Questions

Rogue Process?

Tags:
+
0 Votes
Locked

Rogue Process?

blarman
Has anyone ever come across the sansv.exe process? We found it on our SQL Server (Win 2K3 - fully patched) today after it crippled our internal network with packet traffic. Killing the process seemed to directly relate to a huge drop in server communications (back to normal), but I can't seem to find any information on what it is or where it came from.

It seemed to be generating a lot of traffic over a variety of ports >2500 all destined for a series of seemingly random IP addresses (all outside our network) on Port 129.

Has anyone ever seen this? Is this an exploit? Bug? New Feature? Compromise?