Seems to be a false positive on copy of taskmgr.exe:
OS: Windows XP SP2
Browser: Firefox 3.5.5
Spybot 1.6.2.46
Last Update: 18/11/2009
In the scan result, C:\Temp\taskmgr.exe is reported as:
Smitfraud-C.: [SBI $50922C3E] Executable (File, nothing done)
\Temp\taskmgr.exe
Properties.size=135680
Properties.md5=FC160ACE21C81837692B339D230DD4BE
Properties.filedate=1092139200
Properties.filedatetext=2004-08-10 12:00:00
However, the copy of taskmgr in the "normal" location is identical, but not flagged as a problem:
PID: 2408 (2296) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: FC160ACE21C81837692B339D230DD4BE
The two copies are identical and, as far as I can see, this is the correct MD5
for the correct Microsoft taskmgr.exe version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158).
I have seen reports that Smitfraud-C uses the name "taskmgr.exe", but that seems to be the only connection - as far as I can see, this file is genuine. As to why it's in C:\Temp, I suspect that it's debris from BartPE.
Thanks,
gvm
OS: Windows XP SP2
Browser: Firefox 3.5.5
Spybot 1.6.2.46
Last Update: 18/11/2009
In the scan result, C:\Temp\taskmgr.exe is reported as:
Smitfraud-C.: [SBI $50922C3E] Executable (File, nothing done)
\Temp\taskmgr.exe
Properties.size=135680
Properties.md5=FC160ACE21C81837692B339D230DD4BE
Properties.filedate=1092139200
Properties.filedatetext=2004-08-10 12:00:00
However, the copy of taskmgr in the "normal" location is identical, but not flagged as a problem:
PID: 2408 (2296) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: FC160ACE21C81837692B339D230DD4BE
The two copies are identical and, as far as I can see, this is the correct MD5
for the correct Microsoft taskmgr.exe version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158).
I have seen reports that Smitfraud-C uses the name "taskmgr.exe", but that seems to be the only connection - as far as I can see, this file is genuine. As to why it's in C:\Temp, I suspect that it's debris from BartPE.
Thanks,
gvm