Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Interesting Windows problem... any ideas?

Author
Message
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 29th Aug 2006 22:55
Link
Hi all,

Ok this is a weird one and I have racked my brains over it, but still not resolved it.

For the past few days (I haven't installed anything new) I am seeing a tiny EXE window appear. It appears on my task bar, stays for no more than one or two seconds, then vanishes. There is no text in it, you cannot select it from the ALT-TAB list if you manage to time that right, you cannot right-click it.

It simply pops-up, then goes away again instantly. No actual window appears on-screen, just the entry on the task bar.

It is sort of like a program doing an auto scheduled update or something.

I have looked on my Processes list and can see nothing 'weird' on there. I've tried stopping various things, but none have hit the target yet. Normally I wouldn't mind, but when this little exe runs if I am in a full-screen game (Counter Strike, WoW, Oblivion, etc) it switches back to the Windows desktop, and I have to re-select the game from the task bar to get back into it again.

Needless to say this has rendered all on-line FPS games virtually unplayable, as this exe pops-up every half an hour or so.

There is nothing in Windows Scheduler (XP Pro) and I don't have many background processes running beyond my anti-virus (NOD32) and a couple of small apps that never did this in the past.

Does anyone have any ideas where a list of scheduled or last-run EXEs might live in XP? I tried sys log but nothing points to anything out of the ordinary.

Cheers,

Rich

"Bite my shiny metal ass" - Bender, Futurama
No pixels were harmed in the making of this post
"Don't ping my cheese with your bandwidth"
Back to top
Profile PM Email Website
Oddmind
20
Years of Service
User Offline
Joined: 20th Jun 2004
Location: Atlanta, Georgia
Posted: 29th Aug 2006 23:03
Link
I've had this problem as well before, It just seemed to dissapear...

Though mine could be clicked and right clicked it never really did anything.

formerly KrazyJimmy

Prayers for rain...
Back to top
Profile PM
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 30th Aug 2006 01:26
Link
Does it happen when you log in as a new user on your own system, if so, sounds like another tricky piece of spyware loaded in at the admin level.

have another computer on your network constantly port sniff that machine, see where its trying to send info to if it is.

there is another tool in the arsenal of spy killers im becoming a friend to is Eiwido.

Back to top
Profile PM Email
Sid Sinister
19
Years of Service
User Offline
Joined: 10th Jul 2005
Location:
Posted: 30th Aug 2006 01:55
Link
might be a keylogger your parents put on it or something. It wouldn't show in the task menu or be visible from the quick launch pad. But it might show for a second on boot before it goes away. I recommend scanning for spyware, adware and trojans/loggers.
Back to top
Profile PM Email
IanG
20
Years of Service
User Offline
Joined: 25th Sep 2004
Location: Cyberspace
Posted: 30th Aug 2006 02:23 Edited at: 30th Aug 2006 02:26
Link
Quote: "might be a keylogger your parents put on it "

rich your an eleven year old again!!

what you could do - if you have super fast reflexes - is use spy++ which comes with vistual studio to find out what process the windows belongs to

but i doubt that will be possible, so i would crack open msconfig and switch off everything and then enable each one one by one until you find the ugly critter, or just look for the ones which shouldn't be there - you have to remember it is pretty easier to write something which hides from the task manager


amd athlon xp 2600+,1280mb,FX 5200 128mb,200gb & 120gb,xp pro sp2
Back to top
Profile PM
SirFire
19
Years of Service
User Offline
Joined: 4th Apr 2005
Location: North America
Posted: 30th Aug 2006 02:29 Edited at: 30th Aug 2006 02:31
Link
You could try filemon from sysinternals.com to check for unknown files executing or accessing other files (you'd probably have to let it sit and watch until the little window pops up again), or you could use rootkitrevealer from the same site, which will help you find "stealthed" (hidden from process manager) processes that may be running or shady windows startup options.

Back to top
Profile PM Website
David iz cool
19
Years of Service
User Offline
Joined: 21st Sep 2005
Location: somewhere lol :P
Posted: 30th Aug 2006 03:11
Link
a system restore might help.but it sounds like some virus or something.or if u want to completely wipe it out,u could wipe out your hd,and reinstall your os & everything else.
Back to top
Profile PM
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 30th Aug 2006 04:07
Link
lol, the advice is classic today

Back to top
Profile PM Email
Cash Curtis II
19
Years of Service
User Offline
Joined: 8th Apr 2005
Location: Corpus Christi Texas
Posted: 30th Aug 2006 05:15
Link
Rich, what spyware scans have you run? Spyware is my first guess, as this is not a normal behavior. I've seen spyware before that has similar behavior when it loads, but I don't recall whether or not there was any cyclic behavior.

Advanced System Optimiser is good for controlling every program that initializes for every account. I chose this program because it received extremely high ratings.

Quote: "might be a keylogger your parents put on it or something"




Come see the WIP!
Back to top
Profile PM
Sid Sinister
19
Years of Service
User Offline
Joined: 10th Jul 2005
Location:
Posted: 30th Aug 2006 05:50
Link
Lol, I am so sorry Rich ! I didn't read who posted this thread, if I knew it was you I wouldn't have said that! Lol, wow. Talk about being embarrased. Ah, oh well. It defiently made me laugh.

I hope the rest of forumg guys let me live this down!
Back to top
Profile PM Email
Megaton Cat
21
Years of Service
User Offline
Joined: 24th Aug 2003
Location: Toronto, Canada
Posted: 30th Aug 2006 06:10
Link
As everyone said, a Spybot scan or something would be a good start.

Back to top
Profile PM Email Website
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 30th Aug 2006 13:26
Link
Have a look at MSCONFIG and see what programs are in the Startup list.

Come to the last Unofficial DBPro Convention (http://convention.logicstudios.net/)
Supplying "NO" since 1974...
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Aug 2006 13:59
Link
sounds really really dodgy. I bet you got a hold of some new spy crapz0r on your machine. I'd update all spyware/virus definitions and spend some time doing some full scans.

does the event logger pick up this occurence and give any info?
write a small app to log the processes, does the item appear in processes, does it always have the same name?

dodgy I say

Quote: "might be a keylogger your parents put on it or something"

lmao - I have saved this classic for later use

Physics, Science, and Mathematics do not lie - only people do.
Back to top
Profile PM
Cash Curtis II
19
Years of Service
User Offline
Joined: 8th Apr 2005
Location: Corpus Christi Texas
Posted: 30th Aug 2006 14:26
Link
Quote: "If i had this problem, i would simply reboot, only takes a couple hours and then you P.C's in top condition again"

I would never do that. I just keep my computer clean and I never have a problem.


Come see the WIP!
Back to top
Profile PM
Zappo
Valued Member
20
Years of Service
User Offline
Joined: 27th Oct 2004
Location: In the post
Posted: 30th Aug 2006 14:27
Link
Quote: " If i had this problem, i would simply reboot, only takes a couple hours "

Wow! Thats a slow machine

There are so many apps now that check for updates themselves it can be a real pain to find and turn them off. I have hated Adobe Acrobat Reader for some time because of this kind of behaviour.
I recently updated my Symantec antivirus software and the new version seems to popup with a taskbar icon whenever any email client checks for or sends mail. Quiting your email client should sort that out, but it might be worth checking your antivirus software too in case that is scheduled to do something every 30 minutes.
As mentioned earlier, RootKitRevealer from SysInternals is an excellent tool for investigating possible compromises. As files and registry entries can be completely hidden from the operating system it actually checks the disk and registry files and compares them to what the OS says is there. Any discrepancies can be checked. Its very reliable and well worth giving a go (especially as its free).
Back to top
Profile PM Website
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 30th Aug 2006 14:32 Edited at: 30th Aug 2006 14:35
Link
I'm unsure how NOD32 works when it comes to possible bugs coming through websites. Recently a rootkit tried to penetrate my system only from viewing a fairly popular website. McAfee deleted the rootkit driver file (.sys extension in system32 folder), but failed to delete the dll that came with it. This dll left behind made IE crash after so many minutes of use. Final after a few restarts and scans, all was fixed again.

From the way you described the problem it really sounds like spyware. You might want to try scanning your Windows profile folder, Program Files folder, and then the Windows folder.

Also if you can search your WindowsSystem32 folder for *.sys files (do not search subfolders) and post up a screen shot like the one I have attached. That'd show if you have any strange rootkits. Unless it was a super evil one like mentioned above where it starts completely stealthing itself.

Attachments

Login to view attachments
Back to top
Profile PM Email
Nicholas Thompson
20
Years of Service
User Offline
Joined: 6th Sep 2004
Location: Bognor Regis, UK
Posted: 30th Aug 2006 14:34
Link
Under Administrative Tools, go to Events and see if anything is in there... Might log the result of the program, if its legit.

Whats in your process list?

[center]
Back to top
Profile PM Email Website
Zappo
Valued Member
20
Years of Service
User Offline
Joined: 27th Oct 2004
Location: In the post
Posted: 30th Aug 2006 14:48
Link
Yeah, it was a joke because I guessed you meant 'reinstall' rather than 'reboot'.
Back to top
Profile PM Website
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 30th Aug 2006 15:10
Link
Ok I have tracked it down - finally. I ran msconfig to start with and checked out the start-up files, there was nothing weird in there.

It is NOT spyware or a virus, of that I am 100% certain. I don't install any random crap or warez on my work PC, and NOD32 catches everything virus related.

However I bought myself a copy of WinTasks Pro 5, turned on the logging and let it run. All processes, all threads, all exes - everything was recorded for several hours.

The little window popped up every 15 minutes, to the second, without failure. So it was easy to narrow it down in the WinTasks log - and lo and behold it was a bloody Hewlett Packard Printer driver causing it. It appears to do some kind of a network poll every 15mins, probably to talk to my ethernet wired printers and check their status, and for some reason it was now popping up a little window (where before it was silent).

Uninstall the driver, re-install, sorted.

Crappy HP software! On the plus side I did get to clean out my Registry in the process and remove a stack of start-up items I didn't need.

Cheers,

Rich

"Bite my shiny metal ass" - Bender, Futurama
No pixels were harmed in the making of this post
"Don't ping my cheese with your bandwidth"
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Aug 2006 15:18
Link
HP, that'll get ya every time.
Glad you sorted it. I have a feeling it will return if its normal behavior of the print drives tho.

Physics, Science, and Mathematics do not lie - only people do.
Back to top
Profile PM
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 30th Aug 2006 15:27
Link
I've had this printer for 6 months though and it hasn't done it before, so this isn't normal behaviour.

"Bite my shiny metal ass" - Bender, Futurama
No pixels were harmed in the making of this post
"Don't ping my cheese with your bandwidth"
Back to top
Profile PM Email Website
IanG
20
Years of Service
User Offline
Joined: 25th Sep 2004
Location: Cyberspace
Posted: 30th Aug 2006 15:33
Link
you really should bin your hp printer and get a nice canon - much cheaper to run and they produce much better quality images


amd athlon xp 2600+,1280mb,FX 5200 128mb,200gb & 120gb,xp pro sp2
Back to top
Profile PM
Van B
Moderator
22
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 30th Aug 2006 15:38
Link
My brothers PC had a similar problem, damn malware popping up every 15 mins and ruining the game, it was getting to the point where he stopped using the PC.

This little proggie actually came from some czech sounding domain, begins with a K, but googling for it returns nothing.

Anyhoo, it might be some rare malware that is not mal enough for virus checkers to pick up, like the most annoying thing it does is pop up and ruin the game. I'm thinking it tries to contact a website somewhere to send stuff (it stopped once we disconnected the web connection), maybe a keylogger - but often a firewall or download manager will snag it, which is just as bad when your firewall or download manager pops up and does the same harm .

Eventually just reinstalled windows to get rid.

''Stick that in your text and scroll it!.''
Back to top
Profile PM Email
adr
21
Years of Service
User Offline
Joined: 21st May 2003
Location: Job Centre
Posted: 30th Aug 2006 15:39
Link
Dammit... I'm too late.

Well, I would've suggested FileMon or RegMon. You can run those and they log every file access/registry access. Obviously, you can filter down the results as the log gets rather large rather quickly...

[center]
But you see, I have the will of the warrior. Therefore, the battle is already over. The winner? Me!
Back to top
Profile PM Website
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 30th Aug 2006 15:46
Link
Quote: "you really should bin your hp printer and get a nice canon - much cheaper to run and they produce much better quality images"


The HP I have came top in a 50 printer PC Pro magazine group-test (against Canon, Epson, etc) for both print quality and, most importantly for me, the price per page. I've no intention of changing it anytime soon. This isn't some crappy £30 unit, the likes which Dell throw in for free with PCs, where the cartridges cost more than the printer.

Even so, that doesn't stop their software sucking.

"Bite my shiny metal ass" - Bender, Futurama
No pixels were harmed in the making of this post
"Don't ping my cheese with your bandwidth"
Back to top
Profile PM Email Website
NeX the Fairly Fast Ferret
19
Years of Service
User Offline
Joined: 10th Apr 2005
Location: The Fifth Plane of Oblivion
Posted: 30th Aug 2006 17:21
Link
HP have made some good software... iTask is great! ^^


Since the other one was scaring you guys so much...
Back to top
Profile PM Website
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 30th Aug 2006 17:30 Edited at: 30th Aug 2006 17:31
Link
Buying HP printers should be a no-no. If you've ever worked in a large building with over 500 HP printers of various models you'll know they are evil.

HP =

Back to top
Profile PM Email
re faze
20
Years of Service
User Offline
Joined: 24th Sep 2004
Location: The shores of hell.
Posted: 30th Aug 2006 17:44 Edited at: 30th Aug 2006 17:45
Link
use sysinternals process explorer, check startup using msconfig by going to start>run and typing in msconfig.
[edit]
crap im too late!

Back to top
Profile PM Email Website
geecee3
20
Years of Service
User Offline
Joined: 25th Feb 2004
Location: edinburgh.scotland.
Posted: 30th Aug 2006 17:56
Link
funny you should say that, seeing as most HP laserjets use canon engines, and canon engines are teh pwnage. the only better engine in a laser printer is actually an led array by oki and nothing do do with lasers in the slightest how odd. lol.

HP printers, the best in the world IMHO. would never use anything else, except a decent epson injet. I used HP plotters and large format inkjets for CAD, and laserjets for everything else. a building with 500 of any flavour of laser printer will allways have hassles, mechanical devices, to be expected.

anyone saying HP printers are rubbish should go stick their tounge on the corona wire in the fuser unit. lol.

Ohd Chinese Ploverb say : Wise Eskimo, not eat yerrow snow.
Back to top
Profile PM Email Website
IanG
20
Years of Service
User Offline
Joined: 25th Sep 2004
Location: Cyberspace
Posted: 30th Aug 2006 18:08
Link
Quote: "This isn't some crappy £30 unit, the likes which Dell throw in for free with PCs, where the cartridges cost more than the printer."


i remember, going back a few years, buying an all singin, all dancin hp printer, which cost about £150 iirc, and it was quite good, but now when i compare it with this cheap canon, its an ip1500 from ebuyer and cost £40, im using as a stop gap is much better, the image quality is a lot better and the catridges are really cheap


amd athlon xp 2600+,1280mb,FX 5200 128mb,200gb & 120gb,xp pro sp2
Back to top
Profile PM
Van B
Moderator
22
Years of Service
User Offline
Joined: 8th Oct 2002
Location: Sunnyvale
Posted: 30th Aug 2006 18:46
Link
Quote: "would never use anything else, except a decent epson injet"


I've vito'd Epson printers at work, get one to last more than a year and your damn lucky. It's not the build quality, it's the internal counters that lock up the printer so you have to pay an engineer to unlock it.

''Stick that in your text and scroll it!.''
Back to top
Profile PM Email
Sid Sinister
19
Years of Service
User Offline
Joined: 10th Jul 2005
Location:
Posted: 30th Aug 2006 21:25
Link
Quote: "lmao - I have saved this classic for later use"


Crap...

Well at least I made it into the history books. Not really the history book I wanted to be in, but I guess "Dumbest things ever said on Apollo" will do .
Back to top
Profile PM Email
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 31st Aug 2006 02:15
Link
Samsung is my current laser printer.
No dramas so far.
My mum has a wireless HP MFC and thats pretty decent however its still a bubble jet type setup

Back to top
Profile PM Email
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 31st Aug 2006 03:46
Link
geecee3, please come with me to my previous job. You'll see your HP utopia crumble. Although the HP plotter hasn't had any problems, and was lots of fun to use (and it should be for the $6000 spent on it).

Back to top
Profile PM Email
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 31st Aug 2006 11:05 Edited at: 31st Aug 2006 11:07
Link
Yes, cant wrong with Samsung laser printers...

Anyway, as for the reason the window pops up - Could be taking longer to communicate with the printer for some reason, or its doing more than it should (and thus taking longer). Alternatively, the boot sequence of files has changed (probably again).

Come to the last Unofficial DBPro Convention (http://convention.logicstudios.net/)
Supplying "NO" since 1974...
Back to top
Profile PM Email Website
Zerk
18
Years of Service
User Offline
Joined: 13th May 2006
Location: Orbiting Jupiter
Posted: 31st Aug 2006 21:11
Link
I've seen that before on my machine as well. I did manage to catch a glimpse of it at one time and saw that it was something ok. Cant remember what it was but it was either my Norton Antivirus booting up or my ATI Sys tray manager.

I am putting myself to the fullest possible use, which is all I think that any conscious entity can ever hope to do. ~Hal-9000
Back to top
Profile PM Website
Back to top

Login to post a reply

Server time is: 2024-11-17 13:30:03
Your offset time is: 2024-11-17 13:30:03