• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

task manager full of tasks with names like AT1-AT600

I have a server running W2008 R2 64bit, patched.

in task manager are a few hundred rundll32.exe, and in scheduled tasks are hundreds of tasks named AT1 to AT999

tasks point to exe withe funky names kasdfg asjdf$sjd etc...

I have Macafee running and patched
Ran Malware Bytes
Ran Spybot
Ran Malicious software removal tool

all come up clean

I can delete the tasks, they come back


ideas?




 
0
carrjoe
Asked:
carrjoe
  • 4
  • 2
1 Solution
 
younghvCommented:
This reminds me of some old malware - and I hope it is (easier to clean).
**********

Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.
******

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

**When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.**

The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

I know you already ran this, but the malware may have corrupted your version - either do the "Save As" or download it to a clean computer and then rename it.

Carry it to the infected compuuter on a USB stick or CD.
0
 
carrjoeAuthor Commented:
Ok will try.

All the apps i used to clean are freshly Down loadded today

except the McAfee

MSRtool still running scan as soon as complete ill post MBAM
0
 
younghvCommented:
Several of the best tools for fighting malware are recognized by some variants of malware.
Often the good stuff will either be denied installation - or the scans will be ineffective.

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
younghvCommented:
ARGG!

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.

VERY important that the real name of Malwarebytes ***NOT***
 be used when the file touches the infected computer.
0
 
Sudeep SharmaTechnical DesignerCommented:
0
 
carrjoeAuthor Commented:
after most recent scan, i havent seen any of the little freaks pop back up yet, so no MABAM to post yet. ill wait another few days and run MABAM anyway
0
 
younghvCommented:
carrjoe,
Please don't wait for more symptoms before running MBAM again.

Download it as I wrote above and run the "Full" scan.
If you have malware, it will find and remove it.

If it doesn't find any, you will have a high probability of confidence that none exists.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now