1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

server slowdown?

Discussion in 'Plesk for Windows - 8.x and Older' started by dragon2611, Aug 31, 2004.

  1. dragon2611

    dragon2611 Guest

    server was being very slow

    also there was quite a few cmd.exe and net.exe open

    has SOME process has run away from it self and gone crasy i was using 1.58gigs of swapfile before i finally got the machine to reboot :eek: is there any known issues with plesk or any other windows2003 server component that would casue this to happen or do you think someone has hacked the server

    its firewalled with RRAS and im just virus scanning it now also first thing i did when i got the server 2 days ago was install secuirty updates so its definatly up to date i even checked for updates today and their are none.

    im really hoping it hasnt been compromised

  2. shwonder

    shwonder Guest

    Please start Task Manager and look what is the program which loads CPU high. Also, it will be helpful if you'll give information what operation system is installed on your server and what is the Plesk version (7.0.0, 7.0.1), what Plesk hotfixes are installed.

    Thank you.
  3. dragon2611

    dragon2611 Guest

    yeah its all up to date running plesk 7.01 on win 2003 server web edition

    it wasnt cpu usage that was the problem it was RAM usage server only has 512mb ram which should be ok for a small host like us but somit went very wrong

    server was being really slow and the page file was 1.6gb and only about 6mb ram free

    usaually my ram free is 260mb + and i have 250mb or so of pagefile used

    seems fine so far after a reboot
  4. shwonder

    shwonder Guest

    ok. Thanks. Please, if it will happen next time, please look what application(s) takes a lot of memory.
  5. dragon2611

    dragon2611 Guest


    C:\WINDOWS\system32\err0rrz\RenderxP.exe=>(ezip)=>(Upx) Infected Trojan.Delsha.C
    C:\WINDOWS\system32\err0rrz\RenderxP.exe=>(ezip)=>(Upx) Disinfection failed
    C:\WINDOWS\system32\err0rrz\TimedInterp.dll Infected IRC-Worm.Randon.T
    C:\WINDOWS\system32\err0rrz\TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Infected Trojan.HideWindows.A
    C:\WINDOWS\system32\err0rrz\TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Disinfection failed
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>DatexTimest.exe=>(Upx) Infected Application.PrcView.A
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>DatexTimest.exe=>(Upx) Disinfection failed
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>RenderxP.exe=>(ezip)=>(Upx) Infected Trojan.Delsha.C
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>RenderxP.exe=>(ezip)=>(Upx) Disinfection failed
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>TimedInterp.dll Infected IRC-Worm.Randon.T
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Infected Trojan.HideWindows.A
    C:\WINDOWS\system32\err0rrz\XseT.exe=>(CAB Sfx o)=>TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Disinfection failed
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>DatexTimest.exe=>(Upx) Infected Application.PrcView.A
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>DatexTimest.exe=>(Upx) Disinfection failed
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>RenderxP.exe=>(ezip)=>(Upx) Infected Trojan.Delsha.C
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>RenderxP.exe=>(ezip)=>(Upx) Disinfection failed
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>TimedInterp.dll Infected IRC-Worm.Randon.T
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Infected Trojan.HideWindows.A
    C:\WINDOWS\system32\XseT.exe=>(CAB Sfx o)=>TimeZoneaX.exe=>(CExe r)=>(MS-Compress 5) Disinfection failed

    hmm thats not good

    i manually deleted the files although im having trouble locating information to what those virues do and id like to know how they got there :confused:

    only things ive downloaded to the server are teamspeak, HELM (which i had problems with so removed) plesk and antvirus

    i guess maybe they got there when the server first came online before i got in to do the secuirty updates and firewall?
  6. dragon2611

    dragon2611 Guest

    the datacenter have been asked to reload the srevers os looks like the thing got pretty badly compromised

    used RRAS to firewall it but guess i was to slow in setting it up OR something got downloaded without my knowledge although id like to know how they got in :rolleyes: