I have something running on my PC which causes black circles of random size and location to be flashed on the screen every half-minute or so. It just happened now!
I’m running XP with up to date Avast Home Edition, which says I’m clean. Spybot and Hijack This show nothing unusual.
The only other effect of this bug is to slow the system down - not critically.
I have to say this isn’t something I have come across before I can’t see why malware wouly want to draw attention to itself like this unless it is just to show you they can do it.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
If it is running it should be on HJT, can you post the contents of your log here or check out one of these on-line analysis sites, checking for nasty, possibly nasty or unknown entries, google the file names, etc. you may be able to upload them for scanning alos.
I’ve run the AVG software, which identified the REAL player Weather bug as a mild issue. but that’s certainly not the problem. Otherwise I’m clean. Same result from Avast and Spybot.
I ran HJT and checked the log (below). I can’t see anything that shouldn’t be there - but I’m clearly no expert…
I’ve an strange idea that the malware runs for a mili-second, then hibernates in some way - would that prevent it being on the log? Only a guess. But it is real - it sent me a circle just then!
Your log is incomplete, missing the header information, which give us a little information about your system.
However, there doesn’t appear to be anything harmful on the content you posted. There may well be programs you have installed that start on boot and the on occasion display a splash screen for a very short time.
Like this for the Skype run command you may see no splash screen but may notice it start minimised depending on the performance of your system.
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
Any program that runs, requires a command to run it, this is usually a registry entry and no matter how long it may appear, that command would be present.
Thanks -I cut and pasted too soon. The header info is attached as per this morning.
I think I understand what you’re saying - however, there doesn’t seem to be any programme identified in start up or by HJT - does there? I was wondering if it could be a bug in the monitor software?
I fear that is a completely stupid concept, but :-\ I’m lost…
Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 09:30:32, on 12 02 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Thanks -I cut and pasted too soon. The header info is attached as per this morning.
I think I understand what you’re saying - however, there doesn’t seem to be any programme identified in start up or by HJT - does there? I was wondering if it could be a bug in the monitor software?
I fear that is a completely stupid concept, but Undecided I’m lost…
I’m give an example of a program in your HJT log that starts up and then runs minimised (out of sight) this could be the cause of your suspicion. But, there is nothing I saw as nasty in the content of your first log and I see nothing different in this complete log. I doubt it is a bug as the 1.9.1 HJT has been in use for a considerable time and any bug should have been discovered.
There are some malware processes that are aware of hijackthis (very few) and may be able to hide from it, I don’t think this is the case here. You can rename the hijackthis.exe file to say donthijackme.exe so it may not be aware of this renamed file and be unable to avoid or block it.
So are you still getting the black circles ?
Are there any other symptoms that makes you think there is a bug in the monitoring software and you have something on your system ?
Also your JAVA version is one update down.
Ensure you have the latest version of JRE because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://www.java.com/en/download/index.jsp
A slight breakthrough, perhaps: I discovered accidentally that the circles can be made to appear ON THE RELEASE of the Ctrl key, and that they converge on the mouse pointer location on the screen. Use of the Ctrl key in combination with any other key does not trigger this, which is one of the reasons it’s taken me eons to make that connection.
I can now generate the phenomenon at will: any idea what I can do to stop it?
Disable the function in the mouse settings. It is an option to be able to find where the mouse pointer is. Control Panel, Mouse, Pointer Options, see image.
A very long time ago, I had a play round with the mouse functions, I wanted to make the pointer clearer in different backgrounds, etc. say that option, tried it didn’t really like it and unchecked it again.
The questrion of how it became set now mildly interests me - suppose, never as a result of a virus (good old Avast!) but there may be some hot key combo which I hit accidentlly. Or my three year old did…
(Sorry for the delay in posting - I was on holiday).
No problem, the main thing is that everything is fine now.
It is such an obscure function that I don’t think there would be a hot key combo for this. It is possible you at some point checked the mouse settings and this got ticked and forgotten.