Technical Problem -- Possible virus/spyware? - Microsoft Windows

This is a discussion on Technical Problem -- Possible virus/spyware? - Microsoft Windows ; Hi. I seem to be having a strange technical problem with my Windows 2000 system that I suspect is related to malicious code on some level. It's either a virus, spyware or a problem with the Rational Purify 6.5 Liscence ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Technical Problem -- Possible virus/spyware?

  1. Technical Problem -- Possible virus/spyware?

    Hi. I seem to be having a strange technical problem with my
    Windows 2000 system that I suspect is related to malicious
    code on some level. It's either a virus, spyware or a problem
    with the Rational Purify 6.5 Liscence Manager's invasive
    security measures.

    Here is the situation. Most of the low-level utilities on
    my system seem to have been blocked off by the means of a
    process opening the relevant file and then locking access to
    it so that I get "access denied" when I try to use it. This
    applies to my command prompt (cmd.exe) and to most of the
    things in Control Panel's Administrative Tools folder, notably
    the Services. I get "access denied" whenever I try to open
    the Services window at all.

    I also get strange message windows popping up that have no
    text and a single "OK" button. Using the Spy++ utility that
    comes with Visual Studio, I traced these windows to the
    Services.Exe process, which makes me assume that something
    installed a hostile or parasitic Windows Service on my machine
    without my knowledge, and is now trying to stop me from getting
    rid of it.

    I've tried safe mode, and the files are still inaccessable.
    I've removed everything on my system from Rational. I've scanned
    with AdAware, the and.doxdesk browser parasite detection script
    and Norton Antivirus. Can anyone tell me what this is and how I
    might go about fixing it short of reinstalling my OS?

    -- Julian Mensch

  2. Re: Technical Problem -- Possible virus/spyware?

    > Barring any way to track this further, the likely outcome
    > will be "and then I reinstalled Win2K from CD". I'm not sure
    > what else I can do.
    >
    > -- Julian Mensch


    Arrrgh. OK, here are two desparation moves:

    1) Create a set of "emergency recovery disks" via the backup applet & try
    "repairing" what happened. or...
    2) (I don't recommend this for those with elevated blood pressure but
    assuming that you are persistent and in good health, you'll prolly be able
    to) extract an answer from the email support of MS.

    Sadly, I don't know of an app that does what you'd like.

    g'luck

    Ungoy

    On Fri, 08 Aug 2003 20:14:27 GMT, Julian Mensch wrote:

    > win2k:
    >> - I'm almost too embarrassed to ask because this is one of those
    >> "obvious" questions but: are you sure you have permissions,
    >> admin-level that is?

    >
    > It would seem not, from the symptoms.
    >
    > Nonetheless, I am logged in as Administrator, and
    > checking the control panel I see that this user, the
    > singular one for this system, is a part of the
    > Administrators group. Furthermore, the file "cmd.exe"
    > has all access permissions set for Administrator
    > group users, according to its Properties.
    >
    > Strangely, I can't open the "Advanced" section on the
    > ADvanced User Management part of the Users and Passwords
    > control panel icon. I click the button, and nothing
    > happens.
    >
    >> - To rule out, as best as possible, the malicious
    >> virus theory, go to Symantec's (or competitor's) site and have *them*
    >> scan your system. A number of virii now make it job #1 to disable
    >> anti-viral software. The big a-v players now offer to do a computer
    >> scan *from*their* server. Haven't tried it but I've read reports that
    >> it does work.

    >
    > I just tried HouseCall's online scan. Nothing.
    >
    > Do you know of any low-level utility which can be downloaded
    > from the web to either A) tell you exactly which processes have
    > opened a given file at present, or B) forcefully close a file
    > that other processes have open, even if this will cause the
    > relevant processes to crash? This would be really helpful.
    >
    >>
    >> posting:
    >> - Dude, do yourself a favor and *mask* your valid email return
    >> address. How you do that depends on the application you use to access
    >> the newsgroup. The reason for doing this is that a MAJOR way for
    >> spammers to collect *valid* email addresses is to use collection
    >> bots...little programs that go out onto the net, in newsgroups, etc to
    >> harvest xxx@xxx.xxx names. I recommend you change your "respond-to"
    >> address asap. You'll prolly notice a drop-off in spam in about a
    >> month.

    >
    > Thanks.
    >
    >> PLEASE post here with any developments in your story,

    >
    > Barring any way to track this further, the likely outcome
    > will be "and then I reinstalled Win2K from CD". I'm not sure
    > what else I can do.
    >
    > -- Julian Mensch


+ Reply to Thread