I just noticed that there is an account called “admin$” on this Windows 2003 Small Business Server. It’s a member of the “Administrators” and “Domain Members” groups. The server is not running any unusual programs, just ISA, Exchange, file sharing, antivirus software, spam filtering software, etc. I know this isn’t a normal account to see because I have vast experience with Windows server; it apparantly showed up just recently. The server did undergo a hardware upgrade right before I noticed the mystery account. My boss who did the upgrade said he didn’t create it.
I’m pretty tough on security so it seems unlikely that it’s some sort of adware/spyware/virus, and there have been no indications of anything like that. No unusual firewall traffic. I disabled the account, of course. Has anyone else seen something like this?