Solved

task manager full of tasks with names like AT1-AT600

Posted on 2011-03-10
7
843 Views
Last Modified: 2013-11-22
I have a server running W2008 R2 64bit, patched.

in task manager are a few hundred rundll32.exe, and in scheduled tasks are hundreds of tasks named AT1 to AT999

tasks point to exe withe funky names kasdfg asjdf$sjd etc...

I have Macafee running and patched
Ran Malware Bytes
Ran Spybot
Ran Malicious software removal tool

all come up clean

I can delete the tasks, they come back


ideas?




 
0
Comment
Question by:carrjoe
  • 4
  • 2
7 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 35100364
This reminds me of some old malware - and I hope it is (easier to clean).
**********

Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.
******

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

**When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.**

The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

I know you already ran this, but the malware may have corrupted your version - either do the "Save As" or download it to a clean computer and then rename it.

Carry it to the infected compuuter on a USB stick or CD.
0
 

Author Comment

by:carrjoe
ID: 35100406
Ok will try.

All the apps i used to clean are freshly Down loadded today

except the McAfee

MSRtool still running scan as soon as complete ill post MBAM
0
 
LVL 38

Expert Comment

by:younghv
ID: 35100502
Several of the best tools for fighting malware are recognized by some variants of malware.
Often the good stuff will either be denied installation - or the scans will be ineffective.

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 38

Expert Comment

by:younghv
ID: 35100511
ARGG!

VERY important that the real name of Malwarebytes be used when the file touches the infected computer.

VERY important that the real name of Malwarebytes ***NOT***
 be used when the file touches the infected computer.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35101297
0
 

Author Comment

by:carrjoe
ID: 35133364
after most recent scan, i havent seen any of the little freaks pop back up yet, so no MABAM to post yet. ill wait another few days and run MABAM anyway
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35133405
carrjoe,
Please don't wait for more symptoms before running MBAM again.

Download it as I wrote above and run the "Full" scan.
If you have malware, it will find and remove it.

If it doesn't find any, you will have a high probability of confidence that none exists.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now