Hello,
On one of servers, MS Server 2003, I have noticed a red flag while running TCP View and was looking for some ideas on how to resolve the issue. With those familiar with TCP View, this is what I am seeing:
Process PID PROTO LOCAL ADRESS LOCAL PORT REMOTE ADDRESS
Rasmans.exe 4620 TCP servername.domain 10373 www4019uo.sakura.ne.jp
So, www.sakura.ne.jp resolves to a Japaneese ISP. If I close the connection, it just reopens under a different port. I have run extensive Malware cleaners, and have come up clean. When I reboot the server, it reappears immediately.
Any ideas on how I should proceed from here? This process, I suspect, is the reason for our poor server performance.
Thanks in advance.