is there ANY reason why taskmgr.exe would need to access the inter

Discussion in 'Windows Vista Administration' started by Rej, Jun 27, 2007.

  1. Rej

    Rej Guest

    After doing a boot-up scan of my pc for virii (Viruses) -- a maintenance
    process I do every 3-6 months, I wound up waking up and seeing a zoneAlarm
    popup telling me that TaskMgr.exe is trying to access the internet!?

    That's the very first time I ever see that program asking for an access
    (been using it at boot up for ages on XP and started using it on Vista for
    the last few weeks at boot up as well).

    now I denied it since I see no reason as to why it would need to, but if it
    DOES need access, is there a MS website with their own program expected
    behavior?? It's getting annoying to have to do research on many new MS
    programs on the internet when they try to access the internet, but it's worst
    when there's nothing about it on the internet at all :/

    thx in advance
    Regards
     
    Rej, Jun 27, 2007
    #1
    1. Advertisements

  2. Rej

    Mac Guest

    Not that I can think of...

    viruses...malware, spyware...
     
    Mac, Jun 27, 2007
    #2
    1. Advertisements

  3. On Wed, 27 Jun 2007 09:18:01 -0700, Rej
    First thing to check is whether this file called TaskMgr.exe is what
    you think it is, i.e. the Task Manager built into Windows, and not
    something else (malware?) that uses the same name.

    Can be:
    - the file you think it is
    - the file you think it is, generically infected
    - the file you think it is, with code injected into its process
    - a malware ADS attached to the file you think it is
    - same file name, different directory
    - not quite the same filename

    3rd-party firewalls that monitor outgoing traffic will generally check
    not just the file name and path, but also a checksum to detect if the
    inside of the code file has changed. Even that can miss code
    injection in RAM and ADS attached to the file.

    Doing an informal "full system scan" (as a replacement for
    always-updated resident av) every now and then is like leaving your
    house unlocked, then roaming around with a torch every now and then to
    see if there are any burglars at work.

    If malware is missed when it first tries to run on the system, it can
    entrench itself so that it will be far harder to remove, or even
    detect. If can disable or subvert your av, or just hide from it.

    So if you really think you've missed something that's gone resident,
    the best (but not the easiest) thing to do is scan formally, i.e.
    making sure that no code from the suspect system gets to run before
    your scanner - and that very definitely includes the OS.


    Running Windows-based av to kill active malware is like striking
    a match to see if what you are standing in is water or petrol.
     
    cquirke (MVP Windows shell/user), Jun 28, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.