1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

mmtask.exe replicates?

Discussion in 'Virus & Other Malware Removal' started by aussiejan, Sep 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. aussiejan

    aussiejan Thread Starter

    Joined:
    Sep 17, 2003
    Messages:
    16
    Hi, my first time.. yes Im a virgin so be gentle please.
    I work part time helping ppl with their computers and today I went to a client who had a real mess going on. I downloaded AVG and spybot and put them to work and removed some useless programs they had. AVG found 3 viruses and a trojan and was pretty good at healing them (cept nmida but we got rid of that) and spybot found hundreds of problems but fixed most of them. One thing it couldnt fix was a problem with MUSICMATCH Jukebox, this was also where the trojan dialler was (which AVG appeared to have fixed).
    Anyway after some discussion we decided to uninstall MUSICMATCH. (I explained that when I had finished all this I would install a reg-cleaning application to make sure the registry was spic and span after all these changes we had made too, but I havent got to it yet). Anyways...I did this in the usual way thru Control Panel and Add and Remove but even tho it went thru the motions and appeared to work it didnt uninstall. So then I went to Program Files and found the uninstall app within the MUSICMATCH dir but that didnt work either. So then I went and found all of the dependent files and proceeded to delete manually. All went well til the last 3 files which gave me 'access denied' messages. Ok so I dumped each of the 3 files onto the desktop then finished deleting the empty directories. I then opened spybot and tried to use shredder to delete these files. Impossible. I could drag the files into shredder and get rid of them but just by 'click and hold'-ing them some sort of code was being executed and the files were replicated, the names were changed randomly, and random file extensions were created. Of course right clicking and investigating the properties and original version info for each file indicates they are indeed the original lil blighters Ive been chucking in the bin.The original file names were
    mmtask.exe
    m????70.*
    and mc???70.*
    My wildcards btw - sorry but I was a bit stunned and forgot to take any notice of the last 2

    Now I am certainly no Einstein and I'm just a little home operator so I have never come across anything like this before so I was a little perturbed to say the least.
    As this is on a clients machine and I charge for my time I cant really use Hijack This to help me give u the info to help me nor can I use the forums tomorrow when I go back to try and fix it. After doing some research here and there I have worked out that yes this is a result of some backdoor trojan, my problem is I cant seem to find any fixes for a trojan that I am unsure of the name of and AVG says it has fixed it anyway. I ran AVG again before I left btw and the errant files were still sitting on the desktop. AVG asserts there is no problem!None of my reading has managed to turn up any thing like the replicating thing either. So I'm now willing to admit defeat and beg for help:)
    Please.
    BTW The machine is running XP home is a genuine Intel 2.4Ghz with 256 Mb Ram with all the latest updates installed.

    Sorry for the epic post but I'm stuck :):):)
     
  2. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    Did you disable System Restore?

    Also try from safe mode.


    From Sysmantec:
    How to start Windows XP in Safe mode
     
  3. aussiejan

    aussiejan Thread Starter

    Joined:
    Sep 17, 2003
    Messages:
    16
    yes I did both of those things.. still no luck..:(
    But thank you so much :)
     
  4. brindle

    brindle

    Joined:
    Jun 14, 2002
    Messages:
    3,520
    Aussiejan thake a look here has worked for others.
     
  5. aussiejan

    aussiejan Thread Starter

    Joined:
    Sep 17, 2003
    Messages:
    16
    Thank you Brindle.. I will try that tomorrow.. I did not go to the registry earlier today as I didnt know which string may have been added.
    Fingers crossed and thanx again. Will let u know
     
  6. brindle

    brindle

    Joined:
    Jun 14, 2002
    Messages:
    3,520
    Okay and please do post back to let us know how it went for you.
     
  7. aussiejan

    aussiejan Thread Starter

    Joined:
    Sep 17, 2003
    Messages:
    16
    hey Brindle sorry it took sop long to get back to u but my friend and I had problems getting our timing right :).. Anyway I changed the registry settings and that was ok, still couldnt get rid of it but this time when I ended the processes it worked.. So THANKYOU sooooo much. We now have a whole lot of other problems ..lol dont worry I wont lumber u with them.. other fora to visit :).. Thanx again.. I owe u a beer
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165378

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice