June 11th, 2010, 08:48 PM
%windir%/system/taskmgr.exe -- is this malware?
On a Windows 2000 server I find CPU usage nearly 100%. The process using most CPU is C:\WINNT\system\taskmgr.exe. This is not the Windows Task manager found in the system32 directory. I killed the process and find that the exe is started as a result of starting a service called TaskMgr. The command line associated with this service is:
C:\WINNT\system\app2srv.exe SERVICE /SN="Taskmgr" /PM="C:\WINNT\system\taskmgr.exe"
The description is "Windows Task Menager - Process controler" and the display name is "Task Menager" (note the misspelling). There are many other of the windows services dependent on it, so that when they are run, the "Task Menager" service launches. For instance, re-starting IIS will cause it to launch. I haven't been able to find anything very informative about it on the web, so I am wondering if anyone out there has any experience with it.
June 11th, 2010, 10:34 PM
You'd think a legitimate program would at least have it's name spelled correctly. A bit of Googling supports this.
Blast it away. Best pay some attention to the sticky as well.
June 11th, 2010, 10:47 PM
And anytime you find a file with the name of a windows file and it's not in the correct directory you should be very, very suspicious.
Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.