Task Manager Suspicious Processes after WMF exploit



After getting into Task Manager I saw a number of suspicious processes. There were a lot of things running as my user that I didn’t recognize. kernels64.exe, vxgame6.exe, vxgame4.exe, mm4.exe, vxh8jkdq2.exe, netsh.exe, cmd.exe, winstall.exe, vxgamet4.exe, vxgame2.exe covers most of the list of suspect entries. netsh and cmd are both legit programs, but were likely being used as remote shells. In other words they were legit, but not something that I expected to be running. (I didn’t have a cmd shell open..)


I managed to kill off the entries one by one and the system tray icons with the red circles and white x closed out one by one, the responsiveness was sluggish enough I couldn’t be sure which processes were the culprits, but the tray icons were warning that the system was infected (duh…) I did have a system freeze or two in the process and had to reboot. I did manage to disable a few items in msconfig first though.

I repeated the process of killing off running tasks and removing entries from msconfig about 2-3 times until I didn’t think I could make any more progress that way. Details on the msconfig changes next…

Related Posts

Blog Traffic Exchange Related Posts
  • Windows Police Pro Yes folks, it's Windows Police Pro, the gift that keeps on giving apparently. It's crawled back into Googles top searches tonight. If you want to see how to remove it look at Windows Police Pro Removal, you may be interested in Who is behind Windows Police Pro and probably will......
  • Network Security guide for the home or small business network - Part 4 - Know your software Ok, so you've got a hardware firewall and you've got antivirus. You're safe right? Well, not entirely. I've mentioned the flaws of antivirus. It's always a step behind. A firewall doesn't protect against unknown viruses, so what else is there to do? I'm going to tackle this in two steps.......
  • Clever Smitfraud.... Sometimes you see a malware implementation that you have to have respect for the cleverness/ingenuity of the design. These pests can be dastardly to get rid of, but essentially this pest was occasionally popping up a "windows integrity scanner" installer. It wasn't frequent, but it was persistent and the user......
Blog Traffic Exchange Related Websites
  • Improving Slow Startup Performance on Windows Computers The cause of slow startup times is primarily due to the applications initialized as the operating system boots up. This article shows how to fine-tune these programs and increase startup times. The key to improving slow startup speed is to (a) deactivate/reduce the amount of programs running as Windows begins......
  • SVCHOST.exe - What is it and why are there so many of them? I get asked this a lot.  When you run Task Manager in XP and look at the process list, you see tons of svchost.exe processes running.  You can't kill them (you don't really want to) and there's no obvious reason that there are so many of them. What are they? ......
  • Using the Windows Startup Manager for Faster Boot Performance By using the Windows startup manager, it should be possible to improve the start/boot performance of most PCs. In this article, we'll look at how to use the System Configuration utility to manually modify which services and programs are run at boot time. The System Configuration utility is one of......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site