Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

Perfmon .dat files are changing according to a checksum

A checksum running daily against C:\WINDOWS\System32 for the last 18months with no changes previously has is identified the below listed files as changed.  I have no idea of what normal windows operation changes these files.  I'm inclined to this this is a malicious event, but I am unsure.

C:\Windows\System32\perfi009.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfd009.dat
C:\Windows\System32\perfc009.dat

Any Ideas?
0
jp415
Asked:
jp415
1 Solution
 
arnoldCommented:
This could be updated by a configured alert,trace.
Sysinternals.com download process monitor. Using this tool you can try and detect which process writes into it.
Alternative is to use perfmon to load one of the files to see what counter/s are being monitored and at what interval.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now