AgentSmith
New member
I got hit with a trojan that installed itself as taskdir.exe in my system32 directory. It added itself to the HKEY_CURRENT_USER Run registry key, and once it was running, it would first connect to some systems on port 80 (probably to get instructions), then proceed to start sending out spam on port 25 to various mail servers.
Spybot, Avast!, and BitDefender all failed to detect taskdir.exe, although Spybot did detect the zlbw.dll, which taskdir.exe created (and re-created after attempted removal). There were also files called parad.raw.exe and taskdir.dll, but I already purged those from my system. I do still have access to taskdir.exe and zlbw.dll, however, if you want me to submit them.
I don't have logs for TaskDir, but it looks like someone who posted logs here had that trojan as well: http://forums.spybot.info/showthread.php?t=2853
Unlike that user, my system was still usable for the most part, but Windows Update would not work and moving my mouse over a folder in my Internet Explorer Favorites list would cause IE to crash. This stopped once I deactivated taskdir.exe.
Spybot, Avast!, and BitDefender all failed to detect taskdir.exe, although Spybot did detect the zlbw.dll, which taskdir.exe created (and re-created after attempted removal). There were also files called parad.raw.exe and taskdir.dll, but I already purged those from my system. I do still have access to taskdir.exe and zlbw.dll, however, if you want me to submit them.
I don't have logs for TaskDir, but it looks like someone who posted logs here had that trojan as well: http://forums.spybot.info/showthread.php?t=2853
Unlike that user, my system was still usable for the most part, but Windows Update would not work and moving my mouse over a folder in my Internet Explorer Favorites list would cause IE to crash. This stopped once I deactivated taskdir.exe.
