cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
nclc
Level 7
Report Inappropriate Content
Message 1 of 4

Looking for details on "XML/Task.a"

Jump to solution

We received an alert on a PC indicating that the trojan "XML/Task.a" was detected in c:\windows\system32\tasks\{5C44F35B-B370-D489-A144-585BF92106AB}, and was subsequently deleted. It appears the deletion was successful, as the file does not exist on the endpoint any more. Although it's good news to hear it was deleted; my team needs to find out what it was, and how it landed on the system in question.

With nothing further to go on than the data above, and an MD5 hash from the EPO console alert details (ec6ca71d212240272d00c2ad4892dce2 for those of you interested) we are unable to glean any additional useful data.

My google-fu does not appear to be strong enough to supply meaningful results to this query, so I'm hoping someone here can help. Even if all we can get is what McAfee defines as "XML/Task.a", that would be more than we have now. I've searched kc.mcafee.com, virustotal, and google to no avail.

Has anyone here come across this detection before? I'd appreciate any insight into this so that our report can answer more questions than it generates.

Thanks!

1 Solution

Accepted Solutions
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Looking for details on "XML/Task.a"

Jump to solution

Hi @nclc

From what you are reporting there is a scheduled task being created which appears to be / contain something we see as malicous. The trojan "xml/task.a" is very generic and even we from support can't give you any more info on it I'm afraid. It would indicate that it's an xml file being detected.

Ideally we would get this to labs for further review if you'd like more info. As the file has been deleted, I'd expect to see a quarantined item. You can submit this quarantined item as a sample to us for further review if you wish.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
3 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Looking for details on "XML/Task.a"

Jump to solution

Hi @nclc

From what you are reporting there is a scheduled task being created which appears to be / contain something we see as malicous. The trojan "xml/task.a" is very generic and even we from support can't give you any more info on it I'm afraid. It would indicate that it's an xml file being detected.

Ideally we would get this to labs for further review if you'd like more info. As the file has been deleted, I'd expect to see a quarantined item. You can submit this quarantined item as a sample to us for further review if you wish.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
nclc
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Looking for details on "XML/Task.a"

Jump to solution

Thank you so much for the info on "XML/Task.a". Is there anywhere you know of on McAfee's support sites that I could have looked this information up myself? That could be a fairly useful resource, and would have kept me from having to drop such a basic request on the community here.

This certainly answers my question, and I'll mark it as such.

I didn't think to look at quarantine, as I consider that a different action from deletion. I will examine the quarantine on the system, and see if there is anything of use there. If I find any further useful information, I'll update this thread.

Thanks again!

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Looking for details on "XML/Task.a"

Jump to solution

No, sorry. Generally speaking from a customer perspective, I would take the MD5 hash and look it up in virustotal. The trojan type itself is very generic. The information given is purely from what you explained about the issue and the description of the trojan  - the first part being what the file likely was "XML" the second being what it is "TASK" (in your case a scheduled task).

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center