Task Manager Suspicious Processes after WMF exploit



After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn’t recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jkdq2.exe, netsh.exe, cmd.exe, winstall.exe, vxgamet4.exe, vxgame2.exe covers most of the list of suspect entries. netsh and cmd are both legit programs, but were likely being used as remote shells. In other words they were legit, but not something that I expected to be running. (I didn’t have a cmd shell open..)


I managed to kill off the entries one by one and the system tray icons with the red circles and white x closed out one by one, the responsiveness was sluggish enough I couldn’t be sure which processes were the culprits, but the tray icons were warning that the system was infected (duh…) I did have a system freeze or two in the process and had to reboot. I did manage to disable a few items in msconfig first though.

I repeated the process of killing off running tasks and removing entries from msconfig about 2-3 times until I didn’t think I could make any more progress that way. Details on the msconfig changes next…

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove System Adware Scanner 2010 | System Adware Scanner 2010 Removal Guide System Adware Scanner 2010 is a new and aggressive rogue antivirus application. Once installed on a system it creates a program that acts as a guard of sorts for it's main process. This guard process is called noterminate and will pop up warnings and encourage users to purchase the rogue......
  • Windows Police Pro Yes folks, it's Windows Police Pro, the gift that keeps on giving apparently. It's crawled back into Googles top searches tonight. If you want to see how to remove it look at Windows Police Pro Removal, you may be interested in Who is behind Windows Police Pro and probably will......
  • How to Remove AntiAdd | AntiAdd Removal Guide AntiAdd is a rogue antivirus application. It is installed via trojans that claim to be video codec or flash player updates and then once installed on the system it will claim to be scanning your computer and discovering all sorts of viral infected files. In addition to this it may......
Blog Traffic Exchange Related Websites
  • Using the Windows Startup Manager for Faster Boot Performance By using the Windows startup manager, it should be possible to improve the start/boot performance of most PCs. In this article, we'll look at how to use the System Configuration utility to manually modify which services and programs are run at boot time. The System Configuration utility is one of......
  • Antique Appraisal 101 There is quite a demand in today's market for antique items of all types, and so learning how to conduct antique appraisal is becoming increasingly important. Antique items are supplied to customers by way of the market that buys goods in both unrestored and restored conditions. The process of the......
  • Best Central Air Conditioners Choosing a new central air conditioner is often a task that waits until there is an immediate need - your air conditioning system goes out on a hot day in the middle of the summer. At that time, you may not think about the best central air conditioner, you just......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site