Mystery tasks re-spawns when killed

I have been supporting desktops since MS/DOS 3.3 and networks since NetWare 2.11, but I have never seen this.

Windows XP SP2 on a generic PC. Obviously infected with a trojan. Comodo removed threats that even AntiMalwareBytes didn’t find. Moreover, System Restore was not funcional; i.e., attempts to create a checkpoint met with a failure message and efforts to restore failed unceremoniously (no message, no nothing). Comodo fixed this, too, so I was happy.

But now, System Restore is broken again, IE 7.0 spawns new tabs ad infinitum (I can kill this with Task Manager, though), and there is a mystery task that can be killed, but re-appears spontaneously. TM shows it as ‘f41748679’. Google has nothing to offer.

Something weird is definitely going on. If I log out, the hard disk is still real busy, even when the system is parked at the ‘Choose your username’ screen, when the drive should be idle. Last night, IE opened up at this point (no one logged in). I’ve never seen that before!

Anyway, I can’t even get it to re-install Winders, so I put SLED 10 on the free space. The Winders partition is still there and I can access the files, but I’m real stumped on how to fix this.

Defense+ has the active process list where you can kill and terminate a process, and that should work. If I understand correctly, you are doing these things from task manager?

Also, I would disable system restore (delete all backups) until you know the systems is completely clean. I don’t like system restore. I would recommend an image software like Macrium free or Drive Backup Express - has saved me a couple of times where I just didn’t want to try and “fix” a program.

Hello there,

  1. Back-up all your files and folders using a back-up program, for example Comodo Back-up

  2. Download following programs and install them

[u]Superantispyware
Direct downloadlink from publisher
External downloadlink
External downloadlink 2

Malwarebytes Antimalware
Direct downloadlink from publisher
External downloadlink
External downloadlink 2

Bitdefender Free (32bit only!)
Direct downloadlink from publisher
External downloadlink
External downloadlink 2

  1. Check for definition Updates (Important!).

http://i39.tinypic.com/2cfqqs6.png

http://i39.tinypic.com/zix5b7.png

http://i42.tinypic.com/8yt5w0.png

  1. Allow each program to scan. Scan one at a time.

http://i43.tinypic.com/20hxd9j.png

http://i40.tinypic.com/2yzhced.png

http://i40.tinypic.com/2q8x17m.png

  1. Let the programs clean the infections.

http://i39.tinypic.com/2wdc278.png

http://i42.tinypic.com/jua2dl.png

  1. Reboot into normal mode and see if you find any remains of the virus

  2. Download and install Hijackthis. Afterwards, do a system scan and safe a log file. A text file will open in notepad, safe this one and later upload it together with your post.
    DO NOT FIX ANYTHING YET !!!

http://i40.tinypic.com/2nbblon.png

  1. post back and please include :
  • The hijackthis log
  • the name of the malware the programs said

Xan

try this
add the program ‘f41748679’ to to your blocked files, and than kill it

Stuff regenerating after ending the process sounds more like Vundo that most other things.
It’s not easy to get out. You may also have TDSS on there and that’s a rootkit/virus thing that doesn’t clean out completely. Best thing to do is back it up and format. I’ve had this issue on other computers and I’ve had better luck and less time wasting formatting the machine.