Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 916
  • Last Modified:

task manager full of tasks with names like AT1-AT600

I have a server running W2008 R2 64bit, patched.

in task manager are a few hundred rundll32.exe, and in scheduled tasks are hundreds of tasks named AT1 to AT999

tasks point to exe withe funky names kasdfg asjdf$sjd etc...

I have Macafee running and patched
Ran Malware Bytes
Ran Spybot
Ran Malicious software removal tool

all come up clean

I can delete the tasks, they come back


ideas?




 
0
carrjoe
Asked:
carrjoe
  • 4
  • 2
1 Solution
 
younghvCommented:
This reminds me of some old malware - and I hope it is (easier to clean).
**********

Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.
******

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

**When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.**

The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

I know you already ran this, but the malware may have corrupted your version - either do the "Save As" or download it to a clean computer and then rename it.

Carry it to the infected compuuter on a USB stick or CD.
0
 
carrjoeAuthor Commented:
Ok will try.

All the apps i used to clean are freshly Down loadded today

except the McAfee

MSRtool still running scan as soon as complete ill post MBAM
0
 
younghvCommented:
Several of the best tools for fighting malware are recognized by some variants of malware.
Often the good stuff will either be denied installation - or the scans will be ineffective.

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
younghvCommented:
ARGG!

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.

VERY important that the real name of Malwarebytes ***NOT***
 be used when the file touches the infected computer.
0
 
Sudeep SharmaTechnical DesignerCommented:
0
 
carrjoeAuthor Commented:
after most recent scan, i havent seen any of the little freaks pop back up yet, so no MABAM to post yet. ill wait another few days and run MABAM anyway
0
 
younghvCommented:
carrjoe,
Please don't wait for more symptoms before running MBAM again.

Download it as I wrote above and run the "Full" scan.
If you have malware, it will find and remove it.

If it doesn't find any, you will have a high probability of confidence that none exists.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now