strange sign of bad things...

Viruses and worms
1

Hiya all,

I have a strange thing happening on my computer, and i believe it may be a trojan or virus, however avast comes up blank when i scan.

For the last 3 days, at ~ 8pm PST, I’ve been playing a full-screen game on my home PC. And out of no-where, my game is minimized. No other applications pop up, or anything else. I really have no idea why attention is being taken away from my game, but whatever is doing it is not making itself apparent.

I’ve checked through the process list in task manager, and nothing looks suspicious, but this has me a bit worried, as it’s almost like clockwork when it happens. The same time every day, for the last 3 days.

I’ve read a few posts, and i’ve downloaded ewido, and i’m in the process of running it right now… but recently i’ve gone through 3 different AV solutions (since i’ve done anything that i would think could infect me), and they didn’t really find anything. So i thought i would ask here… perhaps someone else has seen something like this before?

Any help would be much appreciated, I’m not a computer novice by any means, so feel free to try and confuse me with technobabble.

Thanks in advance!
Mike D

2

Which is the game that you’re playing?
Did you check the option for ‘full-screen’ games into avast (Troubleshotting tab of settings)?
Which is your operational system?

Did you try on-line scanning?
Anyway, I’m quite sure you’re not infected and the problem seems elsewhere…

3
  1. Do you have a firewall, if so what ?
  2. What other AV solutions have you tried ?
    Some even when uninstalled can leave stuff behind.
  3. Have you checked the Task Scheduler to see if there isn’t something there ?

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

4

Thanks for the replies.

Here’s the answers to the questions that were asked:

Tech:

-The game is World of Warcraft.

-Yes, i’ve checked the option in avast to not popup when i’m using fullscreen applications.

-I’m using WindowsXP Home, SP2 installed.

-No, i have not yet tried online scanning.

DavidR:
1- I have the SP2 firewall running, and a router with a hardware firewall as well. I know the winxp firewall is crappy… but i’ve been quite annoyed by other firewall software i have tried.

2- I’ve tried… in this order: AVG, Norton, kapersky (sp?), then Avast.

3- i do not have any tasks scheduled to run in that timeframe… everything i have scheduled is early morning (~ 4:00 am)

Thanks for the tips, the biggest reason i’m worried about it… is that i did execute a suspicious file about a month ago (yes, i was stupid), and it was infected with things that i had cleaned up over a few days time. Since that time, my computers performance has not seemed quite up to what it should be. I have a pretty high end system, and it seems to choke sometimes on things that my fiance’s system has no problem with… even though mine is far superior.

I’ve been kinda slacking on looking into it more… until this specific thing began to happen 3 days ago. I did not make any changes to anything that caused this to start happening… it was just out of nowhere.

I’m going to go through the suggestions that were brought forth, and see if that doesn’t tell me anything.

Thanks for the replies, any further ideas would be welcome as well!

5

as a last resort if nothing turns up you might like to discount the possibility of a rootkit infection as normal AV have trouble finding and dealing with these.
http://www.f-secure.com/blacklight/ this program might help
good luck

6

Well Norton can be a real pain to get rid of and often cause conflict issues afterwards, however, this isn’t one that I’ve seen before. Kaspersky also on occasion leaves some stuff behind.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

Run this utility to remove all traces of Kaspersky from the registry:
http://www.ice-kav.com/downloads/util/KAV_Registry_Clean.zip
ICE is a US distributor for Kaspersky.
Also read more about KAV Removal Tools http://www.ice-kav.com/utilities.php

Also see http://forum.avast.com/index.php?topic=12079.15

Ensure that you have used the add remove programs and reboot to remove any previous AV if you haven’t done so already (two resident on-access scanners are not recommended). Run these removal tools and reboot.

Neither your hardware router/firewall or XP’s firewall will provide outbound protection and if you do have something on your system there isn’t anything to prevent that. So your personal data, passwords, etc. could be being exported (extreme example) or more malware could be downloaded or a backdoor created. So a third party IMHO is worth consideration.

Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface (but I would hazard a guess this is what you tried, sods law ;D). There are others, Comodo, Jetico, Sunbelt Kerio, etc.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php.

I can vaguely remember a thread with a mysterious attempt to connect to the internet and I can’t for the life of me remember what the cause was, but once a firewall with outbound checking was installed it gave an indication of what it was, because the first time it tried to connect it was challenged by the firewall.