taskmnger.exe
Last Updated on Friday, 28 October 2011 09:03 Wednesday, 05 October 2011 06:34
Here is a suspicious malicious virus installer that saves a files named taskmnger.exe, You can see the report on this link
The virus creates these files in different locations including the %AppData% folder and the root folder, where no legitimate programs create EXE files. Normally legitimate programs keep their files inside a sub folder.
This name resembles to a legitimate process in windows taskmgr.exe which is the Task Manager in windows. This file can be found in several locations in a typical XP installation at
C:\Windows\$NtServicePackUninstall$
C:\Prefetch
C:\Windows\system32
C:\Windows\ServicePackFiles\i386
I am listing these locations just to make you aware that a legitimate file could be present in several locations in a windows installation.
Just because a virus writer decides to give a name to a virus file, that does not make the name itself outlawed. So you need to take necessary precautions while deciding whether a file on your computer is legitimate or not. Read this Disclaimer
- It creates these files at
%AppData%\taskmnger.exe - And these folders
-
To know the path of %AppData% on your version of Windows, see this link - The installer is of about 115 Kilobytes.
- It creates a startup registry entry so that the files taskmnger.exe run each time windows starts.
- The autorun.inf sets the drive to autoplay. If the drive is shared in a network then other computers can be infected if they try to access this share.
- It could be used to download malicious files on the computer
Can Antivirus programs detect it?
Some antivirus programs may detect this virus file as
Trojan-Dropper.Win32.VB.aydt [Kaspersky Lab]
VirTool:Win32/VBInject.gen!FA [Microsoft]
P2P-Worm.Win32.BlackControl [Ikarus]
What is a Trojan BlackControl?
It is a malicious program that intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishing messages
How do I get infected? Can it be avoided?
Small files like these can enter a computer unnoticed while browsing on the net. It is called a drive by download. And there are ways to prevent it from happening. You can read them on this link here
So what should I do now?
You need to delete this or any other suspicious files that could be seen running in Task manager. Also do not forget to run a scheduled boot scan using the antivirus program on your computer. A good firewall can prevent and help you to block or detect if there is any hidden communication between a file on your computer and someone else on the internet. So keep a close eye on these activities through your Firewall.
Don't you write detailed Step by step instructions?
Yes, I do. But in order to avoid looking cumbersome, I have grouped all the commonly followed steps that can be applied to any or all of the viruses. In case you need them they are here on this link.
The above information is based on Automated virus analysis report form Threatexpert.com.
(copyright attribution statement: "Reprinted with permission from ThreatExpert.")
If you come across any difficulties in removing the above virus, send your queries in the Help Forum
Search within this site
Read in your language
Main Menu
| Home |
| ----Sections---- |
| Harmful Files |
| Virus Removal |
| Trojan Removal |
| Worms Removal |
| Rogues Removal |
| Unwanted Apps |
| Removal Tools |
| Current News |
| ----Articles---- |
| Warning/ Disclaimer |
| Common Folders |
| Preventive Measures |
| Removal Instructions |
| Video Tutorials |
| ----Site Info---- |
| Sitemap |
| About/Contact |
