Task Manager Suspicious Processes after WMF exploit



After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn’t recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jkdq2.exe, netsh.exe, cmd.exe, winstall.exe, vxgamet4.exe, vxgame2.exe covers most of the list of suspect entries. netsh and cmd are both legit programs, but were likely being used as remote shells. In other words they were legit, but not something that I expected to be running. (I didn’t have a cmd shell open..)


I managed to kill off the entries one by one and the system tray icons with the red circles and white x closed out one by one, the responsiveness was sluggish enough I couldn’t be sure which processes were the culprits, but the tray icons were warning that the system was infected (duh…) I did have a system freeze or two in the process and had to reboot. I did manage to disable a few items in msconfig first though.

I repeated the process of killing off running tasks and removing entries from msconfig about 2-3 times until I didn’t think I could make any more progress that way. Details on the msconfig changes next…

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
  • How to Remove AntiAdd | AntiAdd Removal Guide AntiAdd is a rogue antivirus application. It is installed via trojans that claim to be video codec or flash player updates and then once installed on the system it will claim to be scanning your computer and discovering all sorts of viral infected files. In addition to this it may......
  • Clever Smitfraud.... Sometimes you see a malware implementation that you have to have respect for the cleverness/ingenuity of the design. These pests can be dastardly to get rid of, but essentially this pest was occasionally popping up a "windows integrity scanner" installer. It wasn't frequent, but it was persistent and the user......
Blog Traffic Exchange Related Websites
  • Using the Windows Startup Manager for Faster Boot Performance By using the Windows startup manager, it should be possible to improve the start/boot performance of most PCs. In this article, we'll look at how to use the System Configuration utility to manually modify which services and programs are run at boot time. The System Configuration utility is one of......
  • Best Central Air Conditioners Choosing a new central air conditioner is often a task that waits until there is an immediate need - your air conditioning system goes out on a hot day in the middle of the summer. At that time, you may not think about the best central air conditioner, you just......
  • Improving Slow Startup Performance on Windows Computers The cause of slow startup times is primarily due to the applications initialized as the operating system boots up. This article shows how to fine-tune these programs and increase startup times. The key to improving slow startup speed is to (a) deactivate/reduce the amount of programs running as Windows begins......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site