bonkk said:
I am thinking my computer is ready to crash, as it's flashing a small black
screen that appears to be a dos screen occasionally for a second or two. I
purchased an external hard drive (My Book Essential Edition) and the
salesperson told me that if I simply COPY my C drive to it, that if I get a
new computer I could simply COPY the same thing back to the new computer..
somehow that sounds too simple.. Can anyone advise me on that? For
instance...Could I be just copying something bad onto the new computer??
and/or I am now using Windows XP.. the new computer will likely have the new
Windows 7.. are they compatible?? I'm also wondering if the little black
screen flashing up is a sign of the computer ready to crash or something
else. Sorry to be so long.. any input would be appreciated.
When it flashes a DOS screen for a second or two, *something* is running.
Could it be malware ? Could it be a legitimate system process ? I can't guess
from here.
This would happen if the user double clicked on something that would normally
run in the Command Prompt window. The window opens, to provide an interface
for the program (standard input, standard output, standard error). If the program
using the window quits quickly, you only see a flash of the command prompt window.
I think that could be what you're seeing.
Sysinternals.com has a couple programs that are useful for checking stuff like
this. Process Explorer gives information similar to Task Manager, about
what things are currently running on the computer. (Save this one for a rainy day.)
http://technet.microsoft.com/en-ca/sysinternals/bb896653.aspx
I tried Process Explorer and it isn't fast enough to catch transient program
execution.
But there is a second one, called Process Monitor. It traces all sorts of system
events.
http://technet.microsoft.com/en-ca/sysinternals/bb896645.aspx
For this one, I ran Procmon.exe . It will pop up a "Filter" window. Filtering
is necessary, to eliminate hundreds of thousands of unimportant events from the
viewing window. I double clicked on the green entries, to be able to edit them,
then selected "remove". That removes filter specifications we don't want. Then
I created a new one. When I click "Add", the new event specification appears in
green in the Filter window.
"Operation" "is" "Process Create"
Then, I closed the filter window, so the program would start watching the computer.
Now, it is looking for that single condition.
Next, I found a small dumb program to use as a test. "Dumppo.exe" is a program from
Microsoft. Double clicking that program causes a Command Prompt window to pop up,
and then disappear. In the Process Monitor window, I got an event recorded.
It logged that a process was created, and named the file that was used.
You can try that, if you're interested.
If either Process Monitor or Process Explorer won't run on your computer, you
could have malware on board. Process Monitor and Process Explorer are well
written programs. They don't need to be "installed" to work. The only possible
complication you can have with them, is Kaspersky AV software tends to fight
with the programs from Sysinternals (because Kaspersky doesn't like programs
that access system resources as deeply as those kinds of programs do). I've had
a computer lock up (freeze) because of that, with no escape (no Task Manager).
Paul
