Solve the problem that Csrss.exe and Winlogon.exe caused the website to visit slowly

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Today, a friend called me to say that its website is extremely slow to visit. It's really slow to open his site. In the webmaster's home test Site response time, good boy, fast nearly 1s, slow can have a 4s or so. First suspected friend of the site poisoned, to the login username, password and IP, login friend VPS, operating system is Win2003,iis version is 6.0. With anti-virus software to kill the whole system, the result is no Trojan file, with the background of the CMS to find viruses, there is no abnormal files, open the operating system of the resource Manager, CPU occupancy rate is very high, 8630.html "> sometimes can even reach 100%." Such a CPU, response time can be fast. Then, looking carefully, two processes in resource management occupy a high cpu:csrss.exe and Winlogon.exe. These two processes take up so much CPU that someone is hacking my friend's server. In that case, replace my friend's VPS port 3389.

The specific operation is in the operation input: regedit, enter the system registry, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\wds\rdpwd\tds\ TCP to find a name portnumber, modify its value for the port you want to modify, such as 6666 (note: This arbitrary, as long as not with the system existing port conflicts on it), pay attention to the cardinal number decimal. In addition to this, we have to modify the PortNumber value under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal server\winstations\rdp-tcp. , the modified port should be the same as the one modified above. Next, close the registry. At the same time I shut down the Windows Firewall on the VPS because I had another firewall installed for my friend. Notice here, the webmaster that opened Windows Firewall must click the setting in the Advanced tab of the local connection/attribute, click Add Port in the pop-up Windows Firewall, the name is random, the port number must be consistent with the port number of the above registry modification, detailed see figure below:

At this point, the port has been modified, in order to make the friend's machine more secure, I have his default administrator name also modified. Specific path in My Computer, right click the mouse click Management, in the Computer Management of local users and groups in the selection of households, in the right window to the default administrator straight between the renaming can be.

OK, the port changes need to restart the computer to take effect, and the administrator name changes can take effect by logging off. So, if you want to make the port change effective, you can only let your site break for two minutes. After reboot, on the local computer to perform Remote Desktop Connection, the computer (C) after the completion of the IP address must follow the port number, such as: 220.220.220.5:6666, otherwise it is unable to land. Again into the Explorer to view the time, the CPU has obviously lowered, generally not more than 20%, to solve the problem. The next two days, I do not trust, specifically asked the next friend, was told has been quite normal, did not appear slow to visit the phenomenon.

This article is by mobile phone wallpaper Encyclopedia http://www.desk-site.com Author, reproduced Please indicate the source, thank you.