Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is there a program or trick to delete a Task (LOCAL) after a virus?

28 Aug 2017   #1
Tactics

Windows 10 64-bit
 
 
Is there a program or trick to delete a Task (LOCAL) after a virus?

Yesterday caught a virus (and I been a tech for 20 years go me! ) bug dummy. 1 rootkit and ton of malware. I got rid of all it using Malwarebytes. One of these culprits got in to Task Scheduler. See screen shot of task. Ya can't remove anything in here either.

a6dbec317bc812b9d9317 is the name and last time ran 8/27 hasn't ran since. I've deleted all startup programs in msconfig still can't remove it.

I've found 1 registry key with that name a6dbec317bc812b9d9317 it was in Windows Defender Paths folder I deleted it. This fake task is still there. I have MSE on my PC all updated, all windows updates runs perfect but instead of doing a sys restore I wanted to see if anyone knows of anything I have not tried? I also ran Combofix - found nothing. I'm about to install a program called Autoruns to see if I can manually delete it that way. Also have CCleaner that didn't find anything useful either all clean.

Windows 7 64bit

Thanks!




Attached Thumbnails
Is there a program or trick to delete a Task (LOCAL) after a virus?-untitled.jpg  
My System SpecsSystem Spec
.
28 Aug 2017   #2
Tactics

Windows 10 64-bit
 
 

PS also tried this from a CMD prompt to no avail:


schtasks /delete /tn 'nameoftask'
My System SpecsSystem Spec
28 Aug 2017   #3
samuria

win 8 32 bit
 
 

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
My System SpecsSystem Spec
.

28 Aug 2017   #4
Tactics

Windows 10 64-bit
 
 

I deleted these 2 keys and exported them first to no avail.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

Also deleted contents of Task folder in C:\windows and system32
My System SpecsSystem Spec
28 Aug 2017   #5
Tactics

Windows 10 64-bit
 
 

Quote   Quote: Originally Posted by samuria View Post
Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
I had to attach it its 76,000 characters only allowed 25,000 from the prompt I just got.


Attached Files
File Type: txt FRST.txt (74.7 KB, 3 views)
My System SpecsSystem Spec
28 Aug 2017   #6
samuria

win 8 32 bit
 
 

Can you please pos the second file additions.txt

find
HKLM\...\Policies\Explorer\Run: [al] => C:\Users\Tactics\AppData\Local\Temp\19884252.exe

delete it
My System SpecsSystem Spec
28 Aug 2017   #7
Tactics

Windows 10 64-bit
 
 

Quote   Quote: Originally Posted by samuria View Post
Can you please pos the second file additions.txt

find
HKLM\...\Policies\Explorer\Run: [al] => C:\Users\Tactics\AppData\Local\Temp\19884252.exe

delete it
That file was not there I might have deleted it at some point or Combofix did i'm sure its delets files out of 3 folders and that is one and I uninstalled Combox fit and I didn't know it totally deletes all restore points. My latest back up is from last month if all else fails.


Attached Files
File Type: txt Addition.txt (55.5 KB, 3 views)
My System SpecsSystem Spec
28 Aug 2017   #8
Tactics

Windows 10 64-bit
 
 

Low and behold its gone. Not sure how maybe deleting Combofix - no idea. I'm gonna reboot and see if it comes back.


Attached Thumbnails
Is there a program or trick to delete a Task (LOCAL) after a virus?-untitled.jpg  
My System SpecsSystem Spec
29 Aug 2017   #9
samuria

win 8 32 bit
 
 

That file running from temp may have been the problem holding onto the task but if you look at report task scheduler is having problems. You have 8,000 firewall rules that will slow the network down I would remove them all
My System SpecsSystem Spec
29 Aug 2017   #10
Tactics

Windows 10 64-bit
 
 

Quote   Quote: Originally Posted by samuria View Post
That file running from temp may have been the problem holding onto the task but if you look at report task scheduler is having problems. You have 8,000 firewall rules that will slow the network down I would remove them all
Thats weird I have no idea how the rules were created. Where do I delete these 8000 entries? I went here and only see inbound/outbound. See screenshot.

Thanks!

Also I assume Task Scheduler will rebuild some of those tasks I had running before. I didn't have many all I care about is SR and defrag.


Attached Thumbnails
Is there a program or trick to delete a Task (LOCAL) after a virus?-untitled.jpg  
My System SpecsSystem Spec
Reply

 Is there a program or trick to delete a Task (LOCAL) after a virus?




Thread Tools




Similar help and support threads
Thread Forum
local folder cannot open cannot delete
Hi all! So i know, back on my old win installation, there used to be a folder i couldnt access and couldnt delete or anything. Now, for other reasons, i reinstalled windows with a remaining windows.old folder. Everything from there can be deleted (which i already did) except this very...
General Discussion
How to delete a program from Task manager services...
Hello... How to delete "avast! Antivirus" from task manager... My problem is that this program in the task manager was left over from a hard drive that died... All the files are gone except for the part of the program left in the task manager I have turned the services off but want to get rid...
Performance & Maintenance
Delete Local Disk
Hello All , I downloaded a file called reactor ( it make a Local Host webpage ) then i found on my computer ( Win 7 32 bit ) a new Local Disk here is a photo : http://imageshack.us/photo/my-images/252/sevenforums.pnghttp://imageshack.us/a/img252/2259/sevenforums.png and i think it take...
Hardware & Devices
how do I delete a Local Port
How do I delete a port? I created a port in the `Add a Printer` > `Add a Local Printer`. Since my printer is USB, I did not use an existing LPT port nor an existing COM port. I created a `Local Port` and called it `printerPort`. I did this because I am trying to install a USB printer and...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:42.
Twitter Facebook Google+