Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finding a Disappearing Application in Windows?

Posted by ryuzaki0 on from the program-execution-audits dept.

siuengr asks: "I have a computer that has a window that pops up every few minutes, but disappears before I can figure out what it is. I have run every virus program and spybot cleaner I have, but they do not find any problems. How can I figure what is causing this window to pop-up all the time, when it doesn't stick around long enough to see anything about it? Is there any software that tracks what applications have ran over a period of time, even if they are not currently running?"

7 of 204 comments (clear)

  1. Let us not get ahead of ourselves. by sporkme · · Score: 5, Informative

    Use CamStudio (GPL), or some other desktop video recorder. Record your desktop until the event has occurred a few times, then advance to a frame in the video file that contains the dialogue box/application window. Leave the task manager (ctrl-alt-delete) running off to the side. Let the event occur once with the applications tab displayed and once with the processes tab. Make sure you can see the whole process list.

    Check the event viewer (control panel->administration) for erratic messages. Try disabling processes one by one to see if one of them is the cause. What Anti-stuff are you running? Anti-stuff is only as good as the definition database. Furthermore, many malicious processes can hide their existence from the OS, and an application tracking software is almost certainly going to get this info from the OS. Make sure your video drivers are up-to-date. If you suspect that the app communicates over the netowrk, install a software firewall and set it to anal mode.

    Run a benchmarking utility or simultaneously run several resource hungry applications to slow the machine down, and maybe the window will hang around for a while.

    If you cant catch it there, just format and reinstall Windows--the standard fix for anything Microsoft. Cue the mac/linux comments!

    --
    FairTax baby!
  2. Tiny Firewall by Microlith · · Score: 5, Informative

    Tiny Firewall provides a security module that requires the user authorize every unknown application be manually allowed to run.

    While I have yet to see any unknown process start on my machine, none (not even ones started by trusted processes) are allowed to proceed without first being given the OK by me. I'd give it a shot and see if TF 2006 can catch it for you.

  3. Process Explorer by greerga · · Score: 5, Informative

    Prcess Explorer Options..Different Highlight Duration

  4. Disapearing Windows by Anonymous Coward · · Score: 5, Funny

    It might be a better solution

  5. Slo-Mo by Mignon · · Score: 5, Funny

    Press the "turbo" switch and run your PC at 8mhz instead of 12. The window will stay on screen longer, giving you enough time to see what it says.

  6. Re:Task Manager by MLease · · Score: 5, Informative

    Good point. Maybe download Process Explorer instead.

    -Mike

    --
    I'm sorry; I don't know what I was thinking!
  7. Root-Kit? by UltimApe · · Score: 5, Interesting

    Why hasn't anyone mentioned root-kits?

    My gf's computer had a root-kit on it. I go to a tech school, and nearly everyone knowledgeable here (even IT guys) went over the damn thing to see what was wrong. It kept doing pop-ups, like it had some type of ad-ware, but it didn't appear to have anything abnormal running. It didn't matter if it was IE or firefox, the ad would pop up on pretty regular intervals. Every possible thing was checked, from using standard tools like spy-bot-s&d, any number of free and bought virus scanners... Some people (including me) even poured over the registry by hand to find out if anything was running. absolutely nothing.

    It turned out to be a ROOT-KIT (2 actually, they hid each other. One user-mode, and one kernel-mode). The rogue programs actually were able to make windows "not see" the file. On boot, windows would see it just enough to turn it on, but after it was running it prevented anything from actually finding it, injecting code between the hard-disk access and low-level windows stuff. not windows-explorer, not regedit, not task-manager, not even 3rd party apps like win-task, or even defraggers.

    http://www.sysinternals.com/Utilities/RootkitRevea ler.html - RootkitRevealer 1.7 by Sysinternals showed a directory in "C:/windows", and one in "C:/program files", that if you went to look normally, didn't show up. I quickly booted up Knoppix and verified that there was some crap in there, but a search on the Internet showed nothing. Booted windows into safe mode, and since safemode doesn't run things other than windows crap, I was able to delete the two folders, and even a registry entry that showed up about it.

    If you can't find anything, maybe its because it won't let you find it!

    --
    "Infecting minds with my own memetic virus, one post at a time." Ultimape