Hello, this is my first post here, thank you. First a Merry Christmas to all.
I have been on Avast for ions and quite happy with it. Lately, I get a funny little icon that shows up near the My Computor ( Vista HB ), it does not seem to hinder the system at all, at least, nothing noted. It flashes on the screen for a flick of an eyelid. It looks like a small ghost. I have some PRn/Scrn of it, if I could find where to attach them here. I will try the +Additional Options. Stand-by. Hey, I think that I did it. If you are looking at the -4.jpg, reduce it to 5% to fill your screen.
Anybody with any idea of what this is, would earn my thankyou for sure. I wonder if it is a key-loger of sort ?
Have a nice day and thanks for the opportunity to make new friends. JP aka handcuff36
You can test your monitor with dead pixels testers.
And you can follow the general cleaning procedure:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
I doubt it is a dead pixel, not half the size of an icon, not one that flickers on just for a blink of an eye.
I really don’t have any idea what it might be, if it remains there, right click and select properties and see what information can be gleaned.
Or check out Task Manager to see if there are any unknown processes running, etc. or the Windows Start, Run and type msconfig, this should open a window of various windows settings, etc. click on the Startup tab and se if there is anything there that you aren’t aware of.
There are some diagnostic/analysis tools here, http://technet.microsoft.com/en-us/sysinternals/default.aspx, the System Internals section and Process Explorer in particular (also Autoruns) is one that gives information on running processes. Whilst these do require a degree of knowledge of what would normally be running on your system.
Yep this remind me when I load a screen saver onto a friend computer at work called the MS blue screen of error death messages on April fools day, god I’m so cruel and this makes me feel great when I had to pay him back big times when he got me on April fools day.
A large thankyou to all who took time to reply/react to my posts. I have noted all suggestions.
Nobody else uses my computor, it is password protected on booting, so nobody can play a joke on me. The MBR is also locked in BIOS, ie: no rootkit.
I have just in the last week, restored the OS to factory default and this showed up again, the ghost ! A friend and I bought the same Acer about 1 week apart, the very same Acer and he does not get this ghost.
Really baffling, is it not ? After some more tests, as suggested here, I will get back to you. Again, thanks. JP.
Good morning DavidR.
I had tried the right click and also the left click of the mouse on that Ghost before. No reaction at all, it is a real ghost ! It does not stay on the screen very long and it makes it tough to even just get the mouse on it.
If I have time today, I will run a full scan again on the Vista box. At the moment, I am typing at you on an Ubuntu box, via Firefox. I might remove Avast from that Vista box, install Norton, just to see. I would re-install Avast after the scan. I have to try many options to see what this is.
In case that this is a key-loger, how can I search it ?
Have a great day and thanks for your attention. JP.
I have run all the suggested tests, nothing. I just got Avast back installed after running Norton that found nothing. Now, this last run of Avast again as for Norton, found nothing. Avast went through 45 Gigs of data on my HD and took 52 minutes for this.
Am I chasing a wild goose here ? Is this Ghost really nothing ? Should I ignore the aggravation ? It does not seem to do anything at all, the aggravation is not knowing what it is. Who/what could be generating this ?
I really don’t know as there isn’t enough information to say what it is so we can’t say one way or the other if it is a wild goose chase.
Adding Norton to the mix is potential for other issues possibly more painful than what you have.
A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs: Removing your Norton program using SymNRT
All I can suggest is getting google on the case, http://www.google.co.uk/search?q=mystery+icon+on+desktop, if nothing there try a different search string that is closer to your issue. Try and keep the search string simple (like my example search) or it will greatly reduce the results.
Remember these Ghost .jpg that I posted here ? Well, I believe that I found out the solution. Brace yourself.
This shows up when the MBR is locked in the BIOS. This is the selection where a warning is sounded and activity is stopped if anything/anybody ( rootkit ) is trying to write to that sector. Who would have thought of this.
Would you try it on your system and let me know as a confirmation of sort, please. I have toggled this protection ON and OFF a few times and this seems to confirm what I just typed, it would be great to have it also confirmed by an expert.
I am on an Acer-Vista system, if you ask, I would come back with a BIOS version and name. I do not think that Vista has anything to do with it, this BIOS would work the same regardless of the OS, methinks.
Have a great 2009, to Tech too. JP. aka handcuff36
Man… how could we correlate the ghost with a rootkit and the MBR locked by the BIOS? ??? ???
Do you mean you unlocked the MBR in the BIOS and now the ghost disappear? ???
Man… how could we correlate the ghost with a rootkit and the MBR locked by the BIOS? ??? ???
Do you mean you unlocked the MBR in the BIOS and now the ghost disappear? ???
Yes !
I am sure that this ghost is manifested as the MBR is locked. Your statement above seem to imply the opposite. There is no rootkit so no need to correlate the ghost to one. The MBR is ALWAYS locked on all my systems that allow this in BIOS, therefore, I have not rootkit, if this is the way it works. I will have to look into the Award site to see if they have anything to say in this regard.
Thanks for your attention and a Happy 09 to you. JP. aka handcuff36.
Tech, me again. This is what I found on the Award site, in this regard but no reference to the Ghost.
Anti-Virus
When this icon is selected from the Security section of the WINBIOS Setup main menu, AMIBIOS issues a warning when any program (or virus) issues a Disk Format command or attempts to write to the boot sector of the hard disk drive. The settings are Enabled or Disabled. If enabled, the following appears when a write is attempted to the boot sector. You may have to type N several times to prevent the boot sector write. Boot Sector Write!!!Possible VIRUS: Continue (Y/N)? _
The following appears after any attempt to format any cylinder, head, or sector of any hard disk drive via the BIOS INT 13 Hard Disk Drive Service: Format!!!Possible VIRUS: Continue (Y/N)? _
I too would have never though it related to MBR locking in BIOS, mainly because I have never locked it down, possibly because on older BIOS version it probably isn’t even an option. But mainly I wouldn’t like to actually do that (lock the MBR) as there must be times when the MBR is adjusted legitimately.
Good find though, it would be nice if the image/icon was more user friendly.
Good morning DavidR and a Happy 2009.
As I do not have any explanation for this ghost, I am simply stating what I see and there might be no corelation to this, as Tech asked. But it seems strange that it would appear ( ghost are want to do this ) on the screen at bootup. No other link.
I keep the MBR locked in my BIOS on account of the new virus going’round. Mebkit ??? I once got the warning when installing a PRG, I forget which one that was, I think that it was when installing Ubuntu in a Windows Vista system, where a double-boot option is installed by a Boot Manager. I have had no other warning, mind you, I do not surf much on any of my many putors.
Now also a good morning to Tech and a Happy 2009 to you too.
No, I was not formatting my HD, the text that I Cut & Pasted was from the Award site and it explained how to lock the MBR against malware. But you knew this ! I am still chasing this ghost. Yesterday, I completely dumped all cookies and this morning on bootup, no ghost. I was also looking over some old saved apps and I chanced on one called Ad-Aware, it ran in Vista and showed me one bad item referring to “Double-Click”. I chased it, it was in the cookies file/folder. That gave me the push to delete all of them again and now no ghost. This ghost is a brain stimulating effort, I will keep looking for more pointers to why it comes around. In the mean time, your attention is appreciated.
JP. aka handcuff36
I much prefer to have a good recovery system in the form of hard disk imaging software, that take an exact image of your system, so if you experience a problem you can restore your last partition/disk image.
I do a weekly image of my C: and E: HDD partitions, saving the images to a third partition, I then make a copy of those images on an external HDD should the worst happen and I have a HDD failure on my internal HDD. I must treat my new system to a second internal HDD (like my old system) so back-ups are on the 2nd HDD and external HDD.
I do likewise, I use TrueImage and about once/month, I image the Vista to a USB HD. Better safe than sorry.
As I said recently, I got rid of all cookies and no ghost. Which one was the culprit ? I might never know but this sounds more like the cause than the BIOS being locked or not. I am still keeping an eye on this, just as a curiosity more than a fear of being "invaded". at the moment, my BIOS is locked and no ghost, is this an achievement ? Time will tell. I will thank you and Tech for your interest and time.
My #2 system runs double boot of XPP and Ubuntu, on that one, I have not done the U'u image yet. Both systems own their own HD, the Master ( IDE 0 ) is XPP and the Slave ( IDE 1 ) is U'u. Like you, I shall do an image of this soon. What imaging app are you using ?
It does not stay on the screen very long and it makes it tough to even just get the mouse on it.