IT Professional cannot solve this maybe you can - Malware/virus

cannonone · 09 Nov 2011

To anyone out there that has an idea what this is......

Pops up in my task bar every few minutes

It so quick you cannot see it, i took a video and paused the image

It looks like a CAT, i cannot work this out.

So FAR

Ran Antivirus scan ( macfee + trend micro house call)
Malwarebytes - nothing
Spybot - nothing

Stopped all start up programs in msconfig
killed almost all processes
de-installed any recent software that was installed

Im out of ideas, this is a relatively fresh Corporate/install WOT IS THIS ?

Many thanks

Cannonone

Golden · 09 Nov 2011

Hi,

Is this PC used with any barcode scanners to catalog items? Can you do a search for catnip.exe on this PC?

Regards,
Golden

cannonone · 09 Nov 2011

Hi,

No its a standard office PC

Thanks for the advice though

Thorsen · 09 Nov 2011

I would suggest running Process Monitor. This will show you exactly what processes are called in realtime.

Process Monitor

bbinnard · 09 Nov 2011

Try running ComboFix:

A guide and tutorial on using ComboFix

It finds and fixes rootkits and other malware that nothing else seems to be able to find.

Do not get impatient when it runs; there are over 50 different tests it makes, and it reboots your PC several times.

Golden · 09 Nov 2011

Hi,

My recommendation is to only run Combofix under the guidance of a trained malware proffessional - we have a few here that will be able to help you with that if they think it is appropriate. They may also recommend something entirely different.

Under no circumstances should you just run Combofix blindly without proffesional guidance. Every single reputable site that references Combofix (incl. the one linked above) contains this very explicit warning:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

That warning is there for a very good reason. We shouldn't post recommendations for using Combofix without the same warning.

Regards,
Golden

bbinnard · 10 Nov 2011

Golden:

My post was based solely on my own experience which was a rootkit that I discovered on my Win7-64 system. I tried a couple of different anti-malware products, none of which found or fixed anything. ComboFix was the 3rd or 4th fixer I tried and it simply ran to completion and fixed my problem. I had no external help or support for this; I just ran it. So it's not clear to me what "professional guidance" means or could accomplish. Combofix did generate a lot of messages & logs etc. which I did not understand, but the bottom line was it fixed my problem with no intervention on my part.

I guess a situation could occur where ComboFIx, or any other anti-malware product, could encounter some unforeseen situation and result in a non-bootable system (or some other bad problem) but that was not my experience at all and I felt making the OP aware of the fix that worked for me would be helpful.

cannonone · 10 Nov 2011

thanks all.

Through trying to install combofix which did not work. The error changed its form and i was able to see what the pop was. Ended up being the Interactive Services Detection service. I cant believe it, i have disabled the service as i have spent enough time on this problem

For those who want to see exactly
Troubleshooting Interactive Services Detection - Pat's Application Compatibility Blog - Site Home - MSDN Blogs

I could go into more detail in analyzing this, but have many other support issues at work to deal with.

Its not a proper solution i know but im happy with it

Golden · 10 Nov 2011

Great news!!! Well done.

Thorsen · 10 Nov 2011

bbinnard said:

Golden:

My post was based solely on my own experience which was a rootkit that I discovered on my Win7-64 system. I tried a couple of different anti-malware products, none of which found or fixed anything. ComboFix was the 3rd or 4th fixer I tried and it simply ran to completion and fixed my problem. I had no external help or support for this; I just ran it. So it's not clear to me what "professional guidance" means or could accomplish. Combofix did generate a lot of messages & logs etc. which I did not understand, but the bottom line was it fixed my problem with no intervention on my part.

I guess a situation could occur where ComboFIx, or any other anti-malware product, could encounter some unforeseen situation and result in a non-bootable system (or some other bad problem) but that was not my experience at all and I felt making the OP aware of the fix that worked for me would be helpful.

I understand your point of view on this and can understand why you would suggest this as a fix, but sometimes combofix can really mess up a computer if it is badly infected. A professional will know what can and cant be cleaned with combofix or if another anti-malware option is better and safer. Here is a guide to combofix from a site that specializes in computer infections including all the warnings:

A guide and tutorial on using ComboFix