is there ANY reason why taskmgr.exe would need to access the inter

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

After doing a boot-up scan of my pc for virii (Viruses) -- a maintenance
process I do every 3-6 months, I wound up waking up and seeing a zoneAlarm
popup telling me that TaskMgr.exe is trying to access the internet!?

That's the very first time I ever see that program asking for an access
(been using it at boot up for ages on XP and started using it on Vista for
the last few weeks at boot up as well).

now I denied it since I see no reason as to why it would need to, but if it
DOES need access, is there a MS website with their own program expected
behavior?? It's getting annoying to have to do research on many new MS
programs on the internet when they try to access the internet, but it's worst
when there's nothing about it on the internet at all :/

thx in advance
Regards
 
On Wed, 27 Jun 2007 09:18:01 -0700, Rej
After doing a boot-up scan of my pc for viruses -- a maintenance
process I do every 3-6 months, I wound up waking up and seeing a zoneAlarm
popup telling me that TaskMgr.exe is trying to access the internet!?

First thing to check is whether this file called TaskMgr.exe is what
you think it is, i.e. the Task Manager built into Windows, and not
something else (malware?) that uses the same name.

Can be:
- the file you think it is
- the file you think it is, generically infected
- the file you think it is, with code injected into its process
- a malware ADS attached to the file you think it is
- same file name, different directory
- not quite the same filename

3rd-party firewalls that monitor outgoing traffic will generally check
not just the file name and path, but also a checksum to detect if the
inside of the code file has changed. Even that can miss code
injection in RAM and ADS attached to the file.

Doing an informal "full system scan" (as a replacement for
always-updated resident av) every now and then is like leaving your
house unlocked, then roaming around with a torch every now and then to
see if there are any burglars at work.

If malware is missed when it first tries to run on the system, it can
entrench itself so that it will be far harder to remove, or even
detect. If can disable or subvert your av, or just hide from it.

So if you really think you've missed something that's gone resident,
the best (but not the easiest) thing to do is scan formally, i.e.
making sure that no code from the suspect system gets to run before
your scanner - and that very definitely includes the OS.


-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
 
Back
Top