今天發現服務器進程中有個wmiaqsrv.exe,感覺有問題,於是百度沒有發現資料,看來還得google了,發現一下介紹:
Name: WMI-Service
Filename: wmiaqsrv.exe
Command: C:/Windows/System32/wmiaqsrv.exe
Description: Added by the Troj/Mdrop-AIA multi-dropper backdoor Trojan.
File Location: %System%
Startup Type: This startup entry is installed as a Windows NT, 2000, 2003, or XP service.
Service Name: WmiAqSrv
Service Display Name: WMI-Service
HijackThis Category: O23 Entry
Note: %System% is a variable that refers to the Windows System folder. By default this is C:/Windows/System for Windows 95/98/ME, C:/Winnt/System32 for Windows NT/2000, or C:/Windows/System32 for Windows XP.
按照介紹中的說明看來是一個木馬,於是禁用該服務。