Very, Very, Very Suspicous...

While connecting to the World-Wide-Internet via broadband, I notice a program being loaded in the backgroud. This is detectable only via the monitor just before my homepage loads with IE6.

This program (trogan, worm, nasty...) can be seen for just a fraction of a second on the monitor screen (I don't believe the monitor is lying, it's an IBM P97 driven by an ATI 9800XT - with the latest Catalyst drivers all set to high res).

TDS3/PG/WG all report nothing out of the ordinary being executed.

Comment/solution?

 

Hi,

I don't know what has been going on, but maybe it is time to run AutostartViewer from DCS and/or HijackThis and post their logs; just only a thought...

 

Most certainly would like to see immediately a TDS (fully updated) full system scan scandump.txt and an AutostartViewer log and a HijackThis log.
So we know what's going on.
And have Port Explorer at hand.
Does it happen also when you're not connected to internet yet but only open Internet Explorer?
Does it also happen when you have Internet Explorer still closed and only start your connection with Internet doing nothing else yet?
Test those two situations please.
Then after your reboot first open Port Explorer. Keep it on top and open and make sure you enabled the file logging and log window so you can keep seeing exactly what happens, in case there is something trying to connect to internet.
Now you open Internet Explorer and enable packet spying on the socket.
Watch it, as that data can grow rather big!

You might have: your firewall in autostart trying to find out if there is an update waiting,
your anti-virus scanner doing the same,
other life updates or auto-updates
more legal reasons you see happening
or something nasty and that we hope to see if it's there in your logs we asked.
Looking forward to your posting.

 

snook
Another possible answer may be that some legitimate program (i.e. IE6) is starting in a small form window and expanding to large a moment later.

We know this definitely happens here when we start MyIE2 many times. The window starts at about 35mmX35mm (1 inch X 1 inch) for less than one second but immediately expands to full size.

The programs Jooske mentioned can surely get to the bottom of the mystery, though.

Hope this helps!

Be seeing you

 

All taken into consideration. Will need more time to run tests. Thanks.

 

Looking forward to your reportages ! So we can find ways to help you further.

 

I ran PestPatrol and it found a CWS related adware. That explains why TDS3 found nothing. Thanks for the customer support.

 

Not quite, as TDS does detect several adwares and spywaers but leaves detection in many cases to the specific programs for that.
I expected already something like that by the looks of your story and this is why i sounded all alarms.
Now i REALLY advice you to IMMEDIATELY hurry to the hijackthis forum and post your hijackthis log overthere for the experts review, no matter what pestpatrol might have found or not, there can be more the matter and certainly with those current CWS kinds.
Please don't take this light, just get there, and let's see what the experts find for you!
https://www.wilderssecurity.com/showthread.php?t=15913

 

Posted in the highjack forum area:

https://www.wilderssecurity.com/showthread.php?t=32462