One of my juniors complained me that his system behaves weird today. He told me a command window popup mentioned as usoclient.exe from the system32 location (that is easily seen in the title bar). I convinced him this is a legitimate process only no need to worry about. In case if the same process run from some other location like temp folder, app data then it could be malicious. For a normal user, if a command window popped and closing will give the feel of malware is running in the system. If you also got the same usoclient.exe in the command window popup and closed, no need to worry about it.
 |
| Administrative Tools |
Open the administrative tools in the control panel, you can find the task scheduler file. I asked him to open that where he can find usoclient.exe under Microsoft->Windows->UpdateOrchestrator.
 |
| Task Scheduler |
 |
| Schedule Scan - Usoclient.exe |
Usoclient is a legitimate process if you see it in windows/system32 folder. If it is running in suspicious location then we can flag that process as malicious one.
Post by
No comments:
Post a Comment