[JWise1203]

I have a problem with this file on a Windows 2000 Sever installation I have. It seems to be pegging the CPU resources on the machine at 100%. The interesting thing is when looking in Task Manager, the resources are being taken up by the 'System' process, not the 'winhttps.exe' process.

There is a registry entry for this file under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run

The file is located in C:\WINNT\System32\winhttps.exe. When I check the properties of this file, nothing is signed by Microsoft, no version or build numbers are specified either. I have run Symantec Antivirus and Microsoft Antispyware scans and nothing has shown up.

When I delete the Run registry entry and restart the system, everything acts normally. I am then able to delete the file. A few minutes later though, the file reappears and starts to consume 100% of the CPU resources again.

I have searched for more information on this executable and have found nothing. Since it's a EXE and not running as a service, I doubt that this is a native file to the OS. I have found lots of information about winhttps.dll, which I know is a vaild file Windows uses.

Does anyone have any ideas or experience with this file?

Thanks in advance.