Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Finding a Disappearing Application in Windows? 204

Posted by Cliff from the program-execution-audits dept.
siuengr asks: "I have a computer that has a window that pops up every few minutes, but disappears before I can figure out what it is. I have run every virus program and spybot cleaner I have, but they do not find any problems. How can I figure what is causing this window to pop-up all the time, when it doesn't stick around long enough to see anything about it? Is there any software that tracks what applications have ran over a period of time, even if they are not currently running?"
This discussion has been archived. No new comments can be posted.

Finding a Disappearing Application in Windows? More

Finding a Disappearing Application in Windows?

Comments Filter:

  • Some Anti-virus Progs (Score:3, Interesting)

    by Zardus ( 464755 ) <yans@yancomm.net> on Thursday September 14, 2006 @06:38PM (#16109430) Homepage Journal
    A friend of mine had issues with Kapersky anti-virus doing this every few minutes. Do you have that installed?

  • Process Explorer (Score:2, Interesting)

    by rizzle ( 848961 ) on Thursday September 14, 2006 @06:49PM (#16109503)
    Download Process Explorer [sysinternals.com]. It's like task manager on steroids. One of the things you can do is put "delays" on the list of running processes when the list changes, like with the addition/removal of a process/window.

    Go to Options > Difference Highlight Duration, and set it like 15 seconds or whatever. New processes will show up in bright green for 15 secs, and killed processes will show up as red for 15 secs.

  • You might be looking at it... (Score:3, Interesting)

    by HiredMan ( 5546 ) on Thursday September 14, 2006 @07:34PM (#16109749) Journal
    You might be looking at it and not see it.

    When to a security demo and watched the security guys run a Metasploit process that actually injected the remote .dll into a currently running .dll on the target machine while showing process viewer.
    So while sys_msg.exe or whatever minimal process changed in the process viewer slightly the name remained the same and there was no way to tell that the process was suddenly pwned from a remote host and was (presumably) doing horrible and unwanted things to your computer. All from a dropdown menu, point and click interface too.

    I went back to my office and hugged my Mac, tell you what.

    =tkk

  • iTunes and Shared Music? (Score:3, Interesting)

    by herrlich_98 ( 267669 ) on Thursday September 14, 2006 @09:19PM (#16110255)
    I hate to just chime with my own two cents and wild guess but I've had the same experience and tracked it down to iTunes opening a song from Shared Music. It a small wide rectangular window saying "Opening URL..." or something. I have seen it up for longer when there are network problems. You can reproduce it by clicking on Next Song several times quickly just as quickly as it can load songs.

  • Root-Kit? (Score:5, Interesting)

    by UltimApe ( 991552 ) on Friday September 15, 2006 @12:39AM (#16111024)
    Why hasn't anyone mentioned root-kits?

    My gf's computer had a root-kit on it. I go to a tech school, and nearly everyone knowledgeable here (even IT guys) went over the damn thing to see what was wrong. It kept doing pop-ups, like it had some type of ad-ware, but it didn't appear to have anything abnormal running. It didn't matter if it was IE or firefox, the ad would pop up on pretty regular intervals. Every possible thing was checked, from using standard tools like spy-bot-s&d, any number of free and bought virus scanners... Some people (including me) even poured over the registry by hand to find out if anything was running. absolutely nothing.

    It turned out to be a ROOT-KIT (2 actually, they hid each other. One user-mode, and one kernel-mode). The rogue programs actually were able to make windows "not see" the file. On boot, windows would see it just enough to turn it on, but after it was running it prevented anything from actually finding it, injecting code between the hard-disk access and low-level windows stuff. not windows-explorer, not regedit, not task-manager, not even 3rd party apps like win-task, or even defraggers.

    http://www.sysinternals.com/Utilities/RootkitRevea ler.html [sysinternals.com] - RootkitRevealer 1.7 by Sysinternals showed a directory in "C:/windows", and one in "C:/program files", that if you went to look normally, didn't show up. I quickly booted up Knoppix and verified that there was some crap in there, but a search on the Internet showed nothing. Booted windows into safe mode, and since safemode doesn't run things other than windows crap, I was able to delete the two folders, and even a registry entry that showed up about it.

    If you can't find anything, maybe its because it won't let you find it!

  • Re:Let us not get ahead of ourselves. (Score:2, Interesting)

    by dohzer ( 867770 ) on Friday September 15, 2006 @09:42AM (#16112930)
    A camera is actually what I used to catch my Bios screen the other day when it was flashing up too quick to read, and then reseting. Because the problem was occuring before the OS could load there was no way I could actually use a program to check it.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close