# Is DSite\UpdateProc\UpdateTask.exe malware?



## Aviatrexx (Mar 10, 2013)

My laptop (see Profile, or should I recap it here?) has been experiencing minor random anomalies (e.g. "Cannot access the Windows Management Instrumentation Software"). While investigating, I found a suspicious entry (run every day at 14:42 as SYSTEM/Administrators) named 'At1' in the 'Scheduled Tasks'. I doubt if it is relevant to my issues but it doesn't look right.

C:\WINDOWS\Tasks\At1.job runs %APPDATA%\DSite\UpdateProc\UpdateTask.exe (with a flag I can't read because the field is greyed out) from my admin account.

AFAICT, it's not having a serious impact on my performance but I am concerned that it is a malware vector.

An extensive Google search did not turn up many hits, but I found two on this site where it was implicated. You folks seem to bring the most expertise to these issues, so I thought I would start here.

This is my primary business platform so I am very conservative regarding registry cleaners and other such "clean-up" tools. Thanks for any suggestions you can offer.

-Chip-


----------



## Aviatrexx (Mar 10, 2013)

Apparently new users' profiles are hidden until they have made a certain number of posts. Here is my setup:

Lenovo ThinkPad W500 4062-5EU/[email protected]/3GB/[email protected]
WindowsXP-Pro/SP3

I run Ad-Aware daily and it did not flag the referenced file.

-Chip-


----------



## Aviatrexx (Mar 10, 2013)

Just saw a typo in CPU spec: should be "[email protected]".

(Maybe this will pump up my number of posts to the point everyone can see my Profile.


----------



## Cookiegal (Aug 27, 2003)

There's no need for people to see your profile to get your specs. Those are visible when clicking on the computer icon beside your user name in every post.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------

