Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware terminating apps based on Window title


  • Please log in to reply

#1
wcitech

wcitech

    New Member

  • Member
  • Pip
  • 1 posts
Hi geeks! I'm David and I've run a computer repair shop in my town for almost 7 years. I've been reading this site for a few weeks and decided I would like to contribute, and maybe learn a thing or two.

Lately I've come up against a hearty new breed of malware that acts by terminating apps of a certain window title. If it gets a wiff of words like "Task", "Manager", "Hijack", "Combo"... and many more... the app terminates instantly. I can load these apps for only a split second.

I can't use any task manager or task manager alternative. The machines that I've seen this one seem to be loaded with the fake Personal Antivirus, but none of the Personal Antivirus removal instructions work because all of my apps have been crippled.

What's more, I believe this malware is evolving. Yesterday I found a variation that does not terminate the app but somehow just hides it using the windows API. Combofix and MBAM run but are completely hidden. Task manager works. No obvious rogue processes or anything. A little stumped by this one-- if I have to I can format.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
Have you tried Ice sword?

Download ice sword from:

http://majorgeeks.co...word_d5199.html
using one of the links under DOWNLOADS.

SAVE it to your desktop, close all programs and then Rightclick on it and select Extract All. Let it extract to your desktop. It should create a folder icesword122en on your desktop. Doubleclick on the folder icesword122en to open it and then doubleclick on icesword.exe.

It should open a new window. In the left column at the bottom click on File. Then on the "+" in front of Local Drive C: then on the "+" in front of Windows. Click on on the "+" in front of System32. You will have to scroll down to find it. Click on Drivers. Look in the right pane and click once or twice or Date Created and look for newish files. Google any you don't recognize. You can right click on a file and Force Delete if you want to get rid of it. Repeat for Date Modified and then go back to System32 and Windows and \ and look for new stuff there.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP