A plea to all fellow techs for help with a serious problem we are having right now. The ONLY consistencies between all the problem machines we have or had are: Different services (SYSTEM, NETWORK SERVICE, (RPC IS ALWAYS INVOLVED which cannot be stopped w/o killing the machine)) force the CPU to run at 100% fulltime. No variance over any period of time. Also, FURootkit, erasemexxxx.exe (where “x” is a variable), or erasemexxx.sys have shown up on every machine so far. Also, variants of sdbot.worm.(x variable again) We have been able to remove these Trojans/viruses with McAfee v.8.0i Enterprise A/V. But we still cannot figure out what is pushing the cpu so hard at 100%. Even after stopping every service short of three – as mentioned earlier – including leaving rpc service. If anyone has any idea as to what could possibly be causing this maxed-out cpu we would really appreciate it. My boss is a professional data forensic technician and has not been able to pin-point the source yet. Thank you enormously for any leads or resolutions. Chuck we have resolved whenever possible to reload a user's machine completely, therefore completely eliminating the problem on each machine individually.

...one site says that a program called FAD requires 100% cpu , suggest trying xp process viewer- Security TaskManager to see whats running and processor usage, also administration tools > services running....:)

Thanks for the post bofra, believe me we sure have covered all those tracks so far, and still have not identified what is hitting the cpu, but suspect it is some .dll buried deep that is being called by a service that either was present for a moment and left, or is still present and is causing so much activity that it max's out the cpu nonstop. we will obviously keep working on this and I'll post what we find if ever anything so if anyone else gets hit with it, it may help. who knows. pretty discouraging at the moment - the mysteriousness of the little bugger. :( thanks again. I don't have a related problem machine on the bench at the moment to give more accurate info, and hopefully it will stay that way. Chuck

Hello.. The Process Explorer from www.sysinternals.com will show which dlls are loaded as part of a running process aswell as what percentage of the processes resources are being used by each dll.. not that it has helped me with the same problem of course, I cant find any suspicious looking DLLs. My next step is to run an MD5 sum check on all the related DLL files on my problem server and compare them to those on a server that is working correctly, just to make sure one of my DLLs hasnt been replaced with a dodgy copy. Kat