M
Milkus
I was hoping someone could point me in the right direction for dealing
with the following 'virus'/malware/pest. Currently it has not been
detected by any of the major online virus scanners, AVG, F-Secure,
Trojan Hunter, Stinger, Panda, Mcfee, Housecall, AdAware, Xsoftspy,
Hijackthis, CWShredder ... All have latest patches...
What happens is that sporodically I lose control of the desktop and
random programs start executing or closing down, windows start poping
up, services start running, administrative tasks will be activated
(eg: try to make new user, scan random files with antivirus software
etc), the taskbar is resized and moved to new positions. Basically it
all happens for 5-20 secs, extremely fast, doesnt seem to be
destroying files though.
It will happen, maybe once in 4 hours or twice in a minute. No
suspicious processes show up in task manager, and I cant capture any
scripts being executed. What it does do is restrict my ability to
operate the machine, as data is easily lost when programs shut down.
It is not dependent on internet access, or browser used. If I do a
search on files that have changed just after the episode, nothing of
note comes up, just prefetch files from the programs that were opened.
How can I find this thing and remove it. My conclusion is that I have
a 'dirty' dll or exe, disguised with a common name. I dont have a
restore point that would be early enough to thwart it. I also noticed
on shutdown last night, when XP goes to the blue shutdown page, it had
a message saying it was installing 1-4 updates before shutdown. I have
not seen this before so manually shut it off, but would think the
designer of this thing would not advertise such a change.
I have unistalled SP2 then reinstalled it to no avail. My last resort
is a total rebuild, but I am worried about backing up any file.
with the following 'virus'/malware/pest. Currently it has not been
detected by any of the major online virus scanners, AVG, F-Secure,
Trojan Hunter, Stinger, Panda, Mcfee, Housecall, AdAware, Xsoftspy,
Hijackthis, CWShredder ... All have latest patches...
What happens is that sporodically I lose control of the desktop and
random programs start executing or closing down, windows start poping
up, services start running, administrative tasks will be activated
(eg: try to make new user, scan random files with antivirus software
etc), the taskbar is resized and moved to new positions. Basically it
all happens for 5-20 secs, extremely fast, doesnt seem to be
destroying files though.
It will happen, maybe once in 4 hours or twice in a minute. No
suspicious processes show up in task manager, and I cant capture any
scripts being executed. What it does do is restrict my ability to
operate the machine, as data is easily lost when programs shut down.
It is not dependent on internet access, or browser used. If I do a
search on files that have changed just after the episode, nothing of
note comes up, just prefetch files from the programs that were opened.
How can I find this thing and remove it. My conclusion is that I have
a 'dirty' dll or exe, disguised with a common name. I dont have a
restore point that would be early enough to thwart it. I also noticed
on shutdown last night, when XP goes to the blue shutdown page, it had
a message saying it was installing 1-4 updates before shutdown. I have
not seen this before so manually shut it off, but would think the
designer of this thing would not advertise such a change.
I have unistalled SP2 then reinstalled it to no avail. My last resort
is a total rebuild, but I am worried about backing up any file.