We found a strange process yesterday on one of our corporate machines (mine). Being the usual process-id nut (I wanna know what's running and why), I found a strange 2500kb 5-6 random alpha-numeric process that is completely benign. I did a walk-around and found that a similar process is running on all our machines in our area (meaning it’s probably corporate wide).
1. Process can be killed by a regular ‘user’ (non-admin) account.
2. Logging out and in again, process doesn’t return.
3. Rebooting restarts the process
4. Process changes name every reboot, using a 5 or 6 random alpha-numeric password, all UPPERCASE, I.E. AWB1AF.EXE)
5. Using process monitor – it shows up nothing.
We’re scanning it right now with our network comms team – so far, its doing nothing.
We’re using Trend Micro 6.2.1016/1076 engine, 9.100.1001/6.951.00 dat file. Nothing is being reported from our infrastructure and network monitoring or detection/intrusion systems (it’s very extensive).
Anyone else have this issue?