Jump to content

Hooks in Explorer.exe starting conhost notepad msiexec taskhost ctfmon PresentationHost etc


Klownicle
 Share

Recommended Posts

I think this started today.  Hooks in Explorer.exe starting conhost notepad msiexec taskhost ctfmon PresentationHost etc

 

Windows Server 2012.

 

When Explorer.exe starts, the attached screenshot occurs.  If you close it, they all go away with it.

 

I've run Malware Bytes, MBar so far with no results found (other than applications I run such as CCProxy which comes up as a PUA).

 

I've looked at the network traffic log, and there are many IP's addresses output from these executables.  Also, there appears to be an extensive amount of disk writing to the INETCache folder.  I see a lot of *.mp4 files coming down among other files such as jpgs etc.  No web browsing is occurring during these times and I've prevented as much as I can from starting up.

 

I've attached a screenshot of the occurrence.

post-192163-0-82115700-1441300158_thumb.

Link to post
Share on other sites

I'm finding some of the tools don't run in a server environment.  That's not very helpful... Lol. 

 

I've re-imaged after running all the typically recommended software here, at least the ones that would run.  Alas all is well on a refresh from backup.  I've seen various reports of this type of issue but always no solution and results in a wipe/restore.  Scary to think there's something out there that no one can detect...

 

Topic can be closed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.