periodic blank process - potential malware?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I notice a "blank" process appear on the taskbar in XP Pro roughly every half
an hour. It appears and then goes away in 1-2 seconds before I am able to
mouse over to it and click on it to see what it is.

Does anyone have any suggestions on how to find out what this is? For
example, is there some way to log process starts in a file, which I can
examine to see what happened when these blank processes appear? Or is there
some equivalent of the unix crontab feature where I can find processes that
are scheduled to run every X minutes/hours?

Thanks

Bill Rosenblatt
(e-mail address removed)
 
Bill: Go to http://www.mlin.net/StartupCPL.shtml and download the
standalone .exe version of "Startup Control Panel"
Run it and look in all tabs and delete any process other than the antivirus
and office taskbar processes.. these are easily identifiable by the icons..
any other unidentified process found in any of the tabs, should be
considered suspicious and deleted... This little application is very
practical to disable/delete spyware from msconfig and the windows registry
that would otherwise have to be deleted by hand in the event antispyware
programs should fail to detect/delete them.

Also download "Startup Monitor" from
http://www.mlin.net/StartupMonitor.shtml to keep a check on startup
programs/processes.

Also install these free antispywares to keep your computer free from
parasites.
Adaware SE Personal
Spybot Search & Destroy
SpywareBlaster
CWShredder
http://www.majorgeeks.com/downloads31.html
 
I have looked at all startup processes and found nothing susipcious. I have
run Norton Anti-Virus with the latest definitions, which found nothing. I
also ran SpyBot, ASquared, and PC Bug Doctor - none found anything. Yet I am
now more convinced that this is a virus that comes up every half an hour or
so and uses my machine to send spam. It probably attached itself to some
existing process; I'm not sure.

I would really like to find out what the name of the process is and track
down possible cures. Any way to do this?
 
Go to the Control Panel\Internet Options\General tab\and click on Delete
Cookies and also on Delete Temporary Internet Files.
There are a number of online antivirus scanners that are recommended over
any installed antivirus as they have the most latest definitions. Open your
internet browser and paste this link on the search bar
http://www.google.com/search?biw=995&hl=en&q=online+virus+scan&btnG=Bús
queda+en+Google&meta= . Or type http://www.google.com and do a search on;
'Online antivirus scaners' or 'online virus scan' and scan your
computer on ALL the found online scaners if you have to.
Also open the Taskmanager (right click on the taskbar\Taskmanager) and see
if there's any unusual process which could probably be taking up a high CPU
percantaje, if you notice anything suspicious jot down the name and do a
google search to find information about it.

Also go the Run key for the Local Machine and the Current Unser and see if
theres any suspicious process running there.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
You could also take a look on the HKEY_USERS hive in the registry editor..
you'd have to take a look in all the Run following the same path as in the
HKLM or HKCU. The number of Run keys to look into would be according to the
number of user accounts on your machine.

If the problem is recent or you have restore points that go back to when you
first noticed the blank process you could restore the system to a previous
date and posibly get thing back to normal.

Download HijackThis to see if that program can help it detects all processes
normal and not, so be carefull and make sure you know what you delete.
http://www.majorgeeks.com/downloads31.html

Go to this page and see if anything coincides with your's.
http://www.geekstogo.com/forum/ReferredMysterious_window_appears_in_task_bar
-t31035.html

I hope any of this helps.

------------------------------------------------------------------
 
Back
Top