Re: Malicious script running on XP Home but undetected.

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/16/04


Date: Wed, 15 Dec 2004 21:01:46 -0500

If you have used all the online scaners and have run localized scanners in Safe Mode then
what you have sounds like a software corruption, mouse problem or "other" problem but not a
malicious script.

Have you tried these ?

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

Dave

"Milkus" <milkus@optusnet.com.au> wrote in message
news:9247b63c.0412151728.685d1107@posting.google.com...
| I was hoping someone could point me in the right direction for dealing
| with the following 'virus'/malware/pest. Currently it has not been
| detected by any of the major online virus scanners, AVG, F-Secure,
| Trojan Hunter, Stinger, Panda, Mcfee, Housecall, AdAware, Xsoftspy,
| Hijackthis, CWShredder ... All have latest patches...
|
| What happens is that sporodically I lose control of the desktop and
| random programs start executing or closing down, windows start poping
| up, services start running, administrative tasks will be activated
| (eg: try to make new user, scan random files with antivirus software
| etc), the taskbar is resized and moved to new positions. Basically it
| all happens for 5-20 secs, extremely fast, doesnt seem to be
| destroying files though.
|
| It will happen, maybe once in 4 hours or twice in a minute. No
| suspicious processes show up in task manager, and I cant capture any
| scripts being executed. What it does do is restrict my ability to
| operate the machine, as data is easily lost when programs shut down.
|
| It is not dependent on internet access, or browser used. If I do a
| search on files that have changed just after the episode, nothing of
| note comes up, just prefetch files from the programs that were opened.
|
| How can I find this thing and remove it. My conclusion is that I have
| a 'dirty' dll or exe, disguised with a common name. I dont have a
| restore point that would be early enough to thwart it. I also noticed
| on shutdown last night, when XP goes to the blue shutdown page, it had
| a message saying it was installing 1-4 updates before shutdown. I have
| not seen this before so manually shut it off, but would think the
| designer of this thing would not advertise such a change.
|
| I have unistalled SP2 then reinstalled it to no avail. My last resort
| is a total rebuild, but I am worried about backing up any file.



Relevant Pages

  • Re: Registry software
    ... Yeah - the online one still works. ... I made a backup of my registry. ... Some scanners are more efficient than others, ... report them but it doesn't. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Elusive trojan Haher
    ... I've written to RAV, but their reply is just generalizations. ... > Some online scanners are a little oversensitive (prone to ... > false positive identification of malware). ... > second or third opinions from other scanners before trying ...
    (alt.computer.security)
  • Re: List of "clickable" on-line pen-test tools
    ... Once filtering devices such as routers and Firewalls have been identified/inferred and IP address or FQDN's determined the devices themselves can be fingerprinted and/or scanned for vulnerabilities. ... these online scanners/tests are from outside public sites and intended to see how secure your client box is that you're sitting on and clicking away ... - online nessus scanners ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Virus removal help requested -- Trojan.Bat.Noshare.K
    ... | Below are the results of an online scan I did at BitDefender website. ... It provides localized scanners, not online scanners, and can be ... used in both Normal Mode and in Safe Mode. ... You can choose to go to each menu item and just download the needed files or you can ...
    (alt.comp.anti-virus)