|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
|
Topic Tools |
#1
|
|||
|
|||
Suspicious Task Scheduler entries
I went into my task scheduler to schedule my spyware to start up and there were seven tasks not scheduled by me. They all start with this string C:\Windows\system32\pcalua.exe
These are the arguments for each one. -a E:\setup.exe -d E:\ -a C:\Windows\system32\javacpl.cpl -c Java -a F:\netsetup.exe -d F:\ -a "C:\Users\(my name)\Desktop\DPInst32.EXE" -d "C:\Users\(my name)\Desktop" -a "C:\Users\(my name)\Desktop\msj2.exe" -d "C:\Users\(my name)\Desktop" -a "C:\Users\(my name)\Desktop\msj1.exe" -d "C:\Users\(my name)\Desktop" -a "C:\Users\(my name)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90F44Z3L\INTEL_NETWORK_CONNECTIO N_ID_TOOL_305[1].EXE" -d C:\Windows\system32 Where it says "my name" my own personal name appears. I run Vista Home premium 32 bit. I am not sure if these are spyware or some other malicious program. I have run Super anti spyware and Adaware. I have Norton internet security 2008 as my anti virus program. Last edited by beaverman; February 11th, 2008 at 07:45 PM. |
#2
|
|||
|
|||
The files on desktop I really cant say why they are there.
Neither the setup.exe and netsetup.exe Is these files existing in the places that are listed? but the last one im not sure of. This is supposed to be in temporary Internet files, and load in system. |
#3
|
||||
|
||||
Quote:
|
#4
|
|||
|
|||
Thanx. I did Google them and some sites said it could be a spy. Glad to hear its not. Thanx again.
|
#5
|
||||
|
||||
Yes that can happen. Malware do sometimes give their files the same names as legitimate files so you have to look at the entire filepath in context. They are all fine and you are welcome.
|
#6
|
|||
|
|||
Look at next scheduled time!!
If you read your scheduler, nothing appears under the column: "Next Run Time". "pcalua" is a procedure run by windows periodically for product registration purposes. Something suspicios occurs in your system and this process is triggered. Nothing to worry about,... unless maybe you have an illegal copy of windows.
|
#7
|
||||
|
||||
Quote:
|
#8
|
|||
|
|||
You're the expert. Guess I was fooled by the "HistoryTab" that said:
Information 109 Task triggered by registration Product: Windows Operating System ID: 109 Source: Microsoft-Windows-TaskScheduler Version: 6.0 Symbolic Name: IMMEDIATE_TRIGGER Message: Task Scheduler launched "%2" instance of task "%1" due to a registration trigger. |
#9
|
||||
|
||||
That means that the task is a registered task and has been triggered by predefined boundaries to perform an action. See Registration Trigger Example.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Sloooow Browser and Suspicious HJT Entries | Kitty of Doom | Malware Removal | 4 | November 1st, 2010 05:26 AM |
Task Scheduler - Again | Tom Brady | Windows NT, 2000, 2003, 2008, 2012 | 24 | September 16th, 2008 01:08 PM |
Please review for Suspicious entries -HJT | Riva | Malware Removal | 3 | November 3rd, 2006 03:41 AM |
Suspicious Regedit entries | Riva | Malware Removal | 3 | November 19th, 2004 05:20 AM |
Task Scheduler | garydanvers | Windows 98 | 2 | September 29th, 2003 09:12 PM |
All times are GMT +1. The time now is 09:22 PM.