So you're saying that it's totally and entirely normal for there to be sixteen services on my machine, eight of which are legitimate Microsoft OS services, and eight of which are named identically to those same services but with randomly-generated characters on the end, and unlike every other legitimate OS service, these services launch under my username, rather than SYSTEM or NETWORK SERVICE?
In exactly the kind of behavior malware would have?
I've attached another screenshot to show the Microsoft services next to the weird ones. Each of the eight 'weird' services has an identical 'legit' looking service that does appear to be an OS-based service.
I'll try typing out each of the pairs, but I make no guarantees that I'm going to type the names correctly.
Connected Devices Platform User Service <--- Legit OS service
Connected Devices Platform User Service_1196b9 <--- Weird thing that launches under my username.
DevicesFlow <--- Legit OS service
DevicesFlow_1196b9 <--- Weird thing that launches under my username.
MessagingService <--- etc
MessagingService_1196b9 <--- etc
User Data Storage
User Data Storage_1196b9
User Data Access
User Data Access_1196b9
Windows Push Notifications User Service
Windows Push Notifications User Service_1196b9
If those eight with the random characters at the end are legitimate OS services, why are they not being launched by the OS? (i.e. SYSTEM, etc)? And why do they have identically named legitimate services? And why do they have random characters that re-randomize on every boot?
Edited by prugoclepr, 04 November 2017 - 10:41 AM.