Stopping a Process in Task Manager

Topic

New Reply

Am running XP Professional (Service Pack 3)

I recently somehow almost instantly acquired a Trojan & could do nothing with my standalone computer.
Although I could boot the sytem, it would not let me access anything (AVG Free AntiVirus software Version 9.0, etc, etc.)
It continually tried to send me to antivirmore.net to “update” it by purchasing it.

Out of desperation, I “ended” some processes in Task Manager that I did not recall as normally occurring.
That allowed me to finally access my AVG software.
I then did a complete scan of my system but it found only some tracking cookies that I deleted.

But when I rebooted again, the problem reappeared.
Again, I ended some processes.
This time, I restored to a restore point just a day previous.
That cured my problem.
Only 1 time shortly thereafter my system successfully blocked another similar Trojan which was placed in the Virus vault.

I then went online & created a bootable AVG Rescue CD (actually a bootable USB Flash Drive) to use if it is ever needed in the future.
I then tested it. It again found some more tracking cookies that I again deleted.
But, it also found another Trojan for which I told it to rename it by adding the suffix _infected.arl (as suggested by AVG)
After, I rebooted the system normally, I did a search for any file with that suffix, but could not find any.

FINALLY THE QUESTIONS:

If I ever erroneously end a process, will it be added back when I reboot the system?

Is it possible that the AVG scan (using the bootable USB Flash Drive) merely saw the Trojan that was already in the Virus Vault & just did not rename it?

Reply | Quote

Replies

If I ever erroneously end a process, will it be added back when I reboot the system?

This part I can answer: yes. The startup sequence is prescribed in the OS, in the registry, and in the startup folder, and consists of a large number of processes and programs. Nothing you do in terminating currently running processes will change that sequence. (For that reason, as part of your clean-up, you also need to examine what will (re)occur at startup.)

Reply | Quote

Out of desperation, I “ended” some processes in Task Manager that I did not recall as normally occurring.

What was the name of the process you “ended”?

But when I rebooted again, the problem reappeared.

The problem was never properly dealt with, you still have an infection, worse yet it’s stealthed from your
normal avenue of detection and eradication: AVG software.
Ending a process in real time does nothing to remove it’s underlying etiology.

But, it also found another Trojan for which I told it to rename it by adding the suffix _infected.arl (as suggested by AVG)

What was the name of the Trojan?

It looks to me like you had inadvertently got stung with one of the pseudo AV malware threats that’s been going around lately.
They’re potency can range from extremely irritating to potentially covertly dangerous, like in a rootkit.
The above questions need answers.

Use an accredited online AV scanner & use more than one tool, preferably in safe mode, if installed.

If the use of several tools on your own fails to find or eradicate this problem, I would recommend seeking an antimalware and or anti-trojan trained experts advice;
http://www.geekstogo.com/forum/forums.html
http://www.bleepingcomputer.com/forums/forum22.html
http://forums.malwarebytes.org/index.php?act=idx

Reply | Quote

It was the Trojan horse Generic18AEKM
It was in C:Documents and SettingsMy Full NameLocal SettingsApplication Datammrtqxpbinytohuwtssd.exe

I just did an Windows Update (before I posted here) & it included the July Malicious Software Removal Tool by Microsoft. Nothing was detected. Was that not sufficient?

And since I read your reply, I ran the PC Pitstop Exterminate2 System Scan online. It also did not detect anything.

Reply | Quote

Look through this site for a “Antivirmore.com Removal Guide” if you believe your system is still infected.
Purge whatever you have in AVG’s vault as well.
You should not be experiencing any browser redirects to the site in question if it is indeed removed.

Reply | Quote

I was sure I was no longer infected until I read your replies. Now I am not so sure.

I am not getting any browser redirects – so I guess that makes me lean a little more towards believing that I am no longer infected. So does the fact that the online scans that I did run also show no infection.

But, I will keep my guard up!

Reply | Quote

I would at the very least run malwarebytes free asap, download, update, run scan let it clean what it finds. I also recommend going to one of the malware removal support forums to get guided assistance and use of some special tools.
http://www.udel.edu/topics/spyware/installmalwarebytes.html directions on getting and installing and using malwarebytes you can use and keep malwarebytes on your pc it will not interfere with your antivirus program, update it and scan with it weekly.
You can find many excellent malware removal forums listed on the ASAP site
http://asap.maddoktor2.com/

bleepingcomputer has some excellent removal guides on their site.

doing a system restore did not clean your pc. The infection you mention quite often carries with it a rootkit you want to make certain you are not still infected with that.

Reply | Quote

I may have interpreted your original post as an ongoing infection, when in fact you may have already
dealt with the problem successfully. If this is the case, disregard some of my paranoid rantings.
Downgrade to a strong dose of vigilance;
You can keep up your guard by monitoring for unwarranted cpu, hard drive, and network activity for awhile.

Reply | Quote

I may have interpreted your original post as an ongoing infection, when in fact you may have already
dealt with the problem successfully. If this is the case, disregard some of my paranoid rantings.
Downgrade to a strong dose of vigilance;
You can keep up your guard by monitoring for unwarranted cpu, hard drive, and network activity for awhile.

Yes, I do think that you & others have needlessly caused me to overreact.

The 7-16-10 reply by R-C & my discovery in the instructions of 1 of the malware removal software sites that stated how to proceed if after you used their software you were unable to use Windows have caused me to stop & do nothing more.

Also, after re-reading my very lengthy but thorough 1st post, I have concluded (at least for the time being) that I did successfully deal with the problem & need to do nothing more.

Reply | Quote

the site spywareremove link mentioned in an above post by Clint is coming up RED flagged in WOT so proceed with caution there. I personally steer clear of the RED listed sites. It has 43 comments stating malicious content on the site and states it contains rogue software.

Reply | Quote

Yes, I do think that you & others have needlessly caused me to overreact.

The 7-16-10 reply by R-C & my discovery in the instructions of 1 of the malware removal software sites that stated how to proceed if after you used their software you were unable to use Windows have caused me to stop & do nothing more.

Also, after re-reading my very lengthy but thorough 1st post, I have concluded (at least for the time being) that I did successfully deal with the problem & need to do nothing more.

Your original post is somewhat contradictory and difficult to read.
Furthermore, it was difficult to ascertain, with any certainty, whether anything was actually resolved other than
the symptom of being directed to a known fake AV program site (antivirmore.net).

the site spywareremove link mentioned in an above post by Clint is coming up RED flagged in WOT so proceed with caution there. I personally steer clear of the RED listed sites. It has 43 comments stating malicious content on the site and states it contains rogue software.

How does “SpyHunter’s Malware Scanner”, listed on the site mentioned, rate as rogue Software? I’ve downloaded and tested it myself.
And what is your exact determination of the site http://www.spywareremove.com/removeAntivirmorecom.html as being “red flagged?
Based solely on WOT??

Reply | Quote

Your original post is somewhat contradictory and difficult to read.
Furthermore, it was difficult to ascertain, with any certainty, whether anything was actually resolved other than
the symptom of being directed to a known fake AV program site (antivirmore.net).

My original post was a step by step recap of what had occurred & what I had done.
If you first read all of that & then look at my Questions, nothing is contradictory nor difficult to read.

However, I will never write such a long post again because no one takes the time to read it all & replys based only on a couple of sentences or words that did catch their eye.

THANKS for your & every one else’s time.
Unless I see some evidence to the contrary, I will assume that my problem has indeed been solved by the actions I already took.

Reply | Quote

At a minimum, you should be using Malwarebytes Anti-Malware
( http://www.malwarebytes.org/mbam.php ) AND “SUPERAntiSpyware”
( http://www.superantispyware.com ), BOTH of which come in a FREE
version, on a regular basis .

Reply | Quote

I highly value WOT, as do many others, but what I value most is the actual user reviews and replies which are listed in the RED flagged report area, as I stated there were numerous, over 40, direct comments by individuals stating that the website mentioned included malicious rogue malware, when seeing that kind of rating and those numbers of direct reviews I steer clear, which is why the warning was provided. What any one chooses to do on their own is of course their business. On the forums I am on warning of RED listed WOT sites is the norm, to go with caution. It was given here by myself as just that a cautionary notice.

http://www.mywot.com/en/scorecard/spywareremove.com#comment

Reply | Quote