+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 Thread, whats this? in Technical; Hi all, Just noticed this is the scheduled tasks on my new 2008 server.. rundll32.exe zazld.obk,vhcxpfb Runs everyday at 17:00 ...
  1. #1

    Join Date
    May 2007
    Location
    Hull, UK
    Posts
    256
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    17

    whats this?

    Hi all,

    Just noticed this is the scheduled tasks on my new 2008 server..

    rundll32.exe zazld.obk,vhcxpfb

    Runs everyday at 17:00

    Anyone seen this before? googled it but nothing comes up.

    Mike

  2. #2
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    Not seen that one before but for the sake of security, disable the task (don't delete it) and then run a full AV scan over the server.

    It doesn't look like something legitimate but with so much software in use everywhere, it's hard to tell sometimes.

    At the very least, run Malwarebytes Anti-Malware over it. Just to make sure you don't have anything nasty lurking.

    Az

  3. #3
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Isn't that an Outlook backup file type (.obk) ? Though I don't know what the switches are.

  4. #4

    Join Date
    Jun 2008
    Location
    Dawlish/Teignmouth
    Posts
    252
    Thank Post
    45
    Thanked 36 Times in 35 Posts
    Rep Power
    19
    I believe Conficker inserts scheduled tasks much like this - we ended up with similar tasks of most of our PCs when we became infected (VirusScan 8.0i which we had installed stops updating after Feb09 - nice of County to let us know...)

    I can't confirm that it's Conficker (i'd assume most malware/spyware/viruses leave something like this) but it does seem very similar.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    Check to see if your automatic update service is running....

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    I would definitely disable it. Seems very odd and I've no idea what it's for. The fact it's mostly random letters and no hits in Google, it doesn't look positive.

  7. #7

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    Blatantly a worm...

    Edit: almost certainly Conficker, too. Sorry.
    Last edited by powdarrmonkey; 9th September 2009 at 06:32 AM.

  8. #8

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,304
    Thank Post
    331
    Thanked 1,192 Times in 814 Posts
    Blog Entries
    2
    Rep Power
    1065
    Not sure if this will help but one of the searches I did while looking for info on this turned up a web page called:

    "You've been bitten by Matt's Anti-Spam harvester script"

    It is located at:

    http : // www . camerashed . co . uk / biteme . asp ? Page No = 2453

    [Address broken up so that it does not act as a click able link after posting]

    What is weird is that the page has text with the letters arranged apparently at random with a few E-Mail links scattered down the page and a link to a similar page at the bottom [see attached picture]

    Any idea what purpose this web page might serve? [I ask only for the sake of interest]

    From the title of the website it seems obvious what the function is but the site looks so chaotic I wondered if the web pages are corrupt?

  9. #9

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,151
    Thank Post
    369
    Thanked 365 Times in 323 Posts
    Rep Power
    145
    I have seen something similar to that for conficker also, although I would have expected a lot more than the one scheduled task. Have you tried to run the Microsoft removal tool?

    Download details: Windows Malicious Software Removal Tool

  10. #10

    Join Date
    Jun 2009
    Posts
    4
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Certainly looks like Conficker to me. Having had dealings with that on a few hundred machines and it's a pain in the ass.

  11. #11

    Join Date
    May 2007
    Location
    Hull, UK
    Posts
    256
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    Its most likely going to be conficker, we had a outbreak of it before i replaced the servers (no anti-virus yet...my own fault )

    I wouldnt mind but firewall is on, servers and workstations are totally patched so how the hell is it still getting infected?!

SHARE:
+ Post New Thread

Similar Threads

  1. Whats ya.........
    By IanT in forum General Chat
    Replies: 33
    Last Post: 15th September 2009, 01:26 PM
  2. Whats This
    By teejay in forum General Chat
    Replies: 28
    Last Post: 15th April 2009, 01:10 PM
  3. [Video] Whats in the box ???
    By mattx in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 6th October 2008, 11:16 AM
  4. [News] Whats in a name...
    By Gatt in forum Jokes/Interweb Things
    Replies: 5
    Last Post: 27th July 2008, 01:31 AM
  5. ICTforums.co.uk - Whats going on?
    By FN-GM in forum General Chat
    Replies: 8
    Last Post: 2nd November 2007, 01:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •