I'm running a Windows Server 2003 box with SP1. Task manager lists a Process named "ZYBBB9" with the location field pointing to c:\windows\temp\zybbb9.exe. Does any one know what this process is for?
That is most likely a randomly-generated executable name, created by malware on your system. I recommend you run your favorite anti-malware software (or even better multiple programs). My personal fave is Malwarebytes Anti-Malware.
Frankly, though, if this is a production server I'd get any data off that was not backed up currently (which is hopefully none), then re-image the box. There is no sense in ever risking production data security by trying to "clean" a server. Wipe and restore data from clean backups.
If it's a possibility, you may want to rotate in a backup production box and keep that one un-wiped (and quarantined) for now so that you can do some post-infection analysis, but if you need to get that particular server up and running immediately then just wipe and restore. One way or another, though, you'll want to track down the infection source.
I would generally agree that it's probably malicious software. Some versions of the Trend Micro OfficeScan antivirus program, though, generate a randomly-named executible on each startup of the software (a "watchdog" program, according to their site).
If you're running OfficeScan on that machine then your random executible may be an OfficeScan-generated EXE.
which is already installed on all newer Windows platforms and gets regularly updated by Microsoft. This will probably identify (and remove) this file as malware. Afterwards make sure you find the source of that infection.
That is most likely a randomly-generated executable name, created by malware on your system. I recommend you run your favorite anti-malware software (or even better multiple programs). My personal fave is Malwarebytes Anti-Malware.
Frankly, though, if this is a production server I'd get any data off that was not backed up currently (which is hopefully none), then re-image the box. There is no sense in ever risking production data security by trying to "clean" a server. Wipe and restore data from clean backups.
If it's a possibility, you may want to rotate in a backup production box and keep that one un-wiped (and quarantined) for now so that you can do some post-infection analysis, but if you need to get that particular server up and running immediately then just wipe and restore. One way or another, though, you'll want to track down the infection source.
I'm 99% certain you need to slap that thing with an antivirus/malware scan.
I would generally agree that it's probably malicious software. Some versions of the Trend Micro OfficeScan antivirus program, though, generate a randomly-named executible on each startup of the software (a "watchdog" program, according to their site).
If you're running OfficeScan on that machine then your random executible may be an OfficeScan-generated EXE.
first thing to check: just run the Malicious Software Removal tool:
which is already installed on all newer Windows platforms and gets regularly updated by Microsoft. This will probably identify (and remove) this file as malware. Afterwards make sure you find the source of that infection.