Virus detected by security task manager

Solved
pilek Posted messages 6 Status Member -  
bazfile Posted messages 58487 Registration date   Status Moderator Last intervention   -

Hello,

The Security Task Manager found a program during a scan called

"process ID 13936" (the number may change)

The description is <unknown program is listening or sending>

I can't get more details because it is noted that <Analysis requires administrative rights>

I can't find any trace of it by searching the computer...

Could one of you give me your opinion on this "program"?

Thank you in advance!


6 answers

  1. .eric Posted messages 1386 Registration date   Status Member Last intervention   86
     

    Hello

    Well, you're not out of the woods yet; you're going to have to learn all about how an operating system works:

    https://www.malekal.com/pid-process-identifier-identifiant-processus/

    "Security Task Manager" is a tool that shows everything going on in a PC, even what's normal.

    It's up to you to differentiate between a virus and all the normal processes and applications.

    If you're not looking to thoroughly learn how computers work, this isn't an antivirus for the average person, and you can break your PC with one mistake.

    Windows has a system called "Security" and also "Defender" that is already integrated and works if you don't install another antivirus on the PC.

    0
    1. pilek Posted messages 6 Status Member
       

      Hello,

      Thank you for your reply but... it's precisely because I'm not a "pro" and that in my case I can't tell the difference between a virus and a normal process that I'm posting here.

      I just find the description <unknown program is listening or sending> unsettling and I would really like the opinion of a "pro"...

      Additionally, I don't know if it's important, but it is noted "proccess" with 2 "c's" and not "process" as in the article you sent me.

      0
  2. bazfile Posted messages 58487 Registration date   Status Moderator Last intervention   20 266
     

    Hello @pilek StatusMember.

    Download FRST.

    Once downloaded save FRST to the desktop then right-click on FRST and choose Run as administrator which gives you this:

    Wait for the message the tool is ready to operate to appear then click on Scan


    Warning, wait for the messages saying that the scan is complete to appear.

    At the end of the scan, the two reports FRST and Addition will be on the desktop.

    Send the FRST and ADDITION reports to cjoint.com or to pixeldrain.com.

    Then attach the two links generated by cjoint.com or pixeldrain.com in your message.


    bazfile
    Moderator/Security Contributor.
    A greeting, a response, a thank you are always appreciated.

    0
  3. bazfile Posted messages 58487 Registration date   Status Moderator Last intervention   20 266
     

    @pilek StatusMember.

    There's no infection on your PC, trust Kaspersky rather than security task manager which warns about everything and nothing.

    There are only a few orphan processes, if you want to delete them, follow these steps.

    Procedure to follow in the order indicated:

    1- Open FRST as an administrator, to do this, right-click on FRST and choose run as administrator
    2 - Copy the entire script found in the box below:

    Start:: CreateRestorePoint: CloseProcesses: Task: {13385F50-34DA-4A14-A59F-B610CEED87AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No file) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No file) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No file) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction CustomCLSID: HKU\S-1-5-21-2829115726-787782929-2449829368-1001_Classes\CLSID\{52146D8E-DB34-4318-BD40-D061EE9C05C5}\localserver32 -> "NAVER.WIN32_LINEwin8_8ptj331gd3tyt!LINE" -ToastActivated => No file ContextMenuHandlers1: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file ContextMenuHandlers4: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file ContextMenuHandlers5: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file FirewallRules: [{40C6172E-18DE-41A7-AD70-9D79361FCA3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No file FirewallRules: [{70247488-8CA4-42CC-A61D-33DBF8C95D79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No file End::

    3- Once the script is copied, click on Fix, FRST automatically takes the script from the clipboard.


    Let the fix proceed, once complete you will be asked to restart your PC, do it as soon as prompted, see below.

    Then, once your computer has restarted:
    4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ or https://pixeldrain.com/

    Then provide the generated link from https://www.cjoint.com/ or https://pixeldrain.com/ in your response.


    bazfile
    Moderator/Security Contributor.
    A hello, a response, a thank you are always appreciated.

    0
  4. pilek Posted messages 6 Status Member
     

    Thanks again, Bazfile.

    I used the security task manager following several small events... the appearance of several windows that open and close very quickly when starting my PC, some web pages that, at first, do not display due to "connection issues" and then immediately after they display (my internet connection is fine)...

    I was worried about the scan result.

    For two reasons, first the term "unknown program listening or sending" which is quite worrying.

    And the fact that it is displayed as proccess with 2 "c's". I'm sending you a screenshot of the task manager where this appears...

    I carried out the repair you suggested, here is the link:

    https://www.cjoint.com/c/ODhl2FFSV40

    Thank you in advance.

    0
    1. bazfile Posted messages 58487 Registration date   Status Moderator Last intervention   20 266
       

      There is no infection on your PC, forget about Security Task Manager, that thing doesn't serve much purpose other than scaring people for no reason, you have Kaspersky, it is certainly more relevant so trust it.

      The fixlog is OK.


      Uninstall FRST, rename the FRST file you downloaded, rename it to uninstall, then once the file is renamed, open it, the uninstallation will proceed automatically via a restart of the PC.

      1
  5. pilek Posted messages 6 Status Member
     

    Thank you very much!

    Have a great day

    0
    1. bazfile Posted messages 58487 Registration date   Status Moderator Last intervention   20 266
       

      Have a good day as well.

      0