"cquirke (MVP Windows shell/user)"
Well, sort of... Home XP computer behind a D-Link ADSL broadband router.
If that's the only computer, then you aren't on a LAN, but always-on
broadband does imply an ever-present exposure to malware.
Except for windows defaults, a printer. "Client for MS Networks" and "File
and Printer sharing" installed under TCP/IP.
No, you misunderstand me to some extent - I really meant, what drive
letters or folders are shared to the LAN as per File and Print
Sharing. If you full-share any part of the startup axis, you
facilitate direct malware integration from anything that sees the
share. If you bind File and Print Sharing to the Internet, then the
entire Internet can play that game.
A firewall won't help unless it blicks File and Print Sharing, and a
NAT router won't help because the addressing methods used by File and
Print Sharing work at a different level to IP addressing, and won't
care if the IP address is hidden by the Native Address Translation.
You say you have File and Print Sharing bound to TCP/IP, and
presumably this is the same LAN card that connects to the router and
thus the Internet. That is deeeply distuuurbing. Stop reading this
and fix that NOW (unbind File and Print Sharing) then come back.
This is particularly scary for another reason; cabling yourself to a
router and/or broadband would not, in itself, have the effect you
describe of repaining desktop and Explorer windows. But malware
activity that this facilitates may well do.
It's like petrol doesn't make smoke, unless it's already on fire.
Don't think so. What would that be?
Well, look at the desktop. If you see any shoortcut arrows on any
icons, you know you haven't suppressed these somehow; therefore it's
meaningful if you see icons that don't have these arrows.
If you do, then rt-click, Properties them to see if they are files.
If they are not files, then they are namespace objects that will
likely be enumerated in the left pane of Windows Explorer when that
pane is displaying "Folders".
If something changes the status of such items, or re-discoveres them,
then that would prompt a repaint of the desktop and folder views,
which is where we come in.
Common examples of namespace objects (that do not normally have this
effect) are: My Computer, My Documents, Network Neighborhood, Recycle
Bin and the non-shortcut desktop icons for Microsoft Outlook and "The
Internet" (the grandiose name Internet Explorer gives itself)
Guuuud ;-)
Seems to be somewhat random, been trying to stress test the explorer but
messing around, opening and closing, does nothing. Suddenly, when closing
the Control Panel, a re-draw appears.
Simply displaying Control Panel casues the OS to find and run code
within each .CPL file, even before you "open" any of these. This is a
potential malware crises lying around waiting to happen; don't expect
MS to patch it as it is "by design". That effect would kick in as
soon as you see the icon though, not when the window is closed, unless
something hooks the "close window" event and acts on that.
You need to:
- disconnect off all networks (broadband, WiFi, IR, the works)
- formally exclude malware
- kill File and Print Sharing
- turn on the firewall
- exclude commercial malware
- reconnect and ensure you're patched up to date
--------------- ----- ---- --- -- - - -
If you leave the door open long enough, the
wrong dogs will come home - Duane Arnold
