T
tarquinlinbin
I found the following item in c\windows\prefetch folder of my xp pro
installation
MStaskc.exe
I beleive that it is a malicious item. My reason is that it has
previously been found loaded into c:\windows\system32 folder and
attempting to communicate via my broadband connection. It looked like
a DNS attack. When i scanned the file in system 32 folder norton said
it was infected with the backdoor.smother trojan.it attempted
repair,failed then said quarantined. On subsequent reboots it would
re-appear again and again try outbound connects. NIS 2004 was blocking
this but in doing so was drinig cpu useage to 100% leading to
effective lockup of the pc. I again used NAV on it,quarantined
it,removed its entry from the registry and powered off the pc by
pulling the plug,just in case it was memory resident and recreated
itself at shut down. Subsequent reboots show it is still no longer in
the registry,nor is it in sys32 folder but it still shows in the
prefetch folder. Scanning it with NAV in prefetch doesnt show a
problem,but whats prefetch all about?
ta
joe
PS i have since found a zip file in the c:\windows\prefetch folder
which is also named MStaskc.exe. it contains a number of files which
are zipped and then compressed with Stuffit. Is Stuffit part of the xp
pro installation by the way??
I "destroyed" the zip file using steganos shredder and deleted the
stuffed prefetch file.
installation
MStaskc.exe
I beleive that it is a malicious item. My reason is that it has
previously been found loaded into c:\windows\system32 folder and
attempting to communicate via my broadband connection. It looked like
a DNS attack. When i scanned the file in system 32 folder norton said
it was infected with the backdoor.smother trojan.it attempted
repair,failed then said quarantined. On subsequent reboots it would
re-appear again and again try outbound connects. NIS 2004 was blocking
this but in doing so was drinig cpu useage to 100% leading to
effective lockup of the pc. I again used NAV on it,quarantined
it,removed its entry from the registry and powered off the pc by
pulling the plug,just in case it was memory resident and recreated
itself at shut down. Subsequent reboots show it is still no longer in
the registry,nor is it in sys32 folder but it still shows in the
prefetch folder. Scanning it with NAV in prefetch doesnt show a
problem,but whats prefetch all about?
ta
joe
PS i have since found a zip file in the c:\windows\prefetch folder
which is also named MStaskc.exe. it contains a number of files which
are zipped and then compressed with Stuffit. Is Stuffit part of the xp
pro installation by the way??
I "destroyed" the zip file using steganos shredder and deleted the
stuffed prefetch file.