Manually deleting taskcntr.exe

This day I turned my firewall off because it was leeching CPU power, only when the computer was offline of course! But then I forgot to turn it on again before I reconnected. After a few minutes I turned it on as quickly as I possibly could, and checked the task manager for the harvest. (Yes! I was using Windows XP!)

One malware process was slightly more annoying than the other. Killing it was no can do, since it re-appeared. It was called syscntr.exe. I searched the HD for that file but didn't find it. SO I decided to have a look at the services. So I started the prompt, and did sc query. And bingo, there it was! remon, that sounded suspicious... So I searched for remon.sys, when it popped up I did sc stop remon, and quickly deleted remon.sys. Then it was no match to kill taskcntr.exe as well! At that point I realized that taskcntr.exe had stopped flashing as it was doing before. The remon service probably kept taskcntr alive, or killed it and restarted it, therefor the flashing.

Mission accomplished! This was my first malware attack for a few years. I've now learnt my lesson, and I won't turn off my firewall again!