Anne
It's being going around, no one seems to know what's causing it. I've
taken a look at a couple of XP systems that were "fixed" by running a
system restore. Looking at the msinfo dumps from before and after the
restore the only concrete difference I've been able to find is a
service with a display name of "Network Security Service" called
"__NS_SERVICE_3". I only have before logs on 8 other machines. Out of
all 10 machines 7 have that service, named "__NS_SERVICE",
"__NS_SERVICE_2", or "__NS_SERVICE_3" with what appears to be a
randomly named EXE in c:\windows\system32. Right now it's the only
real good lead I've seen. Trendmicro calls it TROJ_AGENT.Z2, but the
tech details make no mention of shell.dll. I've done a bit of digging,
but not come up with anything else to tie and TROJ_AGENT variants to
this problem.
Also on the 10 machines 4 have IEFEATS.. But again, none of the info I
can find provides a concrete link that points to it as the culprit.
The only other thing that these machines have in common that I can
garner from examining their msinfo dumps are windows services, all of
those seem to check out against a machine that is known to not have
the problem ( my box at work ).
I'm gonna go out on a limb here and guess that you guys probably
started getting calls about this sometime around 5/26/04. That's when
our started. On Friday, when I left work, we had taken 68 calls on it.
Today when I left work we had taken 78. Not a huge number, but we're
not a huge company.
Personally, I'm stumped, but at least it gave me an excuse to write a
NFO file analyzer.
Best of luck
Joe
