Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Task Manager wont open


  • Please log in to reply

#31
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Service load: 0% 100%

File: jnr$01.exe
Status: INFECTED/MALWARE
MD5 1e44857a3f524f91c4f5108106c738d9
Packers detected: -
Scanner results
AntiVir Found BDS/Sub7.215.Srv
ArcaVir Found Trojan.Subseven.215
Avast Found Win32:SubSeven-215
AVG Antivirus Found BackDoor.Delf.17.X
BitDefender Found nothing
ClamAV Found Trojan.SubSeven.215-srv
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: W32/Suspicious_M.gen in pztrain.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Trojan.Downloader.Swizor.CO
ClamAV Worm.Mytob.GH
Dr.Web X
F-Prot Antivirus X
Fortinet W32/DarkMoon.AM-bdr
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control W32/Suspicious_M.gen
UNA X
VBA32 X
  • 0

Advertisements


#32
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, deleted the JNR$01.exe, but a search did not find the win32api.exe file?? Amazing that that many virus checks and chekers over past two weeks did not spot that one??
SD
  • 0

#33
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
what now?
  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Download a free trial of TDS3 from here:
http://tds.diamondcs...x.php?page=home
Update as described here:
http://tds.diamondcs...php?page=update
When that is ready click System Testing > Full sytem scan
After the scan is done rightclick one of the entries in the lower pane and choose "Save as text" > YEs and post the content of the text file that will open.

Regards,
  • 0

#35
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Spyware Doctor ReportSpyware Doctor Activity Report
Generated on 7/16/2005 9:04:52 AMSpyware Doctor HomepagePC
Tools HomepageTechnical Support


Scans (basic information only):

Scan Results:
scan start:7/16/2005 9:05:18 AM
scan stop:7/16/2005 9:39:37 AM
scanned items:94652
found items:16
found and ignored:0
tools used:General Scanner, Process Scanner,
Hosts scanner, LSP Scanner, Registry Scanner,
Cookie Scanner, Browser Defaults, Favorites and
ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection NameLocationRisk
Kazaa Promotional ItemsmultipleMedium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\PromotionsMedium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\Promotions##Medium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\Promotions\BroadbandMedium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\Promotions\Broadband##Medium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\Promotions\Broadband##BBDbLocMedium
Kazaa Promotional
ItemsHKCU\Software\Kazaa\Promotions\Broadband##NullImageLocMedium
Common Components for
GAINowner@dist.belnk[2].txtElevated
Tracking Cookie(s)owner@www.burstbeacon[2].txtMedium
Common Components for GAINowner@belnk[1].txtElevated
Advertisingowner@burstnet[1].txtLow
Tracking
Cookie(s)owner@expertanswercenter.techtarget[1].txtMedium
Tracking Cookie(s)owner@adknowledge[1].txtMedium
Tracking Cookie(s)owner@www.geekstogo[2].txtMedium
Common Components for
WindUpdatesHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}Medium
Common Components for
WindUpdatesHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexploreMedium
  • 0

#36
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Any suggestions?
Tks
Sd
  • 0

#37
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Yes. Follow my instructions.
  • 0

#38
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Sorry, obviously I a missing something here..
I went to the link you suggested, downloaded the program, and saved the text file that it provided...and pasted it back to you???? When I hadn't heard a reply from you on what the program you suggested provided, asked again? Sorry if I am missing something, but ...

SD
  • 0

#39
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, figured out where I messed up....got the wrong program initially...did it right, and got the following...there was no click box on bottom to save, and when I saved the txt file this is what I got..but it doesnt show the files themselves....had 4 with "suspicous file extesnions, like taskmanager...exe.exe , and a couplein the HP folder "killtask".... but they didn't show in txt file??

20:00:06 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
20:00:06 [Init] Started 21-07-05 20:00:06 Eastern Standard Time (UTC: 5), Internet Time @1041.74
20:00:06 [Init] Loading TDS-3 Systems ...
20:00:06 [Init] Token successfully adjusted.
20:00:06 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
20:00:07 [Init] • Plugins : OK. Loaded 13
20:00:07 [Init] • Exec Protection : Not Installed
20:00:07 [Init] WARNING: Your Radius.TD3 database needs to be updated!
20:00:07 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
20:00:07 [Init] Licensed users can use the Update facility from the TDS menu
20:00:07 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
20:00:38 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
20:00:38 [Init] • Systems Initialised [61039 references - 32765 primaries/15945 traces/12329 variants/other]
20:00:38 [Init] Radius Systems loaded. <Databases updated 21-07-2005>
20:00:38 [Init] TDS-3 Ready. <Owner@192.168.2.10, 127.0.0.1 - United States>
20:00:38 [Tip Of The Day] Did you know? - DiamondCS are the only anti-trojan company that updates DAILY.
20:00:38 [TDS] Good evening Owner.
20:00:55 [Mutex Memory Scan] Started...
20:00:57 [Mutex Memory Scan] Finished (no trojan mutexes found).
20:00:57 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
20:01:02 [CRC32] Started - verifying 29 files ...
20:01:07 [CRC32] Test finished.
20:02:54 [Memory Scan] Memory scan started, please wait a moment ...
20:02:57 [Memory Scan] Memory scan complete.
20:02:57 [Mutex Memory Scan] Started...
20:02:58 [Mutex Memory Scan] Finished (no trojan mutexes found).
20:02:58 [Trace Scan] Started...
20:03:33 [Trace Scan] Finished.
20:03:33 [ServiceScan] Scanning for services and drivers ...
20:03:43 [ServiceScan] Scanned 350 services and drivers.
20:03:43 [File Scan] Scanning in A:\ ...
20:03:44 [File Scan] Scanned 0 files: 0 alarms in 1.109375 seconds (Avg 1. files/sec)
20:03:44 [File Scan] Scanning in C:\ ...
21:52:35 [File Scan] Scanned 65554 files: 7 alarms in 6530.406 seconds (Avg 11.04 files/sec)
21:52:35 [File Scan] Scanning in D:\ ...
21:58:40 [File Scan] Scanned 7686 files: 7 alarms in 364.5156 seconds (Avg 22.09 files/sec)
21:58:40 [File Scan] Scanning in E:\ ...
22:02:48 [File Scan] Scanned 2235 files: 7 alarms in 247.8125 seconds (Avg 10.02 files/sec)
22:02:48 [Scan] Finished.
  • 0

#40
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you scan the C: drive again?

Not sure if the trial version installs the rightclick menu but if it does you can rightclick the C: drive icon under My Compuetre and choose Scan drive with TDS-3

That double extension for taskmanager sounds very interesting.

Regards,
  • 0

Advertisements


#41
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Opened it again, and see no "c:drive Icon" , or "my computer" anywhere on TD3 program when it opens,,,not an option on toolbar nor any noted icons?
I will run again tongith (took about 2 hrs) and manually copy what it shows for files and send to you by reply...tried to cut/paste/save as text and would not copy the "actual file names" part at bottomof screen....

SD
  • 0

#42
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Scan Control Dumped @ 22:51:34 22-07-05

Ok, here is what it found...obviously some issues....tks for your patience...


Suspicious Filename: Dual extensions
File: c:\hp\bin\python-2.2.1.exe

Positive identification: Riskware.Tool.KillApp
File: c:\hp\bin\terminator.exe

Positive identification: Riskware.Tool.KillApp.b
File: c:\hp\drivers\audio\creative\audio\drivers\common\killapps.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\windows\servicepackfiles\i386\taskmanager.exe.exe

Suspicious Filename: Dual extensions
File: c:\windows\system32\taskmanager.exe.exe
  • 0

#43
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
I'm not sure if that would make a difference, but it is strange that the files have double extensions.

Can you try renaming c:\windows\system32\taskmanager.exe.exe to c:\windows\system32\taskmanager.exe and let me know if that makes a difference.

Regards,
  • 0

#44
tvrfan2003

tvrfan2003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ok, renamed the file, but not sure what to look for...the contl-alt-del now pulls up the process mgr that you had me use as it is better, and not sure what else would show it? Also, what about the other files shown, should I be concered about those?
SD
  • 0

#45
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
c:\windows\servicepackfiles\i386\taskmanager.exe.exe has one exe too manuy as well, but that should have no influence. The other ones are OK and can be left alone.

You can "undo" the change to open ProcessExplorer as a replacement for Ctrl-Alt-Del at the same place as you applied it.
Options and then remove the checkmark.

Let me know if that is enough to restore evereything back to the way it should be.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP