This forum requires Javascript to be enabled for posting content
Hi All - A strange event has started happening...my email client (Windows Mail in Vista) has begun opening up all by itself....ain't it clever!!!
It's a real nuisance coz, left unattended, it is downloading all emails from the server, whether I want them or not. I have MailWasher installed, which sits between my server and the email client and allows me to delete any unwanted emails before downloading. With WinMail just popping up at it's own discretion though, MailWasher is being bypassed.
At first I thought it was a problem with my wireless keyboard, some other things kept popping up uninvited too; the start menu and sometimes FF would just open. Changing the keyboard to a wired job has stopped most of the uninvited guests, except for WinMail which continues to have a will of its own.
This is an edit/update: It appears my earlier assertion that changing the keyboard had stopped other things from just popping up uninvited was [b:1kc49lr0]wrong[/b:1kc49lr0]!!!! I just had the 'Computer' page open for no apparent reason closely followed by the Start menu. What the heck is going on?????
I have no idea where to go next....any help/advice would be greatly appreciated.
cheers.....JIM
Jim,
Run Autoruns - http://technet.microsoft.com/en-us/sysi ... 63902.aspx and have a look at the Logon and Scheduled Tasks tabs. Any references to the programs in question?
Okay Dave - Couldn't see anything relating to any of the apps/folders which keep opening up. Certainly nothing under 'Logon' but there are quite a few entries under 'Scheduled Tasks' which are not familiar...none of them seem to relate to my problems though.
Since I last reported, another quirk has appeared, my audio is being muted without my permission. It's easy to fix but just another strange event to add to the list. I forgot to mention in my original post too, I have scanned the hard drive with both Avast and MBAM...nothing even remotely suspicious.
Any other ideas mate
JIM
P.S. As an afterthought, here is the list generated by AutoRuns under 'Scheduled Task':
[attachment=0:2a85d92l]Scheduled Tasks.JPG[/attachment:2a85d92l]
Hmmm...
Try something quirky for me -- disconnect the computer from the network and see if the problem continues to happen. I saw this once before and someone had hacked in through VNC and was running random commands. I know you did a scan...but....
You can check netstat as well for any strange connections. It sounds as though you're getting random commands from somewhere, and the first guess would be the Internet. (For netstat, go to a command prompt, type 'netstat -a -b' without quotes).
In this case, however, we're hoping the problem continues to occur when you pull the internet plug. Because if it ceases, your network has been compromised. (ACK, No!!! )
Is it just the keyboard that is wireless, or your entire system? As Ziggie mentioned, someone might be accessing you via a backdoor. I'd pull the phone/cable line, and run offline scans (extremely deep). Reboot and rescan, using as many scanners as you have to find the problem. Also, even when you do find the problem, fix by removing, do the reboot and scans for a few times, just to be sure. Might even want to power off in between. Some of these bugs like to hide, Mindblower!
"For the needy, not the greedy"
Thanks for the replies guys.
ZIg - I ran the command but what should I be looking for?? I got a fairly long list of results...most of which mean nothing to me. Are there any particular indicators??
MB - Keyboard and mouse only. Keyboard is now USB so only running wireless mouse at this time. I always run scans in the deepest/most thorough mode available mode anyway but shall try your suggestions...thanks.
Do you think it would be a good idea to run Hijack This? I might do that anyway and see what the logfile turns up.
thanks again,
JIM
Edit/Update: Ran Hijack This..the logfile shows nothing unusual, not even anything remotely suspicious.
Well Ziggie, post the log file on a forum where there are experts in reading the log might help. Since you know there is something NOT right, you're looking for the proof, and correction procedure. Wish you luck, Mindblower!
"For the needy, not the greedy"
Umm..err..MB...it's Jim not Ziggie.
I am not an 'expert' at anything...well, maybe at lawn bowls...but not anything to do with the computer. BUT, I know enough about Hijack This logfiles to read them and know if there is anything sinister there. I really don't need anybody to double check it for me....thanks for for thought tho.
Still looking............
cheers...JIM
Jim,
Sorry I stepped out on you.
Since there was nothing out of the ordinary in AutoRuns I'm leaning toward hardware. Ziggie's recommendations were right on, but I know you're well enough to know you probably aren't infected (now Ziggie on the other hand ).
I know it seems strange, but programs starting - often the same ones leads me to the hardware conclusion. Can you go totally wired (keyboard/mouse) and remove any dongles and associated wireless keyboard/mouse software (think of the quick access keys on most keyboards)?
Hey Dave - Yep, I can do that. The only other thing which is connected wirelessly is the mouse...I can swap that over for a USB variety, disconnect the associated transmitters and uninstall keyboard and mouse drivers.
This is happening mainly after the machine wakes from hibernation. I leave with just the desktop showing and no open programs...I come back and the Calculator, Firefox and Windows Mail are all open/running. Although, I have had the calculator pop up out of nowhere while actually using the machine and occasionally an email I am in the process of writing will just minimize itself for no apparent reason. No instances of FF or Windows Mail opening uninvited..except when left unattended.
thanks Dave,
Cheers...JIM
Heh.
Dave, Jim mentioned (either here or an email to me, can't remember) that he'd set up port forwarding for uTorrent right about the time this started. While I don't think his machine is infected, when you start opening ports on a firewall then commands [i:2b0dcaxk]can [/i:2b0dcaxk] come through. All it takes is unpatched software listening on the wrong port and then you get weird symptoms.
Jim, has removing the port forwarding staved off the issue?
--zig
Hey Guys - Have now been 24 hours without anything opening up by itself. I remembered 3 things I had done around the time this started happening and reversed all three. That is not the best/most expedient approach because now I am unsure of exactly which was the culprit...however, had I proceeded with the one at a time method, the extended length of time between the phantom events would have meant a possible 4 to 6 day period of testing before finding the culprit and fixing things up. I decided to take the short route. Here are the three things I remembered and how I dealt with them:
1) Was experiencing some serious lag with the wireless keyboard - uninstalled wireless keyboard and changed over to USB.
2) Could not get Skype to connect so downloaded and installed the latest version - left Skype disconnected/inactive.
3) I had setup port forwarding in router - deleted port forwarding NAT entry.
4) I also had a few programs enabled in Windows Firewall exceptions - reset Windows Firewall defaults.
I am leaning heavily toward the wireless keyboard as number 1 suspect. I had been experiencing some serious lag problems with it so it was obviously not 100% well. Skype is a long story and I won't bother you with the whole thing....but just after installing the latest version, even though I had all Privacy options set to "People on my contacts list only", I noticed a new/unknown name had been added to my list of contacts. I deleted the contact and double checked the Privacy settings...all O.K. I did notice that Skype has an option enabling 'uPnP' by default....how much of a security risk is that???
The port forwarding, along with a static IP address, I set up to accommodate uTorrent. It was the first time I had ever set up a torrent client and, after hearing/reading so much about torrents, I went through the process as much for the learning curve as anything. I seriously doubt this was the root cause but as Zig has pointed out...it is a possibility.
Anyway, I am now in the process of returning things back to the way they were when these issues first appeared...this time, one at a time so I will know which was to blame. Have already re-connected Skype and unblocked it through the Windows Firewall. As soon as I have identified the culprit I'll let you know.
Thanks to everyone for your suggestions and help with this...much appreciated,
cheers....JIM
P.S. [b:2v2vm027]Definitely[/b:2v2vm027] no infections involved...I've run more scans than the radiologist at State Hospital......nothing, zilch, nada, zero
Jim Hillier
Richard Pedersen
David Hartsock
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
1 Guest(s)