General discussion

Locked

Strange Activity

By JamesRL ·
Let me start out by saying, I am no novice in the anti-virus field, having spent a lot of time in it years ago.

But I have run into something I can't seem to solve.

When I start up my computer, after all the startups apps fill the tray but before I launch IE, I get a "pop up" which is a small rectangle of yellow with an orange border. Inside the rectangle is a black "sun" icon with sunglasses and a smiling face. Beside it is what looks like a field in orange, but I can't click in it. I can move the po up around on the desktop, but it doesn't stay long and dissapears. I've had it reappear a few times, but after the system has been up a while, it doesn't come back unless I reboot.

I have tried a few of the antivirus and anti-spyware tools (Windows defender/Adaware/McAfee). I have looked at all my open processes at www.processlibrary.com. I have used MS config to eliminate any unneeded startups. But still its with me.

I've googled the description of the picture, googled images etc, with no luck.

I should mention this is a fairly new fairly clean that spends most of its time on a secure network, though I have used it while travelling on less than totally secure hotel wireless connections.

I'm not an expert with Hijack this, but I think thats the next step. Is there anyone who would review my findings for me?

James

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Strange Activity

Sure James. Shoot it to me via my Yahoo email address at bfilmfan@yahoo.com.

Also get a screen shot of this icon if you can.

Collapse -

by JamesRL In reply to

Thanks for reviewing the log for me. Even if you didn't find anything obvious that helped me narrow it down.

Collapse -

by UncleRob In reply to Strange Activity

Have you used a startup manager routine like regcleaner or something similar to view what is actually being run during startup? Do you recognize & can account for everything that runs during startup? If not this may be the place to start, you said that it only appears during reboots so this is something that is being loaded up during the startup process, the fact that it only shows up for brief period of time and then vanishes sounds a bit like spyware to me. You mentioned using MSConfig but maybe you should try some other apps to view what may be missing (or hidden from) in MSConfig.

Also, have you attempted during reboots to enter safe mode on your pc (I'm assuming Windows XP, I could be wrong). If you're running Windows XP, hit F8 a few times before the winxp splash screen appears, select Safe Mode and then login to your pc and watch as the apps startup. Does this black sun popup appear again? Use a combination of Ad-Aware, Spybot & Windows Defender Beta 2 to scan for spyware while your pc is in safemode. Scanning for spyware in regular windows mode doesn't work nearly as well as it does during safe mode. Whatever it finds during these scans, quarantine & delete and then reboot, enter safe mode again and repeat the spyware scan to see if the spyware returns (some form of browser hijacker or malicious trojan).

Also definitely check out http://greatis.com/unhackme/ and download their rootkit removal utility, you may have a rootkit installed on your system which is why you can't detect it using these other methods. A rootkit is a collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.

Let me know how this works out for you, hopefully it isn't a rootkit.

Collapse -

by UncleRob In reply to

Download
UnHackMe - Invisible Trojan's Killer.

Version 3.0 beta3
Supported Windows NT4/2000/XP(64)/2003(64)/Vista.
What's new in version 3.0:
-Added detection/removal of HackTool Rootkit.
-Added detection of Appros Adware Rootkit.
-Fixed bugs and improved stability.

Fully functional version:

UnHackMe 3.0 beta 3 evaluation version
UnHackMe still works after finishing evaluation but it will ask you for registering.

http://www.greatis.com/unhackme.zip

Collapse -

by UncleRob In reply to

Hi James, any luck with this yet?

Collapse -

by JamesRL In reply to

Thanks, Un Hack Me looks worth investigating.

Collapse -

by sgt_shultz In reply to Strange Activity

hi. i have not heard of that one. pretty sure you can post your hijackthis log here or at www.tomcoyote.org. i bet you won't need to post it. i bet you will immediately see the hijack...but who knows, new stuff coming along daily...

Collapse -

by JamesRL In reply to
Collapse -

by Wrench97 In reply to Strange Activity

Icon sounds like the RSS-Bandit program icon (Orange face with an eye patch over the left eye ) Do you have this RSS reader installed?

Collapse -

by JamesRL In reply to

Its not RSS....

James

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Forums