Anybody knows of a process which doesn't show in task manager?

[Nipi]

I got infected with a malicious executable, "GXHO.exe".
My anti virus didn't say anything about it, then this happened:
First my anti spyware warned me that it's being put with the start up,
so i rejected, and opened task manager to close it and didn't find it,
so i assumed it's not running. I went to its folder to delete it, but
it wouldn't delete because it's in use. A while passed and my firewall
asked me whether i allow SMTP access to GXHO.exe, of course i said no,
and checked the task manager again, found nothing!
I was wondering how can i close it, then i chose to restart the
computer hoping it won't start, but it did.
My only way to get rid of it was to activate the proactive defence of
kaspersky, which warned me when this process is trying to launch, and i
clicked terminate, and then could delete it.
So is it possible that a process doesn't appear at all in task manager?

 

[Ted Zieglar]

It's absolutely possible. One of the many tricks performed by malware is
the ability to rename itself and even to adopt the name of a legitimate
process.

Malware is getting more and more sophisticated. Don't think for a minute
that you can eliminate it by terminating its process in Task Manager.

 

[Nipi]

I had it in mind that the process might be using a legitimate process name,
as i had seen something like that before, when a malware was using named,
svchost.exe but it was running under my username not SYSTEM account which
made me suspicious. But this one wasn't using this trick, it simply didn't
appear at all.

 

[Malke]

I had it in mind that the process might be using a legitimate process
name, as i had seen something like that before, when a malware was
using named, svchost.exe but it was running under my username not
SYSTEM account which made me suspicious. But this one wasn't using
this trick, it simply didn't appear at all.

Rootkit.

http://www.google.com/search?hl=en&lr=&q=define+rootkit&btnG=Search

Malke

 

[Guest]

Hi Nipi - I suggest you try the trial version of PREVX1 -
www.prevx.com/default.asp - it did a top job for me - and explains the number
of varieties of the virus concerned ... Cheers ... David

 

[Malke]

Don't worry.

It was nothing

i was "inflected" by gxho.exe but i removed it in 5''

First of all it is not trojan, virus etc....

It is a small programm which comes from www.serials.ws

The problem is that it is hidden. You can just make it visible by
Ctrl+Alt+Shift+H.

Then go to C:Windows>Sys and just delete the file.

You are done.

So dont panic everyone....

I'm glad you got it sorted, but I can't imagine why you'd think that
anyone would panic about your problems. After all, *you're* the one
downloading cracks from a Windows machine, not me.

Malke

 

[Nipi]

Thank you for the information.
My "panic" was not because of the threat this process causes as much as
the threat of the existence of a process (and probably more than one)
which doesn't appear in the task manager. I only detected this one
because it tried to access the internet, so in case there is another
hidden one on my computer or anyone else's, and it doesn't access the
internet, then it's hard to know about it.
When i found the c:\windows\sys, i didn't delete it i just moved its
location to insure it won't run again, and I used windows live safety
scanner online to get a second opinion (as kaspersky didn't detect it),
and the scanner found it and said it's a keylogger.
Now if you are saying it shows with a hot key, then it's a controllable
program for spying like 007 spy software, but it's pre-configured in a
bad way.
So, the original problem remains, possibility of running processes,
which don't appear in task manager.

 

[THECLAW]

I got infected with a malicious executable, "GXHO.exe".
My anti virus didn't say anything about it, then this happened:
First my anti spyware warned me that it's being put with the start up

so i rejected, and opened task manager to close it and didn't find it

so i assumed it's not running. I went to its folder to delete it, but
it wouldn't delete because it's in use. A while passed and my firewal

asked me whether i allow SMTP access to GXHO.exe, of course i said no

and checked the task manager again, found nothing!
I was wondering how can i close it, then i chose to restart the
computer hoping it won't start, but it did.
My only way to get rid of it was to activate the proactive defence of
kaspersky, which warned me when this process is trying to launch, and

clicked terminate, and then could delete it.
So is it possible that a process doesn't appear at all in task manager?

YES it is, and it's very common too.

I recommend some programs i use a lot often to do some "housekeeping
on my pc, these are:advanced uninstaller pro, tune up utillities 2006
windows & internet cleaner, spy bot searc and destroy, and of course a
aware.......


Very good tools!

CHECK IT OUT