Hi, a newbie
defense + reported a change made to a registry key, details are:
C:\Windows\System32\taskhost.exe
HKUS\S-1-5-21-1004336348-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe
i went into the registry to look at this exe in more detail, its not there…
in fact i cant find internat.exe anywhere on my machine
any ideas?
thanks
Torchy
What Operating System Do Youy Currently Have?
Hi Jacob
windows 7 pro sp1
Torchy
internat.exe is typically for Windows XP not Windows Vista/7;
Could you export your Defense+ Logs and upload them on your next reply
(CIS > Defense+ > Defense+ Events > More > File > Export
Kind Regards
Hi Jacob
logfile attached
there are now 2 instances of this
1st on 30th April at 8.11
2nd on 1st May at 7.49
thanks
[attachment deleted by admin]
I checked on my Win 7 SP1 and find no internat.exe. Can you search your hard drive for that file and submit it to Virus Total and Comodo Instant Malware Analysis and leave the url’s of the reports here?
Hi EricJH
internat.exe isn’t on my pc, i’ve searched the whole hard drive using multiple search criteria and looked in hidden files, zip folders and anywhere else on the drive…its not there
because its run via taskhost.exe i checked out task scheduler in detail and it seems to be something related to realplayer, in task scheduler there is a rule there but its shown as disabled and never run, except of course comodo tells me it is running and modifying that key in the registry…
anyway i’ve deleted the rule to see if that has any effect
i’m mystified, but will keep digging
thanks for your help guys