It could be a virus. Psexec and some other batch file stalwarts made an appearance in a virus a few years ago. A lot of AV may still show psexec as a threat
2009/9/22 David W. McSpadden <[email protected]> > Yeah but it is voodoo if I am not the one sending the commands.... > > > ----- Original Message ----- > *From:* Free, Bob <[email protected]> > *To:* NT System Admin Issues <[email protected]> > *Sent:* Tuesday, September 22, 2009 12:41 PM > *Subject:* RE: PSExec starting stopping > > Psexec installs itself as a service on the fly and uninstalls > automatically (most of the time) when it’s completed whatever you had it do > with a clean exit. Always has. If you check the SCM while it is doing > something, you will see it running under the credentials you specified on > the command line. > > > > Same for PSKill and some of Mark’s other utilities. That’s how he > accomplishes some of the remote magic..of course running them a Local System > when necessary also helps. J > > > > “PsExec starts an executable on a remote system and controls the input and > output streams of the executable's process so that you can interact with the > executable from the local system. PsExec does so by extracting from its > executable image an embedded Windows service named Psexesvc and copying it > to the Admin$ share of the remote system. PsExec then uses the Windows > Service Control Manager API, which has a remote interface, to start the > Psexesvc service on the remote system” > http://windowsitpro.com/Windows/Articles/ArticleID/42919/pg/2/2.html > > > > > > > > *From:* David W. McSpadden [mailto:[email protected]] > *Sent:* Tuesday, September 22, 2009 7:51 AM > *To:* NT System Admin Issues > *Subject:* PSExec starting stopping > > > > I noticed in a member server event log this morning PSExec service stop, > start, stop start??? > > I don't remember installing PSExec on this machine especially as a > service??? > > <Flame:ON> > > > > > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
