Ok guys, I'm a tech and network admin, and have come across something that has me stumped. I have a Windows 2003 server running IIS that hosts multiple web sites. About every 2-3 nights the system stops serving web sites completely. I have done some digging and have found a service installed called Default WBDService. This goes to a file called upsvr.exe. Description of the service is "Support Windows File Search Servers Databases.". When I kill that running process and disable the service everything works fine again. I have found nothing on this file name, service name, or description on the web.
Anyone have any thoughts? This has all the makings of a virus type file, or a backdoor, rootkit, something, but virus scanners say the file is clean. Have I been hacked?