Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware terminating apps based on Window title

Started by wcitech , Jun 18 2009 08:27 AM

  • Please log in to reply

#1
wcitech
Posted 18 June 2009 - 08:27 AM

wcitech

    New Member

  • Member
  • Pip
  • 1 posts
Hi geeks! I'm David and I've run a computer repair shop in my town for almost 7 years. I've been reading this site for a few weeks and decided I would like to contribute, and maybe learn a thing or two.

Lately I've come up against a hearty new breed of malware that acts by terminating apps of a certain window title. If it gets a wiff of words like "Task", "Manager", "Hijack", "Combo"... and many more... the app terminates instantly. I can load these apps for only a split second.

I can't use any task manager or task manager alternative. The machines that I've seen this one seem to be loaded with the fake Personal Antivirus, but none of the Personal Antivirus removal instructions work because all of my apps have been crippled.

What's more, I believe this malware is evolving. Yesterday I found a variation that does not terminate the app but somehow just hides it using the windows API. Combofix and MBAM run but are completely hidden. Task manager works. No obvious rogue processes or anything. A little stumped by this one-- if I have to I can format.
  • 0

Advertisements

#2
RKinner
Posted 22 June 2009 - 09:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Have you tried Ice sword?

Download ice sword from:

http://majorgeeks.co...word_d5199.html
using one of the links under DOWNLOADS.

SAVE it to your desktop, close all programs and then Rightclick on it and select Extract All. Let it extract to your desktop. It should create a folder icesword122en on your desktop. Doubleclick on the folder icesword122en to open it and then doubleclick on icesword.exe.

It should open a new window. In the left column at the bottom click on File. Then on the "+" in front of Local Drive C: then on the "+" in front of Windows. Click on on the "+" in front of System32. You will have to scroll down to find it. Click on Drivers. Look in the right pane and click once or twice or Date Created and look for newish files. Google any you don't recognize. You can right click on a file and Force Delete if you want to get rid of it. Repeat for Date Modified and then go back to System32 and Windows and \ and look for new stuff there.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP