I seem to be infected

[byte_king]

Hello,

I use SuperAntiSpyware and for the last month or so it detects a piece of spyware called TASKMANAGER.EXE. Initially I thought this was a false-positive, but upon a oogle search I did find out this is, in fact, a piece of spyware. Thing is, SAS can't get rid of it (it asks for a reboot but the spyware remains once again). How do I get rid of this? I've attached an image of the superantispyware screen showing the threat.

[Guest name cool]

Probably is spyware. Scan with Malwarebytes' Anti-Malware. Then, with beneficial use of this page

........................................

M' Anti-M Free use. XP SP 3

:::::::::::::::::::::::::::::::

[ScanMan]

Particularly nasty malware has to be removed outside of Windows using a Boot CD, would be great if MBAM had one of these.

Download and burn the Kaspersky disk from here, boot form it and scan.

http://www.techmixer.com/free-bootable-ant...-download-list/

After it is done use MBAM to clean up the registry leftovers.

[byte_king]

@ScanMan

I am running a duel boot with Windows and Ubuntu. Will this in any way impact on the use of the bootable scan disk?

[ScanMan]

@ScanMan

I am running a duel boot with Windows and Ubuntu. Will this in any way impact on the use of the bootable scan disk?

No it should not. most likely the underlying OS on that boot disk is Linux. Just select the proper partition to scan. This is a screenshot of Kas 2009, the 2010 version may be slightly different.

[byte_king]

@ScanMan

Cool I'm downloading it now.

@Name_Cool

I scanned with MBAM several times....nothing!

This piece of spyware seems to disguise itself as a windows process and SecurityTaskManaer requires you to pay for the full version to be able to scan system processes. I think I'll hold off and see if I can remove it irst without having to resort to payment. If all else fails, than I'll try it out

[ScanMan]

Never pay a ransom, they will take your money and that will be all they do for you.

[mountaintree16]

byte_king,

Perhaps you should get your machine checked out in the malware removal forum.

[DarkSnakeKobra]

Mostly debugging software place themselves under the Image Execution Control Options key. However, it is rarely used and most programs wouldn't use it so it is highly suspicious.

[TheLeon]

This sounds like scareware, annoying and difficult but managable. Depending on the variety they rarely cause damage other that change internet protocols. I think this one is known as a root kit.

For the Microsoft limited but knowledgeable pc user 1. download (on another pc) rkill.exe .

2. Put rkill on a flash drive, also dl Avast freeware executable and install to the flash drive, get the updates as well.

3. Reboot to safemode, usually hitting f8 (repeatedly) as the boot screen starts. put in the flash drive.

4. Execute the rkill then the Avast.

5. Clean the cr*p off the hard drive.

6. Reboot and it should be good.

7. Save above tools to impress your friends then they get a similar infection. Don't forget to be dramatic when doing it for your gf.

I recommended Avast as it is specific for rootkits and scareware. I have used Malewarebytes in the past in the same way but it missed the one my son got on his PC recently. I dual boot XP and Win7 (plus Ubuntu) on mine.

[DarkSnakeKobra]

Please be cautious on giving advice. You need to be in the proper group to offer removal advice.

[byte_king]

@mountaintree16

Thanks, I already posted there, so I guess only in time I'll get my answer.

[mountaintree16]

You're welcome, good luck!

Hopefully it's nothing too bad.

[byte_king]

Just an update: so the threat is simply a false positive between ProcessExplorer and SAS. A quick search to the windows registry yielded the answer

[mountaintree16]

Phew

That's good! Thanks for letting us know.

Did you tell SAS about the FP?

[byte_king]

Yes I have reported it

[DarkSnakeKobra]

Glad it's not for real.

[byte_king]

You're telling me, I was freaked because I couldn't find the freakin infection. I should have checked the registry straight off the bat.

[DarkSnakeKobra]

If it was real, you'd have a nice practice system.