Virus detected by security task manager
Solvedbazfile Posted messages 58487 Registration date Status Moderator Last intervention -
Hello,
The Security Task Manager found a program during a scan called
"process ID 13936" (the number may change)
The description is <unknown program is listening or sending>
I can't get more details because it is noted that <Analysis requires administrative rights>
I can't find any trace of it by searching the computer...
Could one of you give me your opinion on this "program"?
Thank you in advance!
6 answers
-
Hello
Well, you're not out of the woods yet; you're going to have to learn all about how an operating system works:
https://www.malekal.com/pid-process-identifier-identifiant-processus/
"Security Task Manager" is a tool that shows everything going on in a PC, even what's normal.
It's up to you to differentiate between a virus and all the normal processes and applications.
If you're not looking to thoroughly learn how computers work, this isn't an antivirus for the average person, and you can break your PC with one mistake.
Windows has a system called "Security" and also "Defender" that is already integrated and works if you don't install another antivirus on the PC.
-
Hello,
Thank you for your reply but... it's precisely because I'm not a "pro" and that in my case I can't tell the difference between a virus and a normal process that I'm posting here.
I just find the description <unknown program is listening or sending> unsettling and I would really like the opinion of a "pro"...
Additionally, I don't know if it's important, but it is noted "proccess" with 2 "c's" and not "process" as in the article you sent me.
-
-
Hello @pilek StatusMember.
Download FRST.
Once downloaded save FRST to the desktop then right-click on FRST and choose Run as administrator which gives you this:
Wait for the message the tool is ready to operate to appear then click on Scan
Warning, wait for the messages saying that the scan is complete to appear.
At the end of the scan, the two reports FRST and Addition will be on the desktop.
Send the FRST and ADDITION reports to cjoint.com or to pixeldrain.com.
Then attach the two links generated by cjoint.com or pixeldrain.com in your message.
bazfile
Moderator/Security Contributor.
A greeting, a response, a thank you are always appreciated. -
Hello,
Thank you very much for your response.
Here are the two links:
-
@pilek StatusMember.
There's no infection on your PC, trust Kaspersky rather than security task manager which warns about everything and nothing.
There are only a few orphan processes, if you want to delete them, follow these steps.
Procedure to follow in the order indicated:
1- Open FRST as an administrator, to do this, right-click on FRST and choose run as administrator
2 - Copy the entire script found in the box below:Start:: CreateRestorePoint: CloseProcesses: Task: {13385F50-34DA-4A14-A59F-B610CEED87AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No file) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No file) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No file) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction CustomCLSID: HKU\S-1-5-21-2829115726-787782929-2449829368-1001_Classes\CLSID\{52146D8E-DB34-4318-BD40-D061EE9C05C5}\localserver32 -> "NAVER.WIN32_LINEwin8_8ptj331gd3tyt!LINE" -ToastActivated => No file ContextMenuHandlers1: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file ContextMenuHandlers4: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file ContextMenuHandlers5: [PDF24] -> {F78FD16B-3DA7-4935-82E9-B82D9C1ED0AE}} => -> No file FirewallRules: [{40C6172E-18DE-41A7-AD70-9D79361FCA3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No file FirewallRules: [{70247488-8CA4-42CC-A61D-33DBF8C95D79}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No file End::3- Once the script is copied, click on Fix, FRST automatically takes the script from the clipboard.
Let the fix proceed, once complete you will be asked to restart your PC, do it as soon as prompted, see below.Then, once your computer has restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ or https://pixeldrain.com/
Then provide the generated link from https://www.cjoint.com/ or https://pixeldrain.com/ in your response.
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated. -
Thanks again, Bazfile.
I used the security task manager following several small events... the appearance of several windows that open and close very quickly when starting my PC, some web pages that, at first, do not display due to "connection issues" and then immediately after they display (my internet connection is fine)...
I was worried about the scan result.

For two reasons, first the term "unknown program listening or sending" which is quite worrying.
And the fact that it is displayed as proccess with 2 "c's". I'm sending you a screenshot of the task manager where this appears...
I carried out the repair you suggested, here is the link:
https://www.cjoint.com/c/ODhl2FFSV40
Thank you in advance.
-
There is no infection on your PC, forget about Security Task Manager, that thing doesn't serve much purpose other than scaring people for no reason, you have Kaspersky, it is certainly more relevant so trust it.
The fixlog is OK.
Uninstall FRST, rename the FRST file you downloaded, rename it to uninstall, then once the file is renamed, open it, the uninstallation will proceed automatically via a restart of the PC.
-
-














