#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2010
    Posts
    1
    Rep Power
    0

    %windir%/system/taskmgr.exe -- is this malware?


    On a Windows 2000 server I find CPU usage nearly 100%. The process using most CPU is C:\WINNT\system\taskmgr.exe. This is not the Windows Task manager found in the system32 directory. I killed the process and find that the exe is started as a result of starting a service called TaskMgr. The command line associated with this service is:
    C:\WINNT\system\app2srv.exe SERVICE /SN="Taskmgr" /PM="C:\WINNT\system\taskmgr.exe"

    The description is "Windows Task Menager - Process controler" and the display name is "Task Menager" (note the misspelling). There are many other of the windows services dependent on it, so that when they are run, the "Task Menager" service launches. For instance, re-starting IIS will cause it to launch. I haven't been able to find anything very informative about it on the web, so I am wondering if anyone out there has any experience with it.
  2. #2
  3. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,749
    Rep Power
    9397
    You'd think a legitimate program would at least have it's name spelled correctly. A bit of Googling supports this.

    Blast it away. Best pay some attention to the sticky as well.
  4. #3
  5. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    And anytime you find a file with the name of a windows file and it's not in the correct directory you should be very, very suspicious.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi

IMN logo majestic logo threadwatch logo seochat tools logo