Task Manager Suspicious Processes after WMF exploit



After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn’t recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jkdq2.exe, netsh.exe, cmd.exe, winstall.exe, vxgamet4.exe, vxgame2.exe covers most of the list of suspect entries. netsh and cmd are both legit programs, but were likely being used as remote shells. In other words they were legit, but not something that I expected to be running. (I didn’t have a cmd shell open..)


I managed to kill off the entries one by one and the system tray icons with the red circles and white x closed out one by one, the responsiveness was sluggish enough I couldn’t be sure which processes were the culprits, but the tray icons were warning that the system was infected (duh…) I did have a system freeze or two in the process and had to reboot. I did manage to disable a few items in msconfig first though.

I repeated the process of killing off running tasks and removing entries from msconfig about 2-3 times until I didn’t think I could make any more progress that way. Details on the msconfig changes next…

Related Posts

Blog Traffic Exchange Related Posts
  • Services.exe running at 100% CPU and using 100s of MB of memory - Windows XP SP3 I came across an interesting one in the last few days. This system was a Windows XP system with current updates - SP3, IE 8.... and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually......
  • How to Remove System Adware Scanner 2010 | System Adware Scanner 2010 Removal Guide System Adware Scanner 2010 is a new and aggressive rogue antivirus application. Once installed on a system it creates a program that acts as a guard of sorts for it's main process. This guard process is called noterminate and will pop up warnings and encourage users to purchase the rogue......
  • Clever Smitfraud.... Sometimes you see a malware implementation that you have to have respect for the cleverness/ingenuity of the design. These pests can be dastardly to get rid of, but essentially this pest was occasionally popping up a "windows integrity scanner" installer. It wasn't frequent, but it was persistent and the user......
Blog Traffic Exchange Related Websites
  • Using the Windows Startup Manager for Faster Boot Performance By using the Windows startup manager, it should be possible to improve the start/boot performance of most PCs. In this article, we'll look at how to use the System Configuration utility to manually modify which services and programs are run at boot time. The System Configuration utility is one of......
  • How To Reduce Your Home Energy Expenses When you find ways to save money on your daily expenses, you make more money available for saving and investing, two of my favorite activities.  One oft-overlooked area in which to save money is your energy costs.  Here are some tips for lowering your electric bill to give you more......
  • Antique Appraisal 101 There is quite a demand in today's market for antique items of all types, and so learning how to conduct antique appraisal is becoming increasingly important. Antique items are supplied to customers by way of the market that buys goods in both unrestored and restored conditions. The process of the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site