We received an alert that several files had been deleted from the C:WindowsSyswow64 of a server early this morning. I can't verify if the files were actually gone as I didn't have the right folder options set when I looked at the folder. We later received a notification that files were created in the :WindowsSyswow64 directory. I believe the list matched the list of files that were reported as being deleted. We also received an alert that several services had changed startup type:

Monitor: [Monitor services on SRMMAL1] Description: Service "Credential Manager" recently changed from startup type Manual to Boot Service "Desktop Window Manager Session Manager" recently changed from startup type Automatic to Boot

I've looked over the server and didn't find any unknown processes or service running. I did a full manual virus scan and a full scan with Malewarebytes as well. They found no viruses or malware. Is this something maybe other customers have reported seeing in the past and found there is a known reason for these changes being made? The server is Windows 2008R2 Enterprise edition.

Thanks

asked 09 Oct '14, 11:47

pdr's gravatar image

pdr
11123
accept rate: 0%


Hi

You should check to see if there was a Windows Update. Sometimes they can be the issue with the files in the WindowsSyswow64 directory being changed.

As far as the change in the startup type you need to check to make that those services have the correct start up type. I'm guessing but it could be an update as well.

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 13 Oct '14, 14:36

Quinn's gravatar image

Quinn ♦♦
14.4k3925
accept rate: 35%

I assumed the changes were related to updates but I checked and updates are configured to download but not install.

link

answered 15 Oct '14, 14:41

pdr's gravatar image

pdr
11123
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×81
×4
×2

Asked: 09 Oct '14, 11:47

Seen: 4,518 times

Last updated: 15 Oct '14, 14:41