LTASKUP.EXE - Dangerous

What you should do about LTASKUP.EXE:

Check Your PC Now
Your PC may be infected. The presence of a file called LTASKUP.EXE is a possible sign of infection.


You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including LTASKUP.EXE. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,050,745 people have scanned with Prevx CSI and between them have checked 29.1 billion files. 65% of the PCs scanned had malware present.

What we know about LTASKUP.EXE:

The filename LTASKUP.EXE was first seen on Sep 7 2007 in BELGIUM. It has also been seen in the following geographical regions of the Prevx community:

  • SPAIN on Sep 7 2007
  • NETHERLANDS on Dec 24 2007
  • The UNITED KINGDOM on Dec 24 2007
The filename LTASKUP.EXE refers to many versions of an executable program.

The most common file size is 611,328 bytes. But the following file sizes have also been seen:

  • 757,760 bytes
  • 33,825 bytes

The unsafe files using this name are associated with the malware group TROJAN.INFOSTEALER.BANCOS.A.Some files using the name LTASKUP.EXE are also associated with the malware group:
  • Backdoor.VB

These files may have the following Vendor, Product, Version Information in the file header Microsoft Corporation; svchost.exe; 1.0.0.2

  • The following Vendor, Product, Version Information has also been reported:
 Microsoft Corporation; svchost.exe; 1.0.0.0 Microsoft Corporation; lsass.exe; 1.0.0.143 Microsoft Corporation; lsass.exe; 1.0.0.0

LTASKUP.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • The Process is polymorphic and can change its structure
  • Executes a Process
  • This Process Creates Other Processes On Disk
  • Accesses the MS Outlook Address Book
  • Can communicate with other computer systems using HTTP protocols
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Deletes Other Processes From Disk
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Creates potentially fake system tray messages and error warnings
  • Uses DNS to retrieve the IP address for web sites

LTASKUP.EXE has been the subject of the following behavior(s):

  • Executed as a Process
  • Created as a process on disk
  • Has code inserted into its Virtual Memory space by other programs
  • Added as a Registry auto start to load Program on Boot up
  • Executed from Temporary Folders
  • Registered as a Dynamic Link Library File
  • Created as a new Background Service on the machine

LTASKUP.EXE can also use the following file names:

  • 43342851.EXE
  • 99662482.DAT
  • 95870244.EXE
  • 47829454.EXE
  • 04464343.EXE
  • 37464247.EXE
  • 58903608.SVD
  • WNUPD.EXE
  • CRSS7[1].EXE
  • 31648437.DAT
  • 76805239.SVD
  • DPTRRSLWXV-840.PMS.EXE
  • EE459445BAA015393C7441E485EF7CFA.EXE