Taskbar Ghost

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Every few minutes, some unnamed program or other application quickly appears
and disappears in taskbar at bottom of computer screen. How do I fix this?
 
Scan with Adaware, Spybot and Hijackthis. Enter these three names in google
search if you dont have them. Look at your running processes carefully, some
viruses and malware can look very much like legitimate processes.
Don't delete stuff untill your sure about what your doing.
Scan for viruses. If you don't have one google for online virus scan with a
reputable name (symantec, norton, panda etc...)
 
I've tried these programs. No problems found on first two, Hijackthis shows
a whole list of things, which no one I know wants to risk removing. Any
other suggestions?
 
Open Spybot, click "mode" at the top, choose advanced mode. Click yes on the
pop-up. Click on tools in the bottom left pane. Put a check in all the
boxes. Click on Process list. Click export. Save to desktop. Copy and paste
the list here. Also copy and paste the results of the Hijackthis scan.
And in the meantime you can try a scan with this program:

http://www.sysinternals.com/Utilities/rootkitrevealer.html

Paste the results of that in this thread also if it shows anything
 
I have text file results of Spybot, Rootrevealer, Hijackthis scans, but this
reply field will not allow this much data to be pasted. Can I email you this
info elsewhere ... or?
 
I was afraid of that. Can you just start with the list of processes? Then we
can go from there. I posted my email once here and was spammed for months
after. If that doesn't work I might set up a web based e-mail address.
if you can't post the whole thing try a section at a time.
 
Post the rootkitrevealer scan results next


Mark said:
I have text file results of Spybot, Rootrevealer, Hijackthis scans, but
this
reply field will not allow this much data to be pasted. Can I email you
this
info elsewhere ... or?
Click to expand...
 
The Rootkitrevealer results make for a large file. The rest of the missing
data starts like those at bottom here, apparently from Recyler/Norton
Protected files. In total, it's about 5 times as much data as this space
will allow. Are these possible culprits? It sure would be easier to email
these and the other two files to you as attachments. I promise I'm a good
citizen and will not release your email address to anyone.

HKLM\SOFTWARE\Microsoft\Microsoft SQL
Server\VAIO_VEDB\MSSQLServer\uptime_time_utc 12/13/2005 4:18 PM 8 bytes Data
mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Prefetcher\TracesProcessed 12/13/2005 4:19 PM 4 bytes Data
mismatch between Windows API and raw hive data.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip 12/13/2005 4:18 PM 0 bytes Visible in Windows API,
but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip\RootkitRevealer.chm 12/7/2005 2:19 PM 99.77
KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip\RootkitRevealer.chm:Zone.Identifier 12/7/2005 2:19
PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3
for RootkitRevealer[1].zip 12/13/2005 4:19 PM 0 bytes Visible in Windows API,
but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\SHYZ8XMV\Thumbs.db 12/13/2005 4:26 PM 62.00 KB Hidden from
Windows API.
C:\RECYCLER\NPROTECT 12/13/2005 4:22 PM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00008711. 12/9/2005 5:12 PM 3.39 MB Hidden from Windows
API.
C:\RECYCLER\NPROTECT\00008738. 6/11/2005 12:21 PM 37.00 KB Hidden from
Windows API.
C:\RECYCLER\NPROTECT\00008741. 12/9/2005 5:12 PM 39.00 KB Hidden from
Windows API.
 
Ok here is my e-mail, remove the spaces from either side of the @ symbol:
i_runman @ yahoo.com. These threads are posted in a lot of different places
and bots are always searching for email addresses.

Before mailing me anything you need to do two things. Clear your browser
cache, history and cookies. And empty the recycle bin. Open internet
explorer, click tools, click internet options. Under the first page or
general tab is "Temporary internet files" and "History". Delete cookies,
Delete files and Clear history. Then, open the recycle bin and click file
and click empty the recycle bin if its not greyed out. if its greyed out
then you can't.
Now, rescan with rootkitrevealer and send me the results.

Mark said:
The Rootkitrevealer results make for a large file. The rest of the
missing
data starts like those at bottom here, apparently from Recyler/Norton
Protected files. In total, it's about 5 times as much data as this space
will allow. Are these possible culprits? It sure would be easier to
email
these and the other two files to you as attachments. I promise I'm a good
citizen and will not release your email address to anyone.

HKLM\SOFTWARE\Microsoft\Microsoft SQL
Server\VAIO_VEDB\MSSQLServer\uptime_time_utc 12/13/2005 4:18 PM 8 bytes
Data
mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Prefetcher\TracesProcessed 12/13/2005 4:19 PM 4 bytes
Data
mismatch between Windows API and raw hive data.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip 12/13/2005 4:18 PM 0 bytes Visible in Windows
API,
but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip\RootkitRevealer.chm 12/7/2005 2:19 PM 99.77
KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2
for RootkitRevealer[1].zip\RootkitRevealer.chm:Zone.Identifier 12/7/2005
2:19
PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3
for RootkitRevealer[1].zip 12/13/2005 4:19 PM 0 bytes Visible in Windows
API,
but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\SHYZ8XMV\Thumbs.db 12/13/2005 4:26 PM 62.00 KB Hidden
from
Windows API.
C:\RECYCLER\NPROTECT 12/13/2005 4:22 PM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00008711. 12/9/2005 5:12 PM 3.39 MB Hidden from
Windows
API.
C:\RECYCLER\NPROTECT\00008738. 6/11/2005 12:21 PM 37.00 KB Hidden from
Windows API.
C:\RECYCLER\NPROTECT\00008741. 12/9/2005 5:12 PM 39.00 KB Hidden from
Windows API.
needlove said:
Post the rootkitrevealer scan results next
Click to expand...
Click to expand...
 
Back
Top