Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / I finally got a virus! taskdir.dll trojan

Author
Message
Zeal
22
Years of Service
User Offline
Joined: 10th Oct 2002
Location: Colorado Springs, CO
Posted: 22nd Mar 2006 20:55
Link
I like to think im pretty careful when it comes to viruses, and really up till this point I never had one. I use simple avg free edition + common sense to keep my computer safe. However, the other day out of the blue avg pops up with some "taskdir.dll trojan" detected.

Moved it to the virus vault because it couldnt be repaired, scanned the whole system and everything else was clean. Its not really causing any problems, but everytime I reboot a new "taskdir.dll" appears and avg warns about it (I have 5 copies of it in the virus vault now!).

So the first thing you would think to do is google it, but I couldnt find anything that helped (maybe its new?). Like I said it doesnt seem to be effecting anything when its in the vault, but I still would like to get rid of it, any ideas?

Thanks

All you need is zeal
Back to top
Profile PM Email
Math89
20
Years of Service
User Offline
Joined: 23rd Jan 2004
Location: UK
Posted: 22nd Mar 2006 21:11
Link
You should search on your computer all the files created today (or yesterday), I think you'll find a strange .exe or .bat file that create your 'taskdir.dll'.
Back to top
Profile PM
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 22nd Mar 2006 22:03
Link
It is probably getting recreated reboot by a rogue program in one of the many startup locations. Most viruses stick stuff in 'run' location in the registry so it gets called every boot.

Easiest way to see what's in all the different startup locations is run 'system information' tool in WinXP, click on 'software environment' and then on 'startup programs'.

You may have better luck running an antispyware program like AdAware. Hijack this is also great for listing startup programs.

Boo!
Back to top
Profile PM Website
Me!
19
Years of Service
User Offline
Joined: 26th Jul 2005
Location:
Posted: 22nd Mar 2006 22:11
Link
before you get too excited, have you done a full system scan with a fully updated definitions file?, it`s no good just getting the virus when it pops up, you need a full scan to find where it`s hidden, since AVG uses the standard virus definitions files then it should be able to find it, other than that, you did turn off system restore before killing it?, I have had XP put back stuff I deleted before, might be worth a try, froom what i can find it`s some sort of trojan, these sites might help (I have a V good search engine...slow but good), some of the advice in the first link may help, the second link seems to be exactly about your problem.

http://castlecops.com/t147733-I_Need_Help_Fast_PLEASE_This_Is_An_EMERGENCY.html

http://forum.tweakxp.com/forum/Topic194048-29-1.aspx#bm194056

it seems to be a keylogger, so if you use your PC to buy things you might like to change your credit/debit card number



I don`t care what you say, theres no way the commander of a Kamakasi Squadron got promoted up through the ranks.
Back to top
Profile PM
Zeal
22
Years of Service
User Offline
Joined: 10th Oct 2002
Location: Colorado Springs, CO
Posted: 22nd Mar 2006 23:44
Link
Well I did a msconfig and sure enough there was a taskdir.exe set to load on startup. I unchecked it, and windows loaded with no trojan warning. However, how do I get rid of it (the thing re checks itself unless I specify otherwise).

Is it safe to delete the file itself? There is a taskdir.exe in my windows system32 folder.

BTW, while in the services tab, I noticed I have some remote access stuff that is checked, is there anyway to make sure that stuff is disabled?

All you need is zeal
Back to top
Profile PM Email
Zeal
22
Years of Service
User Offline
Joined: 10th Oct 2002
Location: Colorado Springs, CO
Posted: 23rd Mar 2006 23:28 Edited at: 23rd Mar 2006 23:28
Link
So check this out, AVG finally released a new update today, and it found the trojan! Not only did it find it, but I had moved the taskdir.exe to my desktop so it wouldnt auto start (was afraid to delete it), and avg was STILL able to find it on its own!

So this had to have been a new trojan, because the timing is too perfect.

Anyway, is it safe to move the taskdir.exe back to my system32 folder now? What the hell does it do anyway? Also, can anyone advise me on how to make sure remote access is completely disabled? I know I never ENABLED it, but according to msconfig there are some remote access thingies on the settings tab.

All you need is zeal
Back to top
Profile PM Email
Back to top

Login to post a reply

Server time is: 2024-11-16 18:44:57
Your offset time is: 2024-11-16 18:44:57