Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concerned about "taskhost.exe" and other misc.


  • Please log in to reply
No replies to this topic

#1 xXMechXx

xXMechXx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 07 August 2010 - 09:36 PM

System Specs (To the best of my searching abilities):
Windows 7 Home Premium 64 Bit (Asus brand)
Intel® Core™ i7 CPU at 2.67 GHz
9.00 GB ram
*I feel like I'm missing a ton of information, but I just can't recall it atm, sorry!*

Yesterday, I upgraded my Comodo Firewall with Defense+ to V 4.1.150349.920 (I don't use the anti-virus, I have Kaspersky Anti-Virus 2011 (11.0.1.400)) and started noticing a strange behavior after a while. Taskhost requested access to my keyboard and comodo alerted me, so I blocked it temporarily and did some research on it, and also asked my friend about it.

According to my research, taskhost loads dynamic libraries onto your computer and monitors system resources. Immediately, I thought that something was strange. Loading and monitoring do NOT require access to a keyboard. They might require access to your system, but definitely should not require keyboard access. I also know that some malware masquarade themselves as legit files in legit directories, making it harder to determine whether or not that particular file is corrupted.

I scanned it solo with Kaspersky but it didn't find anything. I tried MBAM, but I think it just skipped taskhost.exe entirely. I tried to upload it to VirusTotal but it woudn't show up when I browsed through the directory (I think that's kind of suspicious)

Currently, my comodo is denying it keyboard access until I can get a better picture on what is going on. Sure, malware of any kind is scary, but that kind that makes me nervous the most is keyloggers. I tried finding ways to replace the file with an authentic version but could not find one. Then I thought of re-installing Vista using my Recovery DVD then upgrading back to W7 again but I really don't want to install all my programs again.

I'd like to know what to do in my current situation, as I'm becoming really paranoid.

I also noticed that my word *2007* tried to gain shutdown privilege. Does that mean it's been compromised or something? I've only had 1 other instance in the past where my computer shut down out of nowhere, for no reason, but I shrugged it off. I'm not entirely sure if I had comodo installed at that time or not

This is all I can think of right now. If there's something else needed to formulate a better analysis, let me know!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users