unsolicited connection to spring.careercast.com:80 by task scheduling engine

unsolicited connection to spring.careercast.com:80 by task scheduling engine

Post by ralf9 » Tue, 30 Dec 2003 19:47:33


Hi,

my firewall software notified me today that the program "task
scheduling engine" tried to open a connection to spring.careercast.com
at port 80.

I have no tasks scheduled and do not even know what careercast.com is.

Does anyone have an explanation for this?

Thanks,
Ralf
 
 
 

unsolicited connection to spring.careercast.com:80 by task scheduling engine

Post by user_unass » Sat, 03 Jan 2004 12:07:16


XXXX@XXXXX.COM (Ralf) wrote
<snip>
</snip>

The task scheduler which comes with Windows would more than likely
show up on your firewall logs as 'mmtask', 'mmtask.exe' or 'Task
Scheduler'. There are many articles on the net that supply source-code
to make your own 'task scheduling engine' to work with your own apps.
Tasks scheduled using these engines will NOT show up in the Windows
Task Scheduler.

Being an 'engine' suggests that is has no User Interface and as such
is 1> being controlled and commanded by another application or
channel, and 2> is an application extension .dll and not a .exe
probably lurking in your %windows% or %system32% directories.

This is the kind of tactic GAIN (the bastards) would use however this
is the first I have seen. I suspect though that you have been stung by
adware and if not for your firewall, you may have had your screen
littered with commercials.

The source I have seen was an activex .dll written in VB6.0. With
small modification, this could also be made as a browser plugin.

If you continue to get hits on your firewall then download and run
SPYBOT and HijackThis. With SPYBOT, you are pretty much safe to let it
clear everything it finds. If you find that you don't know what your
doing with HijackThis, Post the results of a scan in here and i am
sure someone can help you.

If this was just a one-off, it may be possible (can someone with a bit
more knowledge verify this???) that a web page used a script to load
an active-x control that used a built-in task-scheduling engine in
order to fetch then next commercial at a certain interval. The same
control could be used to fetch ads based on geographic location,
web-page content or search keywords. In this case, the control is
probably only active while you are viewing a certain site(s) and can
be uninstalled by deleting unwanted 'helpers' in your 'downloaded
program files' folder. I believe this can be avoided by upping your
security settings in your browser.

HTH

Aaron Lingwood