Hi paddyc,
Let’s do this next to fix your Task Manager problem.
Please download from.http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg and save it to your desktop
A blue-white cubicle icon will appear..
Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.
REBOOT afterwards.... really important!
pol
Before I go and do that I need to report that I used internet to get a list of all known files that might be associated with taskmon and decided to check out my system and see if I found any.
Rundll32.exe was named as a possible and I have found 3 copies of it on my system. A scan with Avast produced nothing but a scan with spybot hueristics said smitfraud-c on 2 and win32.delf.rtk on the other.
I used Jotti Viruscan on system 32\rundll32.exe and this was the report
canner Malware name
A-Squared Trojan-PWS.Win32.LdPinch!IK
AntiVir TR/Crypt.PEPM.Gen
ArcaVir X
Avast Win32:LdPinch-NO
AVG Antivirus PSW.Ldpinch
BitDefender Trojan.PWS.LDPinch.TIK
ClamAV Trojan.Dropper.Agent-106
CPsecure Troj.PSW.W32.LdPinch.beo
Dr.Web Trojan.Packed.1197
F-Prot Antivirus W32/LdPinch.K.gen!Eldorado
F-Secure Anti-Virus Trojan-PSW.Win32.LdPinch.dlt
G DATA X
Ikarus Trojan-PWS.Win32.LdPinch
Kaspersky Anti-Virus Trojan-PSW.Win32.LdPinch.dlt
NOD32 a variant of Win32/PSW.LdPinch.NCB
Norman Virus Control Sandbox: W32/Malware
Panda Antivirus Trj/Ldpinch.gen
Sophos Antivirus Troj/LdPinch-PZ
VirusBuster Rootkit.LDPinch.Gen.4
VBA32 MalwareScope.Trojan-PSW.Pinch.1
I then scanned windows\$NTServicePackUninstall$\rundll32.exe and this was produced by Jotti
Last file scanned at least one scanner reported something about: ChamaleonButton.ocx (MD5: a73cd21288945e3045502bd47131034e, size: 102400 bytes), detected by:
Scanner Malware name
A-Squared HackTool.Win32.MadMSN!IK
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus HackTool.Win32.MadMSN.40
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X
I finally submitted windows\ServicePackFiles\i386\rundll32.exe and Jotti came up with following
Last file scanned at least one scanner reported something about: Webmail_Hack_2.3.zip (MD5: c2779e69591e6351aa877f8350e6447a, size: 231849 bytes), detected by:
Scanner Malware name
A-Squared Trojan-Clicker.MSIL.Xone!IK
AntiVir TR/Click.MSIL.Xone.AC
ArcaVir Trojan.Downloader.Small.Dug
Avast Win32:Trojan-gen {Other}
AVG Antivirus X
BitDefender Trojan.Generic.358370
ClamAV Trojan.Clicker-2249
CPsecure Troj.Clicker.MSIL.Xone.ac
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Trojan-Clicker.MSIL.Xone.ac
G DATA X
Ikarus Trojan-Clicker.MSIL.Xone.ac
Kaspersky Anti-Virus Trojan-Clicker.MSIL.Xone.ac
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Trojan-Clicker.MSIL.Xone.ac
What should I do about these? There were also a bunch of.pf files in prefetch referenced back to rundll32.exe but spybot said they were clear.