ChickensEvil
Member
I have scowered the internet to the best of my ability and the power of google has failed me. So, at long last, I have finally broke down and created a couple technical forum accounts in the hopes that someone smarter than I can assist.
I work in the IT industry and have a rather high experience level. The machines I'm seeing this particular issue on are indeed windows vista 64bit Ultimate but the OS shouldnt matter as this is about the base operating system in general.
So here goes,
Autochk.exe is getting modified by iexplore.exe throughout normal operation of the machine. I specify that this is normal operation and not a virus concern as I am aware that there are times when viruses have been known to infect said files. The exact file paths I am seeing on the hosts in question show:
C:\program files(x86)\internet explorer\iexplore.exe
c:\windows\system32\autochk.exe
with a create, read, write attribute.
From what I have been able to find on the internet, autochk is called whenever there is an issue on the host, and it is needed to run chkdsk upon boot, vice while the OS is running. I know this software is in the startup entries, and is a normal process for windows to run it at any given moment to its heart's content. But what would cause iexplore.exe to constantly be overwriting this file with a new version of autochk.exe.
I realize that a windows update push would potentially contain a new file that would get pushed to the host (would that possibly go through the iexplore.exe process?) I also know that it gets used and ran when users log out, log on, restart, shutdown etc. But does this action constitute a significant enough change to the file that the OS would simply overwrite the file?
Basically, if autochk.exe were just simply modified for whatever reason by the OS, two questions are raised:
1. Why does this modification show as a file creation vice modify?
2. Why is iexplore.exe the offending process that is deciding to run these tasks?
And yes, when I am tracking these happen, I would know if it was SYSTEM process vice another software.
Additional information: I was able to find that scripts can be run to modify certain settings with autochk.exe and scheduling tasks etc, but would/could these scripts be ran through iexplore.exe, and if so, again, why would this entail a complete overwrite of the file instead of getting the modify flag set.
I work in the IT industry and have a rather high experience level. The machines I'm seeing this particular issue on are indeed windows vista 64bit Ultimate but the OS shouldnt matter as this is about the base operating system in general.
So here goes,
Autochk.exe is getting modified by iexplore.exe throughout normal operation of the machine. I specify that this is normal operation and not a virus concern as I am aware that there are times when viruses have been known to infect said files. The exact file paths I am seeing on the hosts in question show:
C:\program files(x86)\internet explorer\iexplore.exe
c:\windows\system32\autochk.exe
with a create, read, write attribute.
From what I have been able to find on the internet, autochk is called whenever there is an issue on the host, and it is needed to run chkdsk upon boot, vice while the OS is running. I know this software is in the startup entries, and is a normal process for windows to run it at any given moment to its heart's content. But what would cause iexplore.exe to constantly be overwriting this file with a new version of autochk.exe.
I realize that a windows update push would potentially contain a new file that would get pushed to the host (would that possibly go through the iexplore.exe process?) I also know that it gets used and ran when users log out, log on, restart, shutdown etc. But does this action constitute a significant enough change to the file that the OS would simply overwrite the file?
Basically, if autochk.exe were just simply modified for whatever reason by the OS, two questions are raised:
1. Why does this modification show as a file creation vice modify?
2. Why is iexplore.exe the offending process that is deciding to run these tasks?
And yes, when I am tracking these happen, I would know if it was SYSTEM process vice another software.
Additional information: I was able to find that scripts can be run to modify certain settings with autochk.exe and scheduling tasks etc, but would/could these scripts be ran through iexplore.exe, and if so, again, why would this entail a complete overwrite of the file instead of getting the modify flag set.
