Jump to content

i seem to be infected


byte_king
 Share

Recommended Posts

Hello,

I use SuperAntiSpyware and for the last month or so it detects a piece of spyware called TASKMANAGER.EXE. Initially I thought this was a false-positive, but upon a oogle search I did find out this is, in fact, a piece of spyware. Thing is, SAS can't get rid of it (it asks for a reboot but the spyware remains once again). How do I get rid of this? I've attached an image of the superantispyware screen showing the threat.

post-34905-1292188525_thumb.png

Link to post
Share on other sites

  • Staff

Hi,

Do you use another program than normal taskmanager?

This because, for example Process explorer may create its key there as well and run it's own process explorer as a debugger for taskmanager. So in that case, it would be a false positive. This means, if you want to launch taskmanager, it will open Process explorer instead (in case the debugger is set as process explorer ofcourse)

Can you export the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe for me?

Since I see you are a GeeksToGoo underclassmen, I think you already know how to export keys :)

Post the results of the exported key (open in notepad) in your next reply.

Link to post
Share on other sites

Hi,

Do you use another program than normal taskmanager?

This because, for example Process explorer may create its key there as well and run it's own process explorer as a debugger for taskmanager. So in that case, it would be a false positive. This means, if you want to launch taskmanager, it will open Process explorer instead (in case the debugger is set as process explorer ofcourse)

Can you export the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe for me?

Since I see you are a GeeksToGoo underclassmen, I think you already know how to export keys :)

Post the results of the exported key (open in notepad) in your next reply.

@miekiemoes

Looks like you were right, it is ProcessExplorer (or at least it seems to me). I have attached the registry key for your perusal. Thanks )

Link to post
Share on other sites

  • Staff

Hi,

I don't see any attachement here, but that's ok. No need for it anymore since you already said it is indeed related with Process Explorer (which runs as a debugger for taskmanager in your case).

So you can ignore the detection in Superantispyware. It may be a good idea if you contact them so they can "fix" this so it won't detect when there's a legitimate debugger present.

Link to post
Share on other sites

Hi,

I don't see any attachement here, but that's ok. No need for it anymore since you already said it is indeed related with Process Explorer (which runs as a debugger for taskmanager in your case).

So you can ignore the detection in Superantispyware. It may be a good idea if you contact them so they can "fix" this so it won't detect when there's a legitimate debugger present.

Woooops, I thought it attached. Well, it appears I can't attach it because the forum says I am "not permitted to upload this type of file"

Link to post
Share on other sites

Ok, I have reported the false positive. Thanks so much for your help. This thing was driving me nuts, even with HiJackThis I couldn't seem to pinpoint it. I guess next time I'll just peruse the registry (I have this thing with the registry, I avoid it unless absolutely necessary)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.