Posted 07 August 2010 - 09:36 PM
System Specs (To the best of my searching abilities):
Windows 7 Home Premium 64 Bit (Asus brand)
Intel® Core i7 CPU at 2.67 GHz
9.00 GB ram
*I feel like I'm missing a ton of information, but I just can't recall it atm, sorry!*
Yesterday, I upgraded my Comodo Firewall with Defense+ to V 4.1.150349.920 (I don't use the anti-virus, I have Kaspersky Anti-Virus 2011 (18.104.22.1680)) and started noticing a strange behavior after a while. Taskhost requested access to my keyboard and comodo alerted me, so I blocked it temporarily and did some research on it, and also asked my friend about it.
According to my research, taskhost loads dynamic libraries onto your computer and monitors system resources. Immediately, I thought that something was strange. Loading and monitoring do NOT require access to a keyboard. They might require access to your system, but definitely should not require keyboard access. I also know that some malware masquarade themselves as legit files in legit directories, making it harder to determine whether or not that particular file is corrupted.
I scanned it solo with Kaspersky but it didn't find anything. I tried MBAM, but I think it just skipped taskhost.exe entirely. I tried to upload it to VirusTotal but it woudn't show up when I browsed through the directory (I think that's kind of suspicious)
Currently, my comodo is denying it keyboard access until I can get a better picture on what is going on. Sure, malware of any kind is scary, but that kind that makes me nervous the most is keyloggers. I tried finding ways to replace the file with an authentic version but could not find one. Then I thought of re-installing Vista using my Recovery DVD then upgrading back to W7 again but I really don't want to install all my programs again.
I'd like to know what to do in my current situation, as I'm becoming really paranoid.
I also noticed that my word *2007* tried to gain shutdown privilege. Does that mean it's been compromised or something? I've only had 1 other instance in the past where my computer shut down out of nowhere, for no reason, but I shrugged it off. I'm not entirely sure if I had comodo installed at that time or not
This is all I can think of right now. If there's something else needed to formulate a better analysis, let me know!