taskeng.exe pupup windows - Need help!!

[Learner2016]

In the past we saw popups with command prompt Taskeng.exe.  The popups quickly disappeared before we could do a screen capture.  MalwareBytes and Windows Defender were not able to catch anything.  We re-configured the laptop by reverting the Windows 7 operating system back to the mfg state, and then re-added software apps that we own,  We also loaded data from a back up copy. We then upgraded the os to Windows 10.  It was fine for a while until a few days ago, we saw malicious website protection messages from Malwarebyte, and outbound traffic to a known malicious domain was blocked.  The taskeng popups came back just now.  Once again scan with MalwareBytes returned nothing.  What should I do now to eliminate the problem?

Here is the relevant log entries on the blocked traffic:

Detection, 12/4/2016 8:07 AM, SYSTEM, XXXXLAPTOP, Protection, Malicious Website Protection, Domain, 23.5.251.27, sv.symcd.com, 55593, Outbound, C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe,
Detection, 12/4/2016 8:07 AM, SYSTEM, XXXXLAPTOP, Protection, Malicious Website Protection, Domain, 23.5.251.27, sv.symcd.com, 55593, Outbound, C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe,

[Firefox]

Hello and Welcome...

They removed the detection for sv.symcd.com a while back... Are you sure your database is updated in your Malwarebytes, update it and see if the block continues. (I know the IP address is different but the domain name is the same)

 

[Learner2016]

Right now, my biggest fear is the popups, which may be unrelated to the sv.symcd.com issue.  the taskeng problems we experienced before we reconfigured the laptop could go as far as disabling MalwareBytes.  Whatever was causing the taskeng.exe to open a command prompt window made our laptop performance progressively compromised.  I believe that we did not solve the problem by reconfiguring the laptop and upgrading the OS. Please let me know what sort of debugging tool I can use for the taskeng.exe problem.  Thanks!

[AlexSmith]

@Learner2016, I'm moving this topic to the General Windows PC Help section since your issue is with taskeng.exe.

With that being said, taskeng.exe is the Windows Task Scheduler Engine process. It's used by Windows to perform Scheduled Tasks. You can manage these items by going to Control Panel > System and Security > Administrative Tools > Task Scheduler. Alternatively, you can utilize tools like Microsoft Sysinternals Autoruns or FRST to review and manually manage scheduled tasks.

If you want to get really advanced and capture the full process activity of taskeng.exe, you can utilize tools like Microsoft Sysinternals Process Monitor or Process Explorer. You could even use Task manager to show you the command line for a process but you have to manually add that column.

[Learner2016]

This link bellow seems to address issues that I am experiencing.  It suggests I remove taskeng.exe manually, and that I download plumbytes to removed unwanted adwares and such. Is this something that MalwareBytes would recommend? or if you have similar tools that I can down load?

http://blog.removevirusnow.org/taskeng-exe-removal/

 

[AlexSmith]

6 hours ago, Learner2016 said:

This link bellow seems to address issues that I am experiencing.  It suggests I remove taskeng.exe manually, and that I download plumbytes to removed unwanted adwares and such. Is this something that MalwareBytes would recommend? or if you have similar tools that I can down load?

http://blog.removevirusnow.org/taskeng-exe-removal/

The link is actually not correct nor legitimate information on your issue. It is worded in a way to confuse and scare users in to using the software that is advertised on that site. It's technically an online version of a tech support scam. I would not follow it's advice at all.

With that being said, please read my original response again. To recap, taskeng.exe is a legitamte system file that lives in c:\windows\system32. It's what is formally known as the Windows Task Scheduler Engine process. It's used by Windows to perform Scheduled Tasks. You can manage these items by going to Control Panel > System and Security > Administrative Tools > Task Scheduler.

If you want a second set of eyes on things, I recommend posting a FRST log and a saved Autoruns file. Directions are included below to help you out.

Creating FRST Logs:

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

Create an Autoruns Log:

• Please download Sysinternals Autoruns from here.
• Save Autoruns.exe to your desktop and double-click it to run it.
• Once it starts, please press the Esc key on your keyboard.
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
• Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
• Attach the Autoruns.zip folder you just created to your next reply