple days ago the client called and said the server is terribly slow.
What I have done:
1. ran Vipre business scan
2. ran malware bytes (free)
3. ran Spyhunter4 (paid version)
4. ran malware bytes root kit finder (beta)
5. cmd prompt ran "netstat -anob"
- netstat -anob reported back hundreds if not thousands of the DNS.exe running
- shut down dns services as the server is not providing DNS services
- restarted server, still slow but no signs of all the dns.exe's running
6. ran wireshark overnite and am now downloading to my PC (about an hour left to finish download
7. this morning logged into server to find hundreds if not thousands of Java.exe running
8. have removed all snmp services and am waiting to restart server after the wireshark file download is done.
Simply put I can't find any malware, viruses, or root kits, yet this terribly slow behavior continues.
I have downloaded sysinternals and am looking at the process explorer and still no signs of what is causing this.
Also, CPU usage is low, DIsk usage is low, network usage maybe a bit high, but nothing is out of the ordinary.
I do not have a lot of experience using wireshark and could use some help with that.
If anyone has experienced this or knows a fix, please help !! I have never had a server do this to me in over 20 years and I am at a loss. Maybe the "NSA" is hacking in, LOL.
Thanks in advance