IMNSHO it isn't enough to counter a question about a (suspected) compromise with a single line answer starting with "I believe". Ask yourself, if this was a compromise, can any output be trusted? (No) Or, how hard is it to run a process under a different name? (Trivial). If you suspect something then get assurance the right way. And if, after going through the process, it appears to be a false positive, cool, in any case exercise should give you more knowledge and you likely will know somewhat better what to do when a "real" compromise turns up. Wanna know more? Check out the LQ FAQ: Security references
under "Compromise, breach of security, detection".