mstask32.exe - Dangerous
mstask32.exe
Manual removal instructions:
Antivirus Report of mstask32.exe:
mstask32.exe
PWSteal.Bamer.A steals passwords when you visit Web sites the belong to certain banks.
One indication of possible infections is the display of the message:
Invalid Operation at 0000:FF15
Creates the following files:
%System%\Azip32.dll: A legitimate .dll file.
%System%\Mfc91.dll: Detected as Keylogger.Trojan.
%System%\Mstask32.exe: Detected as PWSteal.Bamer.A.
%System%\Ole32a.dll: Detected as Keylogger.Trojan.
%System%\Regxp.reg.
Adds the value: "RunOnce"="%system%\mstask32.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Monitors for any Internet Explorer windows.
It logs the keystrokes to %Temp%\Recado.txt, if it finds any Internet Explorer containing any of the predefined URLs.
Emails the file, Recado.txt, to a server in Brazil, using the password stealer's built-in SMTP engine.
Please, remove it with RegRun Startup Optimizer.
| mstask32.exe | Malware |
| mstask32.exe | Dangerous |
| mstask32.exe | High Risk |
One indication of possible infections is the display of the message:
Invalid Operation at 0000:FF15
Creates the following files:
%System%\Azip32.dll: A legitimate .dll file.
%System%\Mfc91.dll: Detected as Keylogger.Trojan.
%System%\Mstask32.exe: Detected as PWSteal.Bamer.A.
%System%\Ole32a.dll: Detected as Keylogger.Trojan.
%System%\Regxp.reg.
Adds the value: "RunOnce"="%system%\mstask32.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Monitors for any Internet Explorer windows.
It logs the keystrokes to %Temp%\Recado.txt, if it finds any Internet Explorer containing any of the predefined URLs.
Emails the file, Recado.txt, to a server in Brazil, using the password stealer's built-in SMTP engine.
Please, remove it with RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.