Jump to content


Photo

RegTask


  • This topic is locked This topic is locked
3 replies to this topic

#1 0080900

0080900

    New Member

  • Members
  • Pip
  • 4 posts

Posted 13 September 2010 - 04:32 PM

Today, on my friends Windows 7 x64 laptop, there is a trojan called RegTask that keeps popping up when my friend boots into Windows, it asks to purchase RagTask, if you close it, it minimizes it self to the system tray, fortunately enough, you can exit RegTask by right clicking the system tray icon and click "Exit"

I don't if it still runs in the background even after exiting

I've installed Malwarebytes 1.46 on his laptop, updated the malware definitions, ran a quick scan, but Malwarebytes doesn't seem to detect the trojan during the scan

So I have no scan log on this trojan to submit, nor a sample.

However, RegTask resides in C:\Program Files (x86)\RegTask

I don't if I could submit that as a sample for research

and it appears I haven't caught the infection on my system or flash drive yet, since I've scanned both with Malwarebytes

#2 0080900

0080900

    New Member

  • Members
  • Pip
  • 4 posts

Posted 13 September 2010 - 05:04 PM

Here's a screenshot I was able to take of the trojan

Posted Image

#3 Trackeditor33

Trackeditor33

    New Member

  • Members
  • Pip
  • 11 posts
  • Gender:Male
  • Location:UK

Posted 13 September 2010 - 05:33 PM

Here's a screenshot I was able to take of the trojan

Posted Image


I have looked at the website, downloaded the software in a Virtual Machine to check it and it seems like a legitimate program. I had a look in Process Explorer, it did not display a company name which is unusual but not proof that it is Malware. I looked at it further to see if it was opening any ports on my PC which it didn't appear to be doing. I couldn't find any suspicious activity with it except it does set itself to run on startup of windows, kind of unusual for a registry cleaner but still you can't say from that it's Malware. I found the un-installer on the start menu and un-installed it. If I do get strange activity I will make further investigations. I'd be interested to know if anyone else does identify suspicious activity too.

#4 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,418 posts
  • Gender:Male

Posted 14 September 2010 - 02:05 AM

Hello

Can you post the file (installer) please ?
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users