Solved IT Professional cannot solve this maybe you can - Malware/virus

[cannonone]

To anyone out there that has an idea what this is......

Pops up in my task bar every few minutes

It so quick you cannot see it, i took a video and paused the image

It looks like a CAT, i cannot work this out.

So FAR

Ran Antivirus scan ( macfee + trend micro house call)
Malwarebytes - nothing
Spybot - nothing

Stopped all start up programs in msconfig
killed almost all processes
de-installed any recent software that was installed

Im out of ideas, this is a relatively fresh Corporate/install WOT IS THIS ?

Many thanks

Cannonone

 

[Golden]

Hi,

Is this PC used with any barcode scanners to catalog items? Can you do a search for catnip.exe on this PC?

Regards,
Golden

 

[cannonone]

Hi,

No its a standard office PC

Thanks for the advice though

 

[Thorsen]

I would suggest running Process Monitor. This will show you exactly what processes are called in realtime.

Process Monitor

 

[bbinnard]

Try running ComboFix:

A guide and tutorial on using ComboFix

It finds and fixes rootkits and other malware that nothing else seems to be able to find.

Do not get impatient when it runs; there are over 50 different tests it makes, and it reboots your PC several times.

 

[Golden]

Hi,

My recommendation is to only run Combofix under the guidance of a trained malware proffessional - we have a few here that will be able to help you with that if they think it is appropriate. They may also recommend something entirely different.

Under no circumstances should you just run Combofix blindly without proffesional guidance. Every single reputable site that references Combofix (incl. the one linked above) contains this very explicit warning:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

That warning is there for a very good reason. We shouldn't post recommendations for using Combofix without the same warning.

Regards,
Golden

 

[bbinnard]

Golden:

My post was based solely on my own experience which was a rootkit that I discovered on my Win7-64 system. I tried a couple of different anti-malware products, none of which found or fixed anything. ComboFix was the 3rd or 4th fixer I tried and it simply ran to completion and fixed my problem. I had no external help or support for this; I just ran it. So it's not clear to me what "professional guidance" means or could accomplish. Combofix did generate a lot of messages & logs etc. which I did not understand, but the bottom line was it fixed my problem with no intervention on my part.

I guess a situation could occur where ComboFIx, or any other anti-malware product, could encounter some unforeseen situation and result in a non-bootable system (or some other bad problem) but that was not my experience at all and I felt making the OP aware of the fix that worked for me would be helpful.

 

[cannonone]

thanks all.

Through trying to install combofix which did not work. The error changed its form and i was able to see what the pop was. Ended up being the Interactive Services Detection service. I cant believe it, i have disabled the service as i have spent enough time on this problem

For those who want to see exactly
Troubleshooting Interactive Services Detection - Pat's Application Compatibility Blog - Site Home - MSDN Blogs

I could go into more detail in analyzing this, but have many other support issues at work to deal with.

Its not a proper solution i know but im happy with it

 

[Golden]

Great news!!! Well done.

 

[Thorsen]

Golden:

My post was based solely on my own experience which was a rootkit that I discovered on my Win7-64 system. I tried a couple of different anti-malware products, none of which found or fixed anything. ComboFix was the 3rd or 4th fixer I tried and it simply ran to completion and fixed my problem. I had no external help or support for this; I just ran it. So it's not clear to me what "professional guidance" means or could accomplish. Combofix did generate a lot of messages & logs etc. which I did not understand, but the bottom line was it fixed my problem with no intervention on my part.

I guess a situation could occur where ComboFIx, or any other anti-malware product, could encounter some unforeseen situation and result in a non-bootable system (or some other bad problem) but that was not my experience at all and I felt making the OP aware of the fix that worked for me would be helpful.

I understand your point of view on this and can understand why you would suggest this as a fix, but sometimes combofix can really mess up a computer if it is badly infected. A professional will know what can and cant be cleaned with combofix or if another anti-malware option is better and safer. Here is a guide to combofix from a site that specializes in computer infections including all the warnings:

A guide and tutorial on using ComboFix

 

[bbinnard]

Thorsen

That link is the same one I referenced in my original post. Reading through the guide does not reveal any significant decision points where some sort of expert knowledge is required. And that was precisely my experience - although the software took a while to run it did not put up any dialogs or options that I was not able to understand. So as I noted, I simply ran the software and it fixed my problem, which apparently was a rather obscure one.

I understand the potential for problems when dealing with something like a rootkit, but it seems to me its up to each user to decide if the risk of such problems is worth the benefit of fixing the problem....or not. My post was intended to give the OP the option of taking that risk, or not, depending on his perception of his particular situation.

If you are aware of bad things happening from running ComboFIx I'd be interested to hear them.

 

[Thorsen]

Sorry that was a reading comprehension failure on my part. I didnt see your link.

The only thing I can say is that it tries to repair compromised computer data. This data in some cases would be crucial for system integrity. If you have a rootkit then the system is past integrity being the main issue. Your issue now is recovery if possible. As to what it does specifically, the secrets behind it are not often discussed to prevent malware creaters from bypassing its abilities. I know it does seek out registry keys specifically for certain things and it looks at the file structure, programs listed in the registry and other types of data to look for rootkits that often get missed by other anti-malware programs.

If you have a simple malware program on your computer, there are safer ways of going about removal instead of combofix that have less impact on system files. Even if your malware is missed by the top antivirus programs, there are specific fixes designed for specific infections that are still way safer. A pro will know what programs can fix these infections and will only use combofix if there is not another specific program that will help. That is why it is warned to stay away unless helped by a pro. there are a lot of people who get computer infections and most of them are either unskilled or dont know how to clean their computer other than running program X. Program X being combofix, I have to stress the reluctance with running this program as a solution.