Exploited??

["Hank Kester" <hank () burningriver net>]

Here I was, freshly installing win2k with sp4. 4 error messages popped up in a row, unhandled exception in svchost.exe. 
I stupidly didn't get the locations, because I dismissed it as a random bug.

It then occurred to me that this may be how the recent RPC exploits on the end user's system. When I tried to open the 
Task Manager, to see if any other processes had been started, it stayed open for only a fraction of a second. There was 
one foreign task, sysengr.exe . A search of Google revealed nothing for this filename. I tried to delete it, but first 
had to rename taskmgr.exe to a random name so that it would stay open, instead of being closed. After this, sysengr.exe 
was easily ended, and the file was removed (I have a copy available, should anyone want to study it.)

The only other side effect I noticed was that I was unable to open regedit, presumably in an attempt to keep me from 
removing the program from startup.

Thank you for any information you might have on what else I should look for on this system, besides the obvious 
patching which I was in the process of doing when this came up.

-Hank Kester