Task Manager Suspicious Processes after WMF exploit



After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn’t recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jkdq2.exe, netsh.exe, cmd.exe, winstall.exe, vxgamet4.exe, vxgame2.exe covers most of the list of suspect entries. netsh and cmd are both legit programs, but were likely being used as remote shells. In other words they were legit, but not something that I expected to be running. (I didn’t have a cmd shell open..)


I managed to kill off the entries one by one and the system tray icons with the red circles and white x closed out one by one, the responsiveness was sluggish enough I couldn’t be sure which processes were the culprits, but the tray icons were warning that the system was infected (duh…) I did have a system freeze or two in the process and had to reboot. I did manage to disable a few items in msconfig first though.

I repeated the process of killing off running tasks and removing entries from msconfig about 2-3 times until I didn’t think I could make any more progress that way. Details on the msconfig changes next…

Related Posts

Blog Traffic Exchange Related Posts
  • Total Security Antivirus Removal Total Security Antivirus is another rogue security application that poses as legitimate antivirus software to dupe people into installing and then paying for it. It is related to Antivirus 360 and is perhaps the followup software from the same group. This particular pest is possibly installing itself onto systems by......
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
  • Services.exe running at 100% CPU and using 100s of MB of memory - Windows XP SP3 I came across an interesting one in the last few days. This system was a Windows XP system with current updates - SP3, IE 8.... and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually......
Blog Traffic Exchange Related Websites
  • Antique Appraisal 101 There is quite a demand in today's market for antique items of all types, and so learning how to conduct antique appraisal is becoming increasingly important. Antique items are supplied to customers by way of the market that buys goods in both unrestored and restored conditions. The process of the......
  • Turn Any File into an EXE with Convert to EXE If you're a geek like me, you may on occasion have run into a situation where you had a file that you needed to convert to exe. I had read a few forum posts and tutorials on how to do this with self-extracting installers, and I even managed to do......
  • Using the Windows Startup Manager for Faster Boot Performance By using the Windows startup manager, it should be possible to improve the start/boot performance of most PCs. In this article, we'll look at how to use the System Configuration utility to manually modify which services and programs are run at boot time. The System Configuration utility is one of......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site