Possible Virus that nothing caught?

[essential]

I ran a Hijack This because I was looking for entries of a program I had just uninstalled. I posted a log, and everything was fine except this:

"C:\WINDOWS\taskmgr.exe
This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. This process is not running from the System32 folder as it is supposed to be."

Is this true? If so, how come nothing has ever picked it up as a problem? I may just format this weekend just incase. I'm really worried now, I have no idea when this could have snuck on my machine, and I do a lot of banking from on this machine.

I have Norton Internet Security 2005 Anti-Spyware Edition, fully updated, and Webroot Spy Sweeper fully-updated. Hard to believe something like this could get me.

 

[MustISO]

Upload the file to one of the online malware/virus scanners and see what they say.

http://www.kaspersky.com/scanforvirus
http://virusscan.jotti.org/
http://www.virustotal.com/

 

[essential]

Yea, it was def a virus, I removed it through advanced start-up from starting with the computer and created a new entry so the real task manager starts.

I'm going to format this weekend, just have to decide which AV to start with this time, because Norton just let me down.

 

[BehindEnemyLines]

The question now is how it got there in the first place?

I usually test software in a Virtual Machine using VMWare. It helps with preventing gunks on the host Windows. Most of the time, I don't like or need the software enough to have it installed permanently. VM is a good testing ground.

 

[Turkish]

I can't really help with the virus removal or anything but I like Kaspersky a lot. It scans much faster than Norton (which I previously used), and has found and removed all the stupid viruses I almost infected my computer with

 

[John]

Originally posted by: essential
I'm going to format this weekend, just have to decide which AV to start with this time, because Norton just let me down.

No AV is 100% on any given day, therefore your best bet is to run under a limited account w/ SRP or in a sandbox/virtualized environment.

* fixed typo

 

[Medea]

Either go through cleaning your system or formatting. Whichever you're going to do, do it now - do not wait until the weekend. If you really don't have the time, disconnect from the Internet until you format and reinstall.

That file is a username and password stealer.
http://www.sophos.com/security...ses/trojbankereju.html
Also, click 'Advanced' for more info.

The other thing you're going to have to do is change your passwords, especially those of sensitive websites like online banking sites.

Have you noticed any files with one letter + dat like z.dat, x.dat, or n.dat on your C:\ drive? Let me know if you do and don't delete them yet.

You named two programs, neither of which is an AV. IMO, SpySweeper is not as good as it once was. Get a good AV on there. IMO, of the free AV's, this one is the best:
http://www.free-av.com

 

[essential]

Medea, I had no z.dat, x.dat, or n.dat files on my C drive that I could find. I installed the trial Kaspersky and it found only one virus file which was an ini file related to IRC. I have been disconnected from the Internet the last couple days and am going to format today. I think I am going to use Free AV like you suggested with the free Online Armor firewall which was suggested as well.

I think I'm going to install Kaspersky as well, and once a week open it, update it, and do a full system scan, but not have it open 24/7 because of the Internet slowdowns I've heard it causes, I'll only have the Free AV and Free Online Armor open all the time.

 

[Medea]

Sounds good to me. That website links to Avira AntiVir® which I'm sure you'll like. I haven't played around with Free Online Armor yet. However, I've only heard good things about it, and a couple of people whose opinions I respect swear by it.

BTW, when you format, take a look at:
http://www.mechbgon.com/build/Limited.html

This shows you how to set up a user/Limited Account on an XP system.

Good luck!

 

[lxskllr]

Antivir is great. I much prefer it to Kaspersky. One thing to keep in mind though... The heuristics sometimes throw up false positives, especially if set to high. Don't just delete files if it says it found a possible virus. Double check to make sure.