New Virus Variation?

[Don]

I'm trying to see if anyone has seen a virus with the following
symptoms. Infected machines will have a process called taskm.exe
running, but this process does not correspond to any know process I
can find on the web. It consumes 100% CPU and may have > 150 threads
running. It places entries in the registry in
HKEY_local_machine\software\Microsoft\Windows\CurrentConfig\run and
run service for MsTaskManager=taskm.exe. It generates enormous traffic
on our network. I cannot find any details on any Antivirus site
related to this process as a worm or virus. We use Norton Coporate 7.6
and it does not detect the file as a virus, but when we find it and
kill it, our network problems go away. Can anyone help?

Thanks.

 

[kurt wismer]

I'm trying to see if anyone has seen a virus with the following
symptoms. Infected machines will have a process called taskm.exe
running, but this process does not correspond to any know process I
can find on the web. It consumes 100% CPU and may have > 150 threads
running. It places entries in the registry in
HKEY_local_machine\software\Microsoft\Windows\CurrentConfig\run and
run service for MsTaskManager=taskm.exe. It generates enormous traffic
on our network. I cannot find any details on any Antivirus site
related to this process as a worm or virus. We use Norton Coporate 7.6
and it does not detect the file as a virus, but when we find it and
kill it, our network problems go away. Can anyone help?

it's generally not possible to diagnose a virus by symptoms alone... if
you think you have a virus, scan your drive... if you think you have a
virus your scanner can't detect, try a different scanner or send a
sample of the suspected virus to your av developer for analysis...

 

[Don]

it's generally not possible to diagnose a virus by symptoms alone... if
you think you have a virus, scan your drive... if you think you have a
virus your scanner can't detect, try a different scanner or send a
sample of the suspected virus to your av developer for analysis...

I was finally able to get a sample off to Symantec and it turns out
the taskm.exe file is Gaobot infected, just as all the symptoms
suggested. We were up to date on the Norton defs and we even tried
MacAfee's Stinger, which are all supposed to detect Gaobot, but
didn't. The 8/10 defs from Symantec now correctly detect and
quarantine the offending file.

 

[kurt wismer]

I was finally able to get a sample off to Symantec and it turns out
the taskm.exe file is Gaobot infected, just as all the symptoms
suggested. We were up to date on the Norton defs and we even tried
MacAfee's Stinger, which are all supposed to detect Gaobot, but
didn't. The 8/10 defs from Symantec now correctly detect and
quarantine the offending file.

well, sounds like a perfectly handled malware incident to me...