What is this???

S

sach70

Well-Known Member
Joined
Jun 29, 2006
Messages
176
Reaction score
0
Location
Pretoria/Sint-Niklaas (Belgium)
A question for the experts.

A few days ago I noticed a "new" icon in my control panel. Although it is not really an icon. It looks like an icon still loading, with no "picture", if that makes any sense. Also when I double click on it, something happens for a split second, but, nothing happens. When I right click on it I get the normal Run and Create Shortcut selection but again nothing happens. I used Procexp to check what is running and there it is??? Again, the same "not really an icon" but nothing else. I can't stop it, debug it, nada. I have tried a number of AVs and Anti-Spyware progs, NOTHING found, (except the normal "double click" and "stat counter" stuff one pick up in a normal surf day. I run Bitdefender 10 Internet Sec and MS Defender with Spybot and Ad Aware SE). Otherwise my pc is running a bit ragged, like it has a cold. It is going... but not quite 100%. Shtdamm, really not in the mood to format and reload xp....

Any one else seen something similar???
 
Weird...

damn spyware.

In your Windows\System32 directory, do an *.cpl listing in a cmd window. I've got 29 .cpl files.

You can easily discern which cpl file is which one, or you can right-click on the cpl file, and then check on the version tab what's going on there.

hth

Libs
 
Still not sure

Hey Libs,

I got 27 .cpl files, checked them all and nothing suspicious. Got 38 icons in my control panel, including the "weird" one. These include Nero Burn rights, Nvidia icons etc. Still nothing. Did notice something else. When checking with Procexp the "weird" one does the same as "System Idle Process", which have "disappeared??" FUNNY. Will be going through the software explorer of MS Defender to check what exactly is running. Hope I see something. Otherwise, hello format. (I detest Spyware etc!!)

Thanks for the info
 
bladdy spyware.

Hook an external firewall and see what's happening - if it doesn't phone home, then it should be OK.

But if it phones home, then get rid of the annoying piece of carp by reformatting...


*sigh*

I *love* reformatting..... NOT!!!
 
And in the end..

Well Libs, guess what? In the end I decided to format and start over. A real pain in the butt but all worth the trouble. At last my rig is again going like it should.

Although I can't "prove" it, I am still sure the icon in question was some dodgy malware. Most probably something that one of my anti-virus/spyware programs "tried" to remove and couldn't quite do it completely. Well, it is gone now....
 
sach70, for interest sake, did you visit any dodgy web sites with Internet Explorer? Install any free "themes" or such software? Answer YES to web sites that REQUIRE a plug in to be installed? Did you have a firewall and anti virus installed?

Just curious ...

PS: Sounds a bit like a root kit which most anti virus and firewalls have difficulty in detecting.
 
Last edited:
well, lets see...

Hey biometrics, to answer your questions. Try my best to stay away from any dodgy sites, (but you know, sometimes one needs a "crack" or serial. (Have not done so in a while though). Don't have free themes or strange software installed. But do sometimes install software from Download.com or FileHippo, as well as from say PC Format DVD's to see how they work.....
I have IE7 installed but never use it. Only use Firefox and if necessary, the IE tab. Don't allow websites to install plugins unless I trust the site. Lastly, I have Bitdefender 10 Internet Security installed (with its own firewall) and use Spybot, AdAware (beta, at the moment), Windows Defender and keeps Windows Firewall active on my connections. BD10 also have quite a good rootkit scanner which I run weekly.

IOW, I think I keep my surfing quite safe, therefore the concern. I had a look after my re-installation and wonder whether my OS weren't a bit corrupt, especially my "system idle". (If that makes any sense!?!)
 
erm.. the icon with no picture is usually a dos mode application that will run in command shell, then terminate the shell. so, clicking it with cause a program to run, then complete, and then terminate the shell causing the window to disappear. my not have been malware, but we'll never know now!

btw, if your machine did indeed have a rootkit installed, you'd never know (unless you painstaking perform md5 hash checks against every binary on the machine!).
 
Goto www.sysinternals.com.

Yes .. they were purchased by MS, but the software is still good.
Click on the Security Utilities link.
Download Autoruns.
Download Process Explorer.

Use autoruns to view everything that is auto-started when windows starts. Be extremely suspicious of something that is auto-started that does not belong to Microsoft Corporation. Uncheck those that you don't trust. Unchecking them just means they are ignored for now.

Use process explorer to view running programs, AND WHERE THEY ARE RUNNING FROM. Those programs that you don't trust, try to kill them. If they reappear, then they are probably part of a trojan set. A trojan set is where 2 or more running processes make sure that they cannot die cos they look out for each other, and if they're killed, then they start each other.

If you have a trojan set, write down the file names and start windows in safe mode. Delete the files in safe mode, and while you're there, clean the autorun stuff using autorun.

Thjen boot back to windows normally and run process explorer again to ensure something else is not putting them back.

Happy hunting.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X