mmtask.exe replicates?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aussiejan

Thread Starter
Joined
Sep 17, 2003
Messages
16
Hi, my first time.. yes Im a virgin so be gentle please.
I work part time helping ppl with their computers and today I went to a client who had a real mess going on. I downloaded AVG and spybot and put them to work and removed some useless programs they had. AVG found 3 viruses and a trojan and was pretty good at healing them (cept nmida but we got rid of that) and spybot found hundreds of problems but fixed most of them. One thing it couldnt fix was a problem with MUSICMATCH Jukebox, this was also where the trojan dialler was (which AVG appeared to have fixed).
Anyway after some discussion we decided to uninstall MUSICMATCH. (I explained that when I had finished all this I would install a reg-cleaning application to make sure the registry was spic and span after all these changes we had made too, but I havent got to it yet). Anyways...I did this in the usual way thru Control Panel and Add and Remove but even tho it went thru the motions and appeared to work it didnt uninstall. So then I went to Program Files and found the uninstall app within the MUSICMATCH dir but that didnt work either. So then I went and found all of the dependent files and proceeded to delete manually. All went well til the last 3 files which gave me 'access denied' messages. Ok so I dumped each of the 3 files onto the desktop then finished deleting the empty directories. I then opened spybot and tried to use shredder to delete these files. Impossible. I could drag the files into shredder and get rid of them but just by 'click and hold'-ing them some sort of code was being executed and the files were replicated, the names were changed randomly, and random file extensions were created. Of course right clicking and investigating the properties and original version info for each file indicates they are indeed the original lil blighters Ive been chucking in the bin.The original file names were
mmtask.exe
m????70.*
and mc???70.*
My wildcards btw - sorry but I was a bit stunned and forgot to take any notice of the last 2

Now I am certainly no Einstein and I'm just a little home operator so I have never come across anything like this before so I was a little perturbed to say the least.
As this is on a clients machine and I charge for my time I cant really use Hijack This to help me give u the info to help me nor can I use the forums tomorrow when I go back to try and fix it. After doing some research here and there I have worked out that yes this is a result of some backdoor trojan, my problem is I cant seem to find any fixes for a trojan that I am unsure of the name of and AVG says it has fixed it anyway. I ran AVG again before I left btw and the errant files were still sitting on the desktop. AVG asserts there is no problem!None of my reading has managed to turn up any thing like the replicating thing either. So I'm now willing to admit defeat and beg for help:)
Please.
BTW The machine is running XP home is a genuine Intel 2.4Ghz with 256 Mb Ram with all the latest updates installed.

Sorry for the epic post but I'm stuck :):):)
 
Joined
Sep 27, 2002
Messages
867
Did you disable System Restore?

Also try from safe mode.


From Sysmantec:
1. Disabling System Restore (Windows ME/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or the following article:

How to turn off or turn on Windows XP System Restore
How to start Windows XP in Safe mode
 

aussiejan

Thread Starter
Joined
Sep 17, 2003
Messages
16
Thank you Brindle.. I will try that tomorrow.. I did not go to the registry earlier today as I didnt know which string may have been added.
Fingers crossed and thanx again. Will let u know
 

aussiejan

Thread Starter
Joined
Sep 17, 2003
Messages
16
hey Brindle sorry it took sop long to get back to u but my friend and I had problems getting our timing right :).. Anyway I changed the registry settings and that was ok, still couldnt get rid of it but this time when I ended the processes it worked.. So THANKYOU sooooo much. We now have a whole lot of other problems ..lol dont worry I wont lumber u with them.. other fora to visit :).. Thanx again.. I owe u a beer
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top