#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    1
    Rep Power
    0

    %windir%/system/taskmgr.exe -- is this malware?


    On a Windows 2000 server I find CPU usage nearly 100%. The process using most CPU is C:\WINNT\system\taskmgr.exe. This is not the Windows Task manager found in the system32 directory. I killed the process and find that the exe is started as a result of starting a service called TaskMgr. The command line associated with this service is:
    C:\WINNT\system\app2srv.exe SERVICE /SN="Taskmgr" /PM="C:\WINNT\system\taskmgr.exe"

    The description is "Windows Task Menager - Process controler" and the display name is "Task Menager" (note the misspelling). There are many other of the windows services dependent on it, so that when they are run, the "Task Menager" service launches. For instance, re-starting IIS will cause it to launch. I haven't been able to find anything very informative about it on the web, so I am wondering if anyone out there has any experience with it.
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,066
    Rep Power
    9398
    You'd think a legitimate program would at least have it's name spelled correctly. A bit of Googling supports this.

    Blast it away. Best pay some attention to the sticky as well.
  4. #3
  5. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,439
    Rep Power
    4539
    And anytime you find a file with the name of a windows file and it's not in the correct directory you should be very, very suspicious.
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester

IMN logo majestic logo threadwatch logo seochat tools logo