Finding a Disappearing Application in Windows? 204
siuengr asks: "I have a computer that has a window that pops up every few minutes, but disappears before I can figure out what it is. I have run every virus program and spybot cleaner I have, but they do not find any problems. How can I figure what is causing this window to pop-up all the time, when it doesn't stick around long enough to see anything about it? Is there any software that tracks what applications have ran over a period of time, even if they are not currently running?"
Task Manager (Score:2, Informative)
Re:Task Manager (Score:5, Informative)
Re:Task Manager (Score:5, Informative)
-Mike
The next step... (Score:2, Insightful)
http://www.sysinternals.com/Utilities/ProcessExpl
http://www.mlin.net/StartupCPL.shtml [mlin.net]
Re:Task Manager (Score:4, Informative)
You'll need to get Process Explorer as explained in the above posts. Then when you find the nasty, you'll want to kill the process housing it, and then type regsvr32
Get Spyberus (Score:4, Informative)
Spyberus is free of charge. Check out the tutorial [robotgenius.net]
There is probably a dll that is tied into explorer or something to repopulate when you clean.
Also, use Spybot Search and Destroy in safe mode with all of the updates, but use all of the immunize functions first. It can spot some zombie process that "look" normal, but which sure as heck aren't. and then kill them.
Do a maximum amount of cleaning in safe mode.
Check out Spywarewarrior.com [spywarewarrior.com] for a comperhensive list of bogus cleaners that are really infectors. For an example, see this illustration [jahewi.nl].
I make a decent living doing nothing but cleaning things like this up. I can't give you a ten page How-to, but the links will put you on the right trail.
Re: (Score:2)
It tends to get outdated quickly, plus Spywarewarrior has forums that come with extra handholding free.
Plus they have the equivalent of the 10 page How-To here:
spywarewarrior.com/sww-help.htm [spywarewarrior.com].
Like I said, the links I provided are enough to get you pointed in the right direction.
Re: (Score:2)
Re: (Score:2)
I'd rather have something like the combo with a [MODERATE] button next to it (so that I don't have to go all the way down).
Re: (Score:2)
Same here. (Score:2, Informative)
Nuking windows and/or wiping drives or partitions will of course work as well.
Re: (Score:2, Insightful)
Re:Same here. (Score:5, Insightful)
buy a new computer? It really irks me when people cite this as a solution.
It is a solution!
Just because it's not the techiest, or generally lowest-cost, or whatever, doesn't disqualify it from being a solution. It solved his problem. Therefore, by definition it is a solution.
Re: (Score:2)
not really, it's just avoiding the problem, the problem really hasn't been solved so it's not really a solution, it's more a work-around to achieve a end result. The problem still exists, just not on the computer he's using.
It's like "hey, my brakes squeal, how do I solve this?" And instead of really solving the squealing brakes by replacing them you just buy a new car. Do the brakes still squeal? Yes, but since you're not driving it anymore you no longer care.
Re:Same here. (Score:4, Insightful)
It's like "hey, my brakes squeal, how do I solve this?" And instead of really solving the squealing brakes by replacing them you just buy a new car. Do the brakes still squeal? Yes, but since you're not driving it anymore you no longer care.
Yes. It is like that. But it is still a solution !
Just because you find it a bit silly to replace a whole computer because of spyware, or replace a whole car because of squeaky brakes, doesn't disqualify it as a solution. No matter how silly you find it, it's still a solution to the problem of the user experiencing spyware on his computer, or squeaky brakes on his car.
In the case of the computer, as a techie, I would actually recommend this to non-techies. A new dell costs about the same as you could expect to pay if you would pay someone to fix the problem. In addition you get a new and better computer. If you were to pay someone to fix it, you would still solve the problem, and still part with your money, but you would not have a new and spiffy computer. If you invested the time into learning enough about computers to fix it yourself, by the time you were finished fixing the probem, if you'd been working overtime instead, you could have bought at least 50 dells.
As for the car, the same logic applies. If it's an old car, which you know sooner or later will need a major (costly) overhaul, you can just as well ditch it when a problem shows up, such as squeaky brakes. You don't need to fix it yourself, or pay someone to do it, when you are going to need a new car soon enough anyway.
Re: (Score:2)
The more layers of bureacracy you have to deal with, the more valid that solution becomes.
/. Submitter,
Anyone who's dealt with military efficiency (or even standard Gov't bureaucracy) could tell you that throwing away a $2,000 item is cheaper than trying to get it fixed.
Buying a new computer may not be a valid solution for this particular
Re: (Score:2)
If the problem is stated as "fix this computer", then buying a new one is not a solution. If the problem is "eliminate the offending application", then buying a new computer is a solution, although possibly just a temporary one. Since the parent post mentioned the need/desire to upgrade anyway, I'm inclined to go with the latter definition.
Re: (Score:2)
Specifically, you are thinking the problem is "the owner is annoyed". If that is the real problem, then putting a bullet in their brain will also solve it. Your answer demonstrates practicality, not intelligence.
Stop thinking about it as a real life thing annoying you and pretend this is a question on a test given to you by your teacher at a car mechanic school/computer mechanic school.
We both know you would FAI
Re: (Score:2)
We are all moving into a throw-away society. Attitudes like that are the reason for so much crap being dumped into the oceans.
Christ, will people wake up.
Re: (Score:2)
Whether you label it as the problem or not, the irritation is still just a symptom.
Re: (Score:2)
It is a solution that involves no learning on the part of the computer owner. This practically guarantees that the same problem will arise again on the new system. End result: ignorance-driven obsolescence.
Computers are complex - and are only becoming more so. Burnable optical discs and flash drives are better than floppy disks for many reasons, but they're also harder to use than stupidly simple 5.25"ers. Wireless networking is preferable to wired networking, but configuration can be
Re: (Score:2)
Re: (Score:2)
It's nether of those; if you look at the top of the page, the problem is:
And the reason we're discussing it at all is the idea that something interesting or sneaky is going on, and can the Great Minds of Slashdot find out
Re: (Score:2)
Re: (Score:2)
While this kind of solution isn't very good if you repeatedly run into the same problem, it's perfectly reasonable in the context. Why bother fixing it when yo
Re: (Score:2)
But was the speed of the COMPUTER really a problem before? I've seeb enough reports on how user's computers get so full of spyware that it slows the machine down over time. Then they feel their computer is too slow so they buy a new one, even though the old hardware was plenty fast enough.
Re: (Score:2)
You don't. It's a complete crapshoot, at best you'll get some warning that the hard drive is failing.
Re: (Score:2)
At some point though... (Score:2)
Re: (Score:2)
To "people like us" (tm) the software is fixable, and hardware may be fixable.
To regular Joe User it is just a failing computer, and they have not much more chance of fixing whatever it is, than performing open heart surgery on the Pentium III or whatever powers their piece of junk.
Re: (Score:3, Informative)
I used lots of anti cracpware programs that certainly cleaned a lot of things but my machine kept getting infected.
After some time I dont know why I searched in the "Screen properties" (dont remember the exact name as I am in Linux now), where you right click the desktop and then properti
Let us not get ahead of ourselves. (Score:5, Informative)
Check the event viewer (control panel->administration) for erratic messages. Try disabling processes one by one to see if one of them is the cause. What Anti-stuff are you running? Anti-stuff is only as good as the definition database. Furthermore, many malicious processes can hide their existence from the OS, and an application tracking software is almost certainly going to get this info from the OS. Make sure your video drivers are up-to-date. If you suspect that the app communicates over the netowrk, install a software firewall and set it to anal mode.
Run a benchmarking utility or simultaneously run several resource hungry applications to slow the machine down, and maybe the window will hang around for a while.
If you cant catch it there, just format and reinstall Windows--the standard fix for anything Microsoft. Cue the mac/linux comments!
Re: (Score:2)
Re: (Score:2)
Unless there is a rootkit, in which case, it will never show anything. I've encountered rootkits on Windows recently, 2 in August alone. I suspect we will be seeing more and more of them.
Re: (Score:2)
You're being funny, but i had to fix a Windows system at work after years of both working with and using at home Linux desktops, and the experience was horrid. Horrid. I had to use three different spyware programs + Avast antivirus, spent a few hours, and i'm pretty positive they left crud behind.
I have a Windows partition i use when i'm really forc
Re: (Score:2, Interesting)
Re: (Score:2)
Some Anti-virus Progs (Score:3, Interesting)
Tiny Firewall (Score:5, Informative)
While I have yet to see any unknown process start on my machine, none (not even ones started by trusted processes) are allowed to proceed without first being given the OK by me. I'd give it a shot and see if TF 2006 can catch it for you.
Re: (Score:2)
Re: (Score:2)
Re:Tiny Firewall (Score:4, Informative)
I once helped a girl who suffered the same problem. A pop-up comes up every so often. I didn't see anything wrong at first, but then I noticed wscript.exe was running. It was running a VBS-script in a loop, and every few random minutes it would launch an Internet Explorer window with an ad, which would just as quickly disappear. I search the disks for all VBS files, found the suspect file, and searched the registry for any mention of that filename.
Another way malware might hide is when they install themselves as a service.
Re: (Score:2)
Process Explorer (Score:5, Informative)
Re: (Score:2)
Yup. Process Explorer [sysinternals.com], Filemon [sysinternals.com], and Regmon [sysinternals.com] should be in everyone's toolboxes. And it might not be a bad idea to download everything from SysInternals [sysinternals.com] as it was recently acquired by Microsoft and may not exist much longer. From the announcement on their blog:
Disapearing Windows (Score:5, Funny)
Process Explorer (Score:5, Informative)
Re: (Score:2, Informative)
Approach the problem logically... (Score:5, Funny)
1. For a dialog to be coming up it has to be iniatated by a process.
2. Mystery process most likely isn't part of Windows
Action:
1. Disable all startup programs with msconfig
2. Reboot
3. If problem is gone re-enable startup processes one at a time.
If the problem is back/still there go to step 5
4. Goto step 2
5. Visit Slashdot. Scroll past this comment and proceed to next proposed solution, one which, hopefully, won't waste your time like this one just did.
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
24 hour respnse time (Score:2)
Re: (Score:2)
In case you haven't realised, if you didn't spout shit all the time, you wouldn't get modded down and "stalked".
Maybe the app isn't actually closing (Score:2)
Or maybe it's just Messenger showing you when someone's logged on
Check Scheduled Tasks (Score:5, Informative)
If nothing obvious is running as a process, this might be popping up from a scheduled task.
Occassionally we ran these at my old job and it would pop up a window in front of whatever you were doing, very briefly. The task was a batch file that kicked off something else.
HP? (Score:2, Informative)
Sysinternals.com (Score:3, Informative)
Re: (Score:2)
Process Explorer (Score:2, Interesting)
Go to Options > Difference Highlight Duration, and set it like 15 seconds or whatever. New processes will show up in bright green for 15 secs, and killed processes will show up as red for 15 secs.
It's probably your addblocker (Score:2)
your adblocker (or something like it) is proabaly closing a popup window as soon as it appears.
Do you use TweakUI? (Score:5, Informative)
Your exact scenario happened to me a few weeks ago.
Do you use the TweakUI program that comes with Powertoys for Windows XP? If so, do you have X-Mouse turned on? Check Mouse -> X-Mouse and see if "Activation follows mouse (X-Mouse)" is turned on.
Some poorly written Windows apps will pop up dialogs that then disappear if they lose mouse focus. If you have X-Mouse turned on, they will pop up a dialog - and if your mouse is anywhere else on the screen, they'll think they've lost focus and close the dialog.
All I had to do was disable X-Mouse until the app popped the dialog again, then I could deal with it. Unfortunately I don't remember what the poorly written program happened to be...
HP Software? (Score:2, Informative)
Re: (Score:2)
That is one seriously messed up company.
Re:HP Software? (Score:4, Funny)
Re: (Score:2)
I had to configure one of these for my mother, and they're unusuable.
The semiprofessional equipment they offer is, however, rather good.
We've got a new HP LaserJet color 4700 DTN, just a few weeks ago. Thats a semiprofessional 30 ppm color laser printers with 3 500 Sheet feeders.
Works like a charm. The printer driver is a normal windows driver, no software, no nothing. Just install the 2 mbyte printer driver, and everyth
Spy++ (Score:5, Insightful)
Re: (Score:2, Informative)
First thing I thought of was the Borland version (Winsight), and this is exactly how you figure this kind of nonsense out. These apps actually enumerate all current window handles and will give you owning pids, parent/child windows, message queues, etc. If you don't already have a Borland IDE license, Borland now offers free (beer) and trial versions of their products, just dl a windows version and it ought to come with this tool.
If not, I also
What.... (Score:3, Funny)
Re:What.... (Score:5, Insightful)
At least we don't need to login to see the solution. That site is annoying.
Re: (Score:2)
That is a good thing.
Re:What.... (Score:4, Funny)
Re: (Score:3, Informative)
Process Lasso (Score:2, Informative)
http://www.bitsum.com/ [bitsum.com]
--nomax
Re: (Score:2)
I have to get out of here. I just read 'Try Princess Lasso', and I started thinking, 'What, like Wonder Woman? Hey, now there's my kind of diagnostic!'
Not enough details (Score:2)
Get "HighjackThis" which will give you a list of all the stuff starting in a log file.
From there, you can start to figure out what each one is. It takes HOURS, but you'll know a lot when you are done.
Also, get "Tlist.exe" and "kill.exe" from the Windows SDK or PowerTools.
Then compose a batch file to use the command line switches in TList to fire periodically. Eventually the two apps will be running the at the same time. (Pipe all the results to a text file you can look at.)
Or, call a pro who can dig
Re: (Score:2)
Also, learn to use "netstat" as well. Pop up windows with ads might reveal themselves by the TCP/IP connections they make.
You might be looking at it... (Score:3, Interesting)
When to a security demo and watched the security guys run a Metasploit process that actually injected the remote
So while sys_msg.exe or whatever minimal process changed in the process viewer slightly the name remained the same and there was no way to tell that the process was suddenly pwned from a remote host and was (presumably) doing horrible and unwanted things to your computer. All from a dropdown menu, point and click interface too.
I went back to my office and hugged my Mac, tell you what.
=tkk
Macs aren't safe (Score:3, Informative)
Same applies to Linux's ptrace().
Melissa
Re: (Score:2)
Macs aren't safe from injecting code into an existing process. Trojans can do the exact same thing on Mac OS X as on Windows. See the vm_write() Mach API call.
Yeah, but this is software availability we're talking about. Via metasploit you can do such a thing from a drop-down menu without writing a line of code. I've seen no such, easily available, malware development tools for the Mac. That isn't to say someone could not create one, just that right now that is not the situation.
Re: (Score:2)
This is why I hug my OpenBSD machine. It may be my family's only line of defense!
May be normal? (Score:2)
On the Mac side, you can make it appear by using Expose. It's just a tiny, blank browser window with no control bar or buttons or anything, shuffled conveniently off the screen. Until Expose makes it my bitch.
On the Windows side, I'm sure there's got to be ways of popping IE windows, and making them not appear in the task bar. I just haven't seen it on the Windows side, becaus
What OS? (Score:5, Informative)
If you are running Windows XP Professional (I think Windows 2000 Pro also has it), you can simply turn on process tracking in Group Policy. Every process that starts will now be logged in the security log. View it with the Event Viewer (Start.. Run.. type "eventvwr.msc")
Instructions for how to enable process tracking [ask-leo.com] (for exactly the same problem!)
I don't think the same can be done for Windows XP Home... but I've been wrong before
Very Simple (Score:2)
iTunes and Shared Music? (Score:3, Interesting)
Slo-Mo (Score:5, Funny)
Hilarious! (Score:2)
I vote that this should be the comment of the week.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
harddrive (Score:2)
Re: (Score:2)
In general, this is cause by too many processes running for the amount of ram you are running. Things like AOL have all kinds of secondary processes. A typical lean system will be running 25 to 35 processes. Some systems ship now running 70 plus processes out of the box. Also, some people run things like Norton Internet Security, or the McAfee Security Center all in paranoid mode. These can also slow a
Write a monitoring script (Score:3, Informative)
Root-Kit? (Score:5, Interesting)
My gf's computer had a root-kit on it. I go to a tech school, and nearly everyone knowledgeable here (even IT guys) went over the damn thing to see what was wrong. It kept doing pop-ups, like it had some type of ad-ware, but it didn't appear to have anything abnormal running. It didn't matter if it was IE or firefox, the ad would pop up on pretty regular intervals. Every possible thing was checked, from using standard tools like spy-bot-s&d, any number of free and bought virus scanners... Some people (including me) even poured over the registry by hand to find out if anything was running. absolutely nothing.
It turned out to be a ROOT-KIT (2 actually, they hid each other. One user-mode, and one kernel-mode). The rogue programs actually were able to make windows "not see" the file. On boot, windows would see it just enough to turn it on, but after it was running it prevented anything from actually finding it, injecting code between the hard-disk access and low-level windows stuff. not windows-explorer, not regedit, not task-manager, not even 3rd party apps like win-task, or even defraggers.
http://www.sysinternals.com/Utilities/RootkitReve
If you can't find anything, maybe its because it won't let you find it!
Re: (Score:2)
Several Sysinternal tools (Score:2)
Hit the Print Screen Key (Score:2)
Re: (Score:2)
If it was essential.... (Score:2)