Jump to content

Please help: trojan.agent taskman keeps coming back

Recommended Posts


I would appreciate help on fixing this horrid virus that infected my machine yesterday. It started as a fake security warning and then sent my machine into a spin. I ran MBAM and it found about 20 viruses, which it then removed, all except for one that keeps coming back no matter what I do. I have noticed many other threads on this problem, but in the interests of reducing confusion, I am posting it in a new thread.

I run Windows XP SP3, AVG free antivirus, Zone Alarm.

When I remove the trojan and then watch the task manager, a process appears for a few seconds called hdav.exe. Then it hides itself again, but this I think is part of the trojan. It has disabled access to the task manager, changed registry settings to disallow changes to desktop properties, system restore and a few other things (sorry I am too tired to remember ... been up most of the night trying to fix this). But I seem to have stopped all of those nasties, but am still left with the trojan agent 'taskman'. I cannot see the hdav.exe process in the task manager since updating MBAM again this morning, but it is still behaving strangely and not all my usual icons are appearing in the system tray. It also does a split second flash of the blue screen of death when starting up, and will not allow me to start is safe mode.

The results of trying to remove the taskman trojan is:

Malwarebytes' Anti-Malware 1.41

Database version: 2955

Windows 5.1.2600 Service Pack 3

14/10/2009 4:37:17 PM

mbam-log-2009-10-14 (16-37-17).txt

Scan type: Quick Scan

Objects scanned: 94659

Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)


I really am not that technical-minded, so this situation has left my poor brain cells rather frazzled as the learning 'curve' has been vertical. So please, some assistance 'for dummies' would be really appreciated :-)

Thank you in advance.

Link to post
Share on other sites

Hello hrn & sUBs,

Thank you for your replies.

hrn suggested I use the FileASSASSIN run tool to delete the hdav.exe file hidden in the recycler. I did this but it kept coming back, so I searched the recycler for every partition and there it was!

The sneaky thing was hiding in every one and even on my backup drive, so if I had reinstalled windows (as advised by a few other people), it would have come back once I connected the backup drive. Please note that the virus scans did not detect it on these drives (only MBAM found it in the registry), but it was only the FileASSASSIN tool that actually successfully removed it.

So now it is clean and happy. I've been periodically scanning now for two days and it is still clear.

So once again, thank you for your assistance.

Cheers and have a great weekend :-)

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.