I noticed an unfamiliar scheduled startup task on my Vista32 system
shortly before and after using Malwarebytes to get rid of
vcx.exe/defender.exe malware.

Task Scheduler -> FORGX -> Ready -> at system startup
I can't disable the scheduled task: "The user account you are
operating under does not have permission to disable this task."

Properties -> General tab: "Run with highest privileges" (checkbox).
When I try to uncheck it, I get a password prompt box ->
user name: S-1-5-18, password:

Properties -> Actions tab: Start a program ->
C:\Windows\system32\rundll32.exe ->
"C:\Windows\system32\compobje.dll",mjnf

I can't find any Google discussion on this. Can someone tell me if
this is a malware remnant, and if so, how I can disable it? Thanks.

From: "M.L." <(E-Mail Removed)>

>
> I noticed an unfamiliar scheduled startup task on my Vista32 system
> shortly before and after using Malwarebytes to get rid of
> vcx.exe/defender.exe malware.
>
> Task Scheduler -> FORGX -> Ready -> at system startup
> I can't disable the scheduled task: "The user account you are
> operating under does not have permission to disable this task."
>
> Properties -> General tab: "Run with highest privileges" (checkbox).
> When I try to uncheck it, I get a password prompt box ->
> user name: S-1-5-18, password:
>
> Properties -> Actions tab: Start a program ->
> C:\Windows\system32\rundll32.exe ->
> "C:\Windows\system32\compobje.dll",mjnf
>
> I can't find any Google discussion on this. Can someone tell me if
> this is a malware remnant, and if so, how I can disable it? Thanks.

It certainly looks like a malware loading methodology.

You need to look for anything other malware that may be protecting this as well as take
ownership such that the administrative account you use can overide whatever the malware is
trying to protect. This may have to be done in Safe Mode.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

>> I noticed an unfamiliar scheduled startup task on my Vista32 system
>> shortly before and after using Malwarebytes to get rid of
>> vcx.exe/defender.exe malware.
>>
>> Task Scheduler -> FORGX -> Ready -> at system startup
>> I can't disable the scheduled task: "The user account you are
>> operating under does not have permission to disable this task."
>>
>> Properties -> General tab: "Run with highest privileges" (checkbox).
>> When I try to uncheck it, I get a password prompt box ->
>> user name: S-1-5-18, password:
>>
>> Properties -> Actions tab: Start a program ->
>> C:\Windows\system32\rundll32.exe ->
>> "C:\Windows\system32\compobje.dll",mjnf
>>
>> I can't find any Google discussion on this. Can someone tell me if
>> this is a malware remnant, and if so, how I can disable it? Thanks.
>
>It certainly looks like a malware loading methodology.
>
>You need to look for anything other malware that may be protecting this as well as take
>ownership such that the administrative account you use can overide whatever the malware is
>trying to protect. This may have to be done in Safe Mode.

Thanks for your reply. I couldn't get the Task Manager to work in Safe
Mode. Surprisingly, I was able to simply delete the task in normal
mode. Before the deletion I noticed that MSSE and Windows Security
Center were disabled and returned to that state upon reboot even after
setting them to automatically start.

Once the task was deleted those two apps stayed activated. However,
MSSE didn't show in the System Tray or Task Manager. After running
ComboFix everything appears back to normal. Not exactly sure what it
fixed though.

BTW, shortly before the defender.exe malware app started to do its
thing, WinPatrol notified me that vcx.exe wanted permission to run at
each startup, which I declined, and MSSE warned me of 3 or 4 malware
files in its appdata directory, which I ordered it to remove.
Unfortunately that was not enough to keep the malware from molesting
MSSE anyway.