Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

task manager full of tasks with names like AT1-AT600

Posted on 2011-03-10
7
Medium Priority
?
860 Views
Last Modified: 2013-11-22
I have a server running W2008 R2 64bit, patched.

in task manager are a few hundred rundll32.exe, and in scheduled tasks are hundreds of tasks named AT1 to AT999

tasks point to exe withe funky names kasdfg asjdf$sjd etc...

I have Macafee running and patched
Ran Malware Bytes
Ran Spybot
Ran Malicious software removal tool

all come up clean

I can delete the tasks, they come back


ideas?




 
0
Comment
Question by:carrjoe
  • 4
  • 2
7 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 35100364
This reminds me of some old malware - and I hope it is (easier to clean).
**********

Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.
******

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

**When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.**

The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

I know you already ran this, but the malware may have corrupted your version - either do the "Save As" or download it to a clean computer and then rename it.

Carry it to the infected compuuter on a USB stick or CD.
0
 

Author Comment

by:carrjoe
ID: 35100406
Ok will try.

All the apps i used to clean are freshly Down loadded today

except the McAfee

MSRtool still running scan as soon as complete ill post MBAM
0
 
LVL 38

Expert Comment

by:younghv
ID: 35100502
Several of the best tools for fighting malware are recognized by some variants of malware.
Often the good stuff will either be denied installation - or the scans will be ineffective.

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 38

Expert Comment

by:younghv
ID: 35100511
ARGG!

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.

VERY important that the real name of Malwarebytes ***NOT***
 be used when the file touches the infected computer.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35101297
0
 

Author Comment

by:carrjoe
ID: 35133364
after most recent scan, i havent seen any of the little freaks pop back up yet, so no MABAM to post yet. ill wait another few days and run MABAM anyway
0
 
LVL 38

Accepted Solution

by:
younghv earned 2000 total points
ID: 35133405
carrjoe,
Please don't wait for more symptoms before running MBAM again.

Download it as I wrote above and run the "Full" scan.
If you have malware, it will find and remove it.

If it doesn't find any, you will have a high probability of confidence that none exists.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question