I am running Microsoft Windows XP SP3. I ran scanned my computer using MBAM. The first time it found two trojans. Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
11/10/2009 7:15:12 PM
mbam-log-2009-11-10 (19-15-12).txt
Scan type: Full Scan (C:\|)
Objects scanned: 167715
Time elapsed: 20 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I aksed MBAM to remove both of them. I then logged of and restarted my computer. On scanning with MBAM again, TASKMAN was still left on my computer. I asked MBAM to remove it, shut off and restarted my computer and rescanned it, but with the same result. I did this many times but taskman was not removed. Here is the last log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
11/10/2009 9:04:20 PM
mbam-log-2009-11-10 (21-04-20).txt
Scan type: Quick Scan
Objects scanned: 108764
Time elapsed: 2 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Kindly advise on how to remove the trojan.
Moyus
Files Infected:
(No malicious items detected)
Full Version: Can't Remove Taskman Infection
Hi moyus and welcome to the MBAM forums 
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
QUOTE (Fatdcuk @ Nov 11 2009, 09:08 AM) 
Hi moyus and welcome to the MBAM forums
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
Hi Fatdcuk,
Thanks so much for your reply. I have run the file you sent and I attach the result with this reply. Thanks in advance.
Moyus
QUOTE (Fatdcuk @ Nov 11 2009, 09:08 AM)
Hi moyus and welcome to the MBAM forums
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
I will PM you a capture script,unzip it and double click the attached file.
There will be a file called export.reg placed on your desktop.Please zip and attach it to your next post.
Thanks in advance
Hi Fatdcuk,
Thanks so much for your reply. I have run the file you sent and I attach the result with this reply. Thanks in advance.
Moyus
Hi ya,
I have just noticed your scan log indicates you are using Database 2775,
We are now at Database 3154,
Please update to the most current database(Update tab) and then rerun quick scan.
Please post back the log generated from that scan.
Thanks in advance
I have just noticed your scan log indicates you are using Database 2775,
We are now at Database 3154,
Please update to the most current database(Update tab) and then rerun quick scan.
Please post back the log generated from that scan.
Thanks in advance
QUOTE (Fatdcuk @ Nov 12 2009, 09:16 AM)
Hi ya,
I have just noticed your scan log indicates you are using Database 2775,
We are now at Database 3154,
Please update to the most current database(Update tab) and then rerun quick scan.
Please post back the log generated from that scan.
Thanks in advance
I have just noticed your scan log indicates you are using Database 2775,
We are now at Database 3154,
Please update to the most current database(Update tab) and then rerun quick scan.
Please post back the log generated from that scan.
Thanks in advance
Hi,
I tried to update my Malwarebytes, but it gave me an error. So I uninstalled it and downloaded Malwarebytes afres and intalled it. It is now Database 3155. I ran a quick scan and the log file is posted below:
Malwarebytes' Anti-Malware 1.41
Database version: 3155
Windows 5.1.2600 Service Pack 3
11/12/2009 2:04:50 PM
mbam-log-2009-11-12 (14-04-50).txt
Scan type: Quick Scan
Objects scanned: 124251
Time elapsed: 5 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RECYCLER\S-1-5-21-6475860270-6297657360-095114685-5501\nissan.exe (Worm.Autorun.
-> Quarantined and deleted successfully.It found a different malware - autorun.B. I then deleted and Malware reports that it was deleted successfully. I haven't checked yet to see if it will find it again if I shut down and restart my computer. Thanks in advance for your help.
Moyus
Hi,
Always a good idea to reboot as the MBAM prompt suggests,this allows MBAM to complete the removal of some of the deeper entrenched malwares
It looks like MBAM current database has found your autorun worm but just to make sure rerun MBAM quick scan and allow it to delete what it finds then immediately reboot.
Rerun MBAM quickscan just to confirm that it is no longer being detected.
Thanks in advance!
Always a good idea to reboot as the MBAM prompt suggests,this allows MBAM to complete the removal of some of the deeper entrenched malwares
It looks like MBAM current database has found your autorun worm but just to make sure rerun MBAM quick scan and allow it to delete what it finds then immediately reboot.
Rerun MBAM quickscan just to confirm that it is no longer being detected.
Thanks in advance!
QUOTE (Fatdcuk @ Nov 12 2009, 02:28 PM)
Hi,
Always a good idea to reboot as the MBAM prompt suggests,this allows MBAM to complete the removal of some of the deeper entrenched malwares
It looks like MBAM current database has found your autorun worm but just to make sure rerun MBAM quick scan and allow it to delete what it finds then immediately reboot.
Rerun MBAM quickscan just to confirm that it is no longer being detected.
Thanks in advance!
Always a good idea to reboot as the MBAM prompt suggests,this allows MBAM to complete the removal of some of the deeper entrenched malwares
It looks like MBAM current database has found your autorun worm but just to make sure rerun MBAM quick scan and allow it to delete what it finds then immediately reboot.
Rerun MBAM quickscan just to confirm that it is no longer being detected.
Thanks in advance!
Hi Fatdcuk,
I ran MBAM on logging in after a day off the net. It did not detect any malicious items. Thank you so very much for your help.
Best Regards,
Moyus
Another one bites the dust 
Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.
Safe surfing
Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.
Safe surfing
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.