Skip to main content

How we can Manage Processes and Malware in Plesk on Windows

Malware and excessive processes can disrupt your Plesk website. This guide helps you tackle malware on your website. A website process run by a user like Testuser can slow your Plesk server if it uses too much CPU or memory. Stopping it with taskkill fixes performance but can pause your site, so proceed carefully.

Why It Matters

I found a lot of suspicious files and as I can see it is infected on testuser.com using Sucuri SiteCheck (https://sitecheck.sucuri.net/). The many php.exe processes from your image may signal malware or issues, potentially slowing your site or causing errors.

By using the following quick steps, we resolved the issue.

Quick Steps

  • Log into Plesk as admin.
  • Go to Tools & Settings > Process List.
  • Check Domains only, sort by CPU or Memory, and spot Testuser processes.
  • Note the IWPD (e.g., 1234).

image.png


Tip: Install Repair Kit from Extensions if Process List is missing.

Check Processes (For that you must have a root access)

  • Open Command Prompt (search “cmd,” click Run as Administrator).
  • Run: tasklist /fi "USERNAME eq Testuser"
  • Look for processes like w3wp.exe (website process).

Stop Processes

  • Run: taskkill /f /fi "USERNAME eq Testuser"
  • Or, for one process: taskkill /f /pid 1234
  • Warning: This may stop your website.

Test Site

  • Run tasklist /fi "USERNAME eq Testuser" to confirm processes are gone.
  • Check Process List for lower resource use.
  • Visit your site. If down, restart IIS in Tools & Settings > Services > IIS.



Back to top