Jump to content
Jafro

Windows task manager closes after clicking on more details

Recommended Posts

Hello, I was recently infected and since I have run normal malware bytes, rootkit, adware cleaner from malware bytes, normal malware bytes with the rootkit version, and Far bar. I have not been able t resolve this issue after running all of these programs so I'm hoping I can get some more help. I have attached the Addition and FRST files from Far bar. I hope you can help me, any help and advice is much appreciated.

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hi,  @Jafro     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.


We need to get additional  information from this machine to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.623.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

NOTE:  There are several Windows events logged, reporting a crash of Task Manager

Error: (08/07/2019 11:12:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Faulting module name: Taskmgr.exe, version: 10.0.17763.168, time stamp: 0x350c537c
Exception code: 0xc0000005
Fault offset: 0x000000000006fa0e
Faulting process id: 0x2388
Faulting application start time: 0x01d54d4ba183bf7d
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 7a3ecb5b-c039-4f0a-9a97-a58f7b0562c4

Share this post


Link to post
Share on other sites

Thank you for the support tool report.  The first focus on this case will be on the Task manager applet in Windows.  As noted above, it has had many aborts.

It is quite possible it may be corrupted.

This  procedure will use the Windows System File Checker tool  ( SFC ).

 

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  to copy the command lines the whole line, as-is

To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )

On that command prompt,  Copy & Paste this command

Quote

sfc /verifyfile=C:\Windows\system32\taskmgr.exe

or if the above does not succeeed

Quote

sfc /scanfile=C:\Windows\system32\taskmgr.exe

To scan it and fix it.

 

Share this post


Link to post
Share on other sites

Thanks for the help unfortunately this did not result in any fixes when i ran both command i received the message "Windows Resource Protection did not find any integrity violations."

 

Share this post


Link to post
Share on other sites

You indicate that you have run both SFC commands.

You had reported running several security scans.   On the face of it, I tend to think this is not a case of infection.

Lets see if there are older or newer copies of Taskmgr.exe

We will use FRST64 to do the Search.

 

First, set Windows to show all folders, including system folders, and hidden folders

What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out.

There is a how-to at Tenforums. Use either option one or two or three

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

Go to the Downloads folder using Windows Explorer.

Start FRST64
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button
 

Quote

taskmgr



Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

Share this post


Link to post
Share on other sites

Hi I have run the scan as you have asked you mentioned that i have previously mentioned that there where previous scans I believe I have failed to mention that they came up with results that I then quarantined and removed, I believe this has lead to a misunderstanding, that the issue isn't due to infection, but I believe it is and is a a reminent or remaining symptom of one of my infections

Search.txt

Share this post


Link to post
Share on other sites

This Thread/topic is for member  Jafro only. who is the topic starter.

If you are not  Jafro   , do NOT post here  & do NOT use this on any other system.

 

The search did not work as intended.  We may come back to that later.

on the suspicion of potential infections:  The last Malwarebytes for Windows scan found some 3 items in the Recycle bin & tagged them as Generic.Malware.Suspicious

Two runs prior  ( older ) than that there were 32 items detected, including some trojan & spyware.

Lets take some time and do 1 general housekeeping & then one new Scan.

 

We will use FRST tool to do some housekeeping to empty out TEMP files.

[ 1 ]        
This next custom procedure

will not take a  lot of time.

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder

The tool named FRSTENGLISH.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

[ 2 ]

This custom scan with Malwarebytes will take a lot of time.   Try to not use anything online during this scan.  It may take several hours for this.  Much patience is urged.

I  suggest you do a CUSTOM scan on the whole C drive !

Open Malwarebytes for Windows.

Click the Settings menu followed by the Protection tab.

Scroll down to Scan Options and turn the Scan for rootkits setting on.

 

Next, click the icon button at left marked SCAN

 

Then, from the 3 panel choices, click on the middle one marked CUSTOM

( IF you see a summary white screen with a green check, click on the Close X spot on the right side so you get to that out of the way & then click Scan button on the left & then Custom scan on the middle selected .)

 

Then click on Configure Scan button

 

be sure the Scan for rootkit on left is ticked

 

Be sure to click on the box marked C on the right.

You want to scan the whole C drive.

 

Then click Scan Now button.

 

Then see what the result is  from the Malwarebytes.

Please also  attach the FIXLOG.txt log   from the 1st task    with your next reply

Fixlist.txt

Share this post


Link to post
Share on other sites

Okay I am currently scanning with Malware bytes, but i finished the first item. I have attached the indicated item below.

Fixlog.txt

Share this post


Link to post
Share on other sites

Thank you for the reports.   The custom scan reports no malware now & no P U P either.

I would note that that run was relatively fast, given it was a Custom scan.

As to your system setup, I do have one question:  I just wonder if it has some sort of RAM disc or some sort of memory manager type tool ?

I ask in case that some memory type thing may be interfering.

[ 2 ]

Lets go ahead and do this scan so we can rule out malware at this point.

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

Click Virus and threat protection   & next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.


and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

Share this post


Link to post
Share on other sites

Okay I ran the offline scan I left my computer after the restart and nothing has really happened I came back and I was on the sign in page. I know the scan ran I just don't see any dump files showing what it did to fix things, the problem also still persists.

Share this post


Link to post
Share on other sites

For the Windows Defender history:

This is the way to look at the Windows Defender scan history.

 

Go to the Windows Start menu.  Click on the Settings icon.

Now click on Update & Security.   Then click on Open Windows Security.

·  Click the Virus & threat protection tile     and then the Protection  history label  ( in blue color)

.

Let's get more exact detail about your occasion to use Task Manager.

What is it that necessitates you looking at it ?

and

what do you mean by  "" Windows task manager closes after clicking on more details""

 

and what more details ?   on what ?

 

 

Share this post


Link to post
Share on other sites

Please be sure you saw & took to heart my last reply.   ( post # 14 just above this ).

I have a followup fix task for you.  After re-reviewing the FRST reports from this machine, there are a handful of auto-startup "executables" that are very suspicious.

This will remove them .

 

First, find the prior file I had you save named FIXLIST.txt on the Downloads folder.   Delete that one.  I have a new one for you.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder

The tool named FRSTENGLISH.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your reply.    Also advise on the situation after this run.

Sincerely,

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Hi, I have run the custom Fix List you have provided it didn't take long at all, but fixed the issue. sorry for my late response to your previous reply, but to answer your questions i needed the more details screen to more closely monitor cpu usage and to change startup programs as I noticed some weird cmd screens opening and closing upon a restart. I have atached a copy of the the fix list and a photo of the more details button I was referring to

Annotation 2019-08-07 184327.jpg

Fixlog.txt

Share this post


Link to post
Share on other sites

OK.  Thank you.  The Fix run was especially beneficial.   We have removed malwares.

I very much would appreciate getting copies of what is in the quarantine area.  I would like a copy of contents of C:\FRST\Quarantine

Please Use Windows Explorer.  Look and use just only the left-side of Explorer to navigate down the C drive.

Form "This PC"  drill down to the C drive.  Then expand and drill down to the sub-folder FRST.

Still on the left-side, click on the Quarantine sub-folder

Now with the mouse, do a right-click on the Quarantine  and then select Send to compressed ( zipped ) folder

It will produce a ZIP file.   Please attach that ZIP file with your next reply.

 

I also would like to get a fresh readout from FRST report tool.   I would like to do a new review of what is currently running on this Windows 10

The tool named FRSTENGLISH.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Find  FRSTENGLISH

Right-click on FRSTENGLISH  and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.



The tool will produce 2 report logfiles on your desktop: _FRST.txt_ , _Addition.txt
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Share this post


Link to post
Share on other sites

Thank you so much for the Quarantine collection, and for the 2 report files.

How are things overall now ?  Is there anything else you need help with ?

 

Share this post


Link to post
Share on other sites

Things are great my computer is back to running great, I just have one question what infected me was it a trogan or is there a name for the type of virus that infected my task manager

 

Share this post


Link to post
Share on other sites

I am very glad to know that the pc is doing well.

Mind you, it was not "task manager" that was at issue.

I am not 100% sure, but it looked to me that there were 2 files.  One named CPU64 that Mcafee classifies as Win64.Worm.wh

The other named AMD.exe that Microsoft classifies  as Trojan:Win32/Wacatac.B!ml

Those have been removed from your pc.

I have passed the information on those to our researchers.

 

Let me suggest the following best practices tips.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Safer practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Check in at http://windowsupdate.microsoft.com 
Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq


Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

Share this post


Link to post
Share on other sites

Alright, thanks so much for the help. I really appreciate you helping get my computer fixed I know i definitely could't have fixed it myself. But anyways, Thank you!

Share this post


Link to post
Share on other sites

You are very welcome.  I am glad to have helped.

You should delete the file FIXLIST.txt  that I had you save.  You may delete other download files I had you get.

 

Some parting tips:

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Safer practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Check in at http://windowsupdate.microsoft.com 
Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Sincerely,

Maurice

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.