Solved

task manager full of tasks with names like AT1-AT600

Posted on 2011-03-10
7
852 Views
Last Modified: 2013-11-22
I have a server running W2008 R2 64bit, patched.

in task manager are a few hundred rundll32.exe, and in scheduled tasks are hundreds of tasks named AT1 to AT999

tasks point to exe withe funky names kasdfg asjdf$sjd etc...

I have Macafee running and patched
Ran Malware Bytes
Ran Spybot
Ran Malicious software removal tool

all come up clean

I can delete the tasks, they come back


ideas?




 
0
Comment
Question by:carrjoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 35100364
This reminds me of some old malware - and I hope it is (easier to clean).
**********

Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.
******

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

**When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.**

The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

I know you already ran this, but the malware may have corrupted your version - either do the "Save As" or download it to a clean computer and then rename it.

Carry it to the infected compuuter on a USB stick or CD.
0
 

Author Comment

by:carrjoe
ID: 35100406
Ok will try.

All the apps i used to clean are freshly Down loadded today

except the McAfee

MSRtool still running scan as soon as complete ill post MBAM
0
 
LVL 38

Expert Comment

by:younghv
ID: 35100502
Several of the best tools for fighting malware are recognized by some variants of malware.
Often the good stuff will either be denied installation - or the scans will be ineffective.

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 38

Expert Comment

by:younghv
ID: 35100511
ARGG!

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.

VERY important that the real name of Malwarebytes ***NOT***
 be used when the file touches the infected computer.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35101297
0
 

Author Comment

by:carrjoe
ID: 35133364
after most recent scan, i havent seen any of the little freaks pop back up yet, so no MABAM to post yet. ill wait another few days and run MABAM anyway
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35133405
carrjoe,
Please don't wait for more symptoms before running MBAM again.

Download it as I wrote above and run the "Full" scan.
If you have malware, it will find and remove it.

If it doesn't find any, you will have a high probability of confidence that none exists.
0

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question