The issues is has been resolved over 20 min, we are currently monitoring it
We found one client had a process using rundll32, this was using all cpu,
rundll32 itself is not at trojan but other program can utilize it, we are checking further.
We will be working with SWSoft directly to prevent this from ever happening again at top priority
This was a trojan on a VPS client machine. We have made contact with SWsoft and setup a new granular cpu control mechanism to prevent such a Trojan from being able to abuse the whole node in the future.