Re: Malicious script running on XP Home but undetected.

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/16/04


Date: Wed, 15 Dec 2004 21:01:46 -0500

If you have used all the online scaners and have run localized scanners in Safe Mode then
what you have sounds like a software corruption, mouse problem or "other" problem but not a
malicious script.

Have you tried these ?

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

Dave

"Milkus" <milkus@optusnet.com.au> wrote in message
news:9247b63c.0412151728.685d1107@posting.google.com...
| I was hoping someone could point me in the right direction for dealing
| with the following 'virus'/malware/pest. Currently it has not been
| detected by any of the major online virus scanners, AVG, F-Secure,
| Trojan Hunter, Stinger, Panda, Mcfee, Housecall, AdAware, Xsoftspy,
| Hijackthis, CWShredder ... All have latest patches...
|
| What happens is that sporodically I lose control of the desktop and
| random programs start executing or closing down, windows start poping
| up, services start running, administrative tasks will be activated
| (eg: try to make new user, scan random files with antivirus software
| etc), the taskbar is resized and moved to new positions. Basically it
| all happens for 5-20 secs, extremely fast, doesnt seem to be
| destroying files though.
|
| It will happen, maybe once in 4 hours or twice in a minute. No
| suspicious processes show up in task manager, and I cant capture any
| scripts being executed. What it does do is restrict my ability to
| operate the machine, as data is easily lost when programs shut down.
|
| It is not dependent on internet access, or browser used. If I do a
| search on files that have changed just after the episode, nothing of
| note comes up, just prefetch files from the programs that were opened.
|
| How can I find this thing and remove it. My conclusion is that I have
| a 'dirty' dll or exe, disguised with a common name. I dont have a
| restore point that would be early enough to thwart it. I also noticed
| on shutdown last night, when XP goes to the blue shutdown page, it had
| a message saying it was installing 1-4 updates before shutdown. I have
| not seen this before so manually shut it off, but would think the
| designer of this thing would not advertise such a change.
|
| I have unistalled SP2 then reinstalled it to no avail. My last resort
| is a total rebuild, but I am worried about backing up any file.