I just had to restart my content server because it bogged out. Everything was fine after i restarted IIS and SQL Server, but then i opened the task manager and found the following. I've never seen this before, i'm hoping it's not a virus of somesort. Any info on this would be appreciated.
Command lines are:
winlogon.exe = winlogon.exe
logonUI.exe = LogonUI.exe /flags:0x0
csrss.exe = see image below
Best Answer
I just had the same problem on one of my servers - it turned out to be caused by an attempt to get into the server through Remote Desktop/Terminal Services - either a brute-force or massive dictionary attack (every RDP logon attempt causes LogonUI to spawn). Check your System and Security event logs, they'll contain more information (such as the originating IP of any failed remote logon attempts).