Hi,
Great question. I would imagine that your access logs might help. Unless its being created by a plugin that was compromised and caused something to be happening at the database level.
This is up to you, but I would treat this as if you were exploited on some level and follow the guide here:
http://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Better safe than sorry!
tim