Topic: Help - strange virus or spyware or whatever

[Rui 'Trovatore' Pires]

I wonder if anyone can help me. Recently (after having installed Download Accelerator, actually, but I'm not sure it's related, because at that very same time I browsed through many sites such as Astalavista with miminal security, so ANYTHING can have gotten in) I've been finding that the internet window I'm browsing (IE, and no, won't change. I'm comfortable with IE) will close. Withuot warning. And re-appear after some minutes, without the upper title bar - the one with the close button, making me resort to Alt-F4.

AntiVir Personal Edition, Spybot and AdAware didn't find anything wrong... at least, nothing that once corrected fixed this. I found a workaround, but it's strange - it seems that shortly after running IE after I FIRST boot the PC, two programs get run, which I can find in the Task Manager. They are something like "4231762.exe" - nonsensical. I close them, and until I reboot I will have no further trouble.

I also tried CodeStuff starter, but nothing out of the ordinary there.

I was just wondering if anyone knew anything about this strange thing.

[YOke]

(IE, and no, won't change. I'm comfortable with IE)

"Please officer! Don't take my husband away! He beats me because I deserve it!"

[Bernie]

Hmm... start msconfig (type it into the run command bar or whatever it's called on english computers). Go to the system startup tab (last one) and deactivate all weird startup programs.
If you have a hard time telling good from bad programs, post a screenshot of your startup list.

[Rui 'Trovatore' Pires]

YOke - Heh. No, it's just a matter of being very comfortable with it so far. If IE beat me, I WOULD have it changed, but I'm used to it...

Bernie - Hmmm, thanks but it seems just like CodeStuff Starter. Here's the screenie.



EDIT - Before anyone asks, "Always Activate" is a WinGroove thing - no problem there.

[auhsor]

Ok I think your problem is the farmext entry. Don't quote me on that, but if you google it it seems others are trying to get rid of it too.

Hope that helps.

edit: argh..  fixed typos... I guess it was late last night.

[Squinky]

Heres a site I found for figuring out just what excactly all those entrys are in the task manager:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

[Ghormak]

All anti-spyware programs I've seen say Download Accelerator is spyware. Wouldn't surprise me.

I'd recommend finding that 4231762.exe and deleting the shit out of it.

[Blade]

That 4231762.exe is probably the file a virus created and it's probablty hidden somewhere in the temp folder. There might be a problem in manual removal - Windows may recognise it as being used by the system. 

[RickJ]

If IE beat me, I WOULD have it changed, but I'm used to it...

It just did!  Quit your blubbering  , get Firefox, and you will have no such problems in your future. 

http://www.mozilla.org/

[Cluey]

If IE beat me, I WOULD have it changed, but I'm used to it...

It just did!  Quit your blubbering  , get Firefox, and you will have no such problems in your future. 

http://www.mozilla.org/

Ahmen!!

[YOke]

Everything is in the exact same place in Firefox anyway. The Back button, the Forward button, the Stop button.......the Refresh button!

[Barbarian]

Could be just about anything... most likely a SpyWare of sorts. For a recent topic with some good posts that may be of help for you, check out:
http://www.bigbluecup.com/yabb/index.php?topic=19142.0
   As, I suspect you may have a version of the CoolWebSearch virus/trojan (CoolWebSearch is anything but cool though).

What version of WinDoze you running? If you have like ME, 2000, XP, NT, you should have the "System Restore" feature. If the problem is recent enough, you may still be able to use the System Restore to rollback your drivers/settings/etc... to a date and time when you know your computer was still working good. Usually it's found from:
Start, All Programs, Accessories, System Tools, System Restore.  Choose "Restore my computer..." then from the "Calendar" thingy you can pick a day and checkpoint to before your problems occured.

The free version of DAP is Ad-Ware (not spyware), but the paid-for version of DAP is without any type of ads. I've been using DAP for a number of years, and it always works great for me.
But, if you're looking for a good free alternative without any kind of adware or spyware, you might try: http://www.stardownloader.com/

Also, you should make sure IE's security settings are adjusted for better protection, and you never mentioned if you're already using a firewall.. If not, then I highly suggest you get and use a firewall (there's many good free ones out there, one I like is ZoneAlarm which you can download a good free version over at www.zonelabs.com ).

Also, you may want to make sure your "Windows Critical Updates" are current, though be sure to make a System Restore checkpoint before updating in case something messes up, as, in my experience, sometimes updating with Windows can in fact mess things up even more.

Good luck. 
PS: Backup any important data/files/programs that you need to keep safe.

[TheYak]

If you're unable to find the references to the weird program, you could also try punching "services.msc" into the run-box.  This'll open a panel of system services that are currently running (or set to run in various circumstances) on your system.  Don't disable anything unless you're pretty certain it doesn't belong, and only make one modification at a time unless you know what you're doing.  If you find a suspect program, open its properties and change the startup type from manual or automatic to disabled. 

Another thing you can try is searching the registry ("regedit" from run) for the suspect program's name.  Blade's got a good point concerning the system-file status.  If it's in a Windows directory, it may've been protected as a vital operating system file.  You can download various freeware utilities that'll delete it upon startup if you can't do so manually.  The name's incredibly suspicious as viruses will often reproduce with randomly-named files (I've got a KBdhizk.dll I've been trying to get rid of for awhile, virus-related, based upon the name should be a Keyboard Language dll).  Another thing you can try if you can't delete it is to rename it, sometimes you'll be able to do this despite error messages (mine's renamed to KBdhizk.dll.bkp and thus rendered harmless).

[Rui 'Trovatore' Pires]

Whoa, many suggestions. Many thanks everyone. I'll uncheck "farmmext" and see what happens tomorrow, and then will try the other suggestions in order. I'll keep results posted, and thanks again!

EDIT - "Farmmext" it was! Thank you VERY much!