• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 282
  • Last Modified:

command screen flashing

About every 1/2 hour the command screen flashes (appears) for about a 1/2 second and then disappears. I've ran adaware and spybot and have run virus scans and nothing else shows up, however I still think something is lurking around. It's as if someone takes a picture. Any Ideas, anyone?
Tom
0
tiacovone
Asked:
tiacovone
1 Solution
 
WDBCommented:
Hi tiacovone,
  Can you Ctrl+Alt+Delete and then post in here what applications and processes are running on your machine?
0
 
SheharyaarSaahilCommented:
Hello tiacovone =)
 Is it happens when u r Online or in normal condiotions also, when internent is disconnected ??

!! GOOD LUCK !!
0
 
tiacovoneAuthor Commented:
1. How to copy applications and processes from list.
2. Happens in both conditions.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
SheharyaarSaahilCommented:
ok goto START>RUN and type msconfig
in teh Startup section, uncheck all the applicatiosn that start at startup.
reboot the machine, and now check for the problem.
0
 
Francois_ITCommented:
just type "tasklist" in the command prompt and copy\paste here
0
 
j_powersCommented:
If you have run those spyware programs (I also suggest CWShredder - http://www.spywareinfo.com/~merijn/ ) and get the same results, then it may not be anything.

Do this - unplug your machine from the internet. Do some stuff unplugged. Does the "flashing" still happen?

If it does then I would suggest your PC is "hiccuping" or is trying to play catchup to what you are doing. What kind of computer are we using here? How much RAM? Hard Drive space? What OS are you running? When your computer "flashes" what programs are you running?

Another thought - turn off your screensaver. See what happens. Let me know.
0
 
BillDLCommented:
Unfortunately I don't see a note of the Operating System you are using, so much of what I have detailed below is most relevant to Win98.

Have you checked the Windows Task Scheduler?
Start Menu > Programs > Accessories > Scheduled Tasks

or
Start > Run > and type the single line command:

C:\WINDOWS\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

> "OK"

Any unusual tasks listed in there?

To stop using task Scheduler, open the "Advanced" menu and select this option from there.

If something is doing this exactly every 30 minutes, then it is obviously being timed or scheduled.  Task Scheduler is able to call other programs, and this could include a DOS batch File.

The concerns here are the type of utilities that transmit data from specific folders, screenshots of your activities, or keyboard logging texts from the command line, nd do so by FTP or using a hidden mail Transport Protocol.

For a timer to work, it must be loaded into memory.  This won't always show in the Ctrl + Alt + Del task List, and may not show in MSCONFIG's "startup" tab either, but doing the following might identify rogue processes running:

Use the Start Menu as follows

1. Start > Run > and type MSINFO32
2. In the left pane, find "Software Environment"
3. For each of the following sections, click on it and then use the menu as follows:
       Edit > Select All > Edit Copy
4. Paste each into NotePad and save by the name of the section in MSINFO32
5. Copy and paste the details here if they are brief enough

Software Environment\
                                 Running Tasks
                                 Startup Programs
                                 System Hooks

Your list of startup programs will help you decide what you need and don't need to run automatically when Windows boots.  You could disable them using "Start > Run"  > and typing MSCONFIG (as described above).  The checkboxes are in the "startup" tab, and the only one you usually require is the System Tray.  You could restore them again one at a time again, rebooting between, and test until you find the culprit.

A helpful page to assist you in identifying Startup items is:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

The problem with identifying a "timer" program running as a "32-bit" (Windows)  or "16-bit" (DOS) process (can be seen in the MSINFO32 window as detailed above), is that you won't necessarily find out what program it actually calls at predetermined times.  The actual Command window you see is obviously closing after it has done what it needs to do, and won't be easy to catch in a list.

A hidden command line scheduler written by Eric Phelps for a legitimate personal purpose, but obviously capable of abuse, is detailed here:

http://www.ericphelps.com/schedule
http://www.ericphelps.com/schedule/schedule.zip

It could easily be something like this that is running.  Read his notes.

Other similar ones may show in the System Tray, but I have seen ones that use square grey icons that won't show there even if loaded and running.

There are some programs available for download that allow you to monitor and log running processes at user-defined refresh intervals.  If set at very fine intervals, and you start the logging process shortly before it is due to happen, then the logging might just identify it.

Try some of the utilities from http://www.sysinternals.com:

Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.sysinternals.com/images/screenshots/prcxshot.gif

Download Process Explorer (x86 - 180 KB) - you plan on using Process Explorer on Win9x/Me
http://www.sysinternals.com/files/procexp9x.zip

Download Process Explorer (x86 - 180 KB) - you plan on using Process Explorer on WinNT/2K/XP
http://www.sysinternals.com/files/procexpnt.zip

FileMon (from sysinternals)
Can't find myurl and I'm offline at the moment.

Handle - a command-line handle viewer for Win9x/Me and NT/Win2K
http://www.sysinternals.com/ntw2k/freeware/handle.shtml
 
ListDLLs - a command-line DLL viewer for Win9x/Me and NT/Win2K
http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml
 
PsList - local/remote command-line process lister for NT/Win2K
http://www.sysinternals.com/ntw2k/freeware/pslist.shtml
 
PsKill - local/remote command-line process killer for NT/Win2K
http://www.sysinternals.com/ntw2k/freeware/pskill.shtml 

Karen Kenworthy's "Snooper"
http://www.karenware.com/progs/
http://www.karenware.com/progs/ptsnoop-setup.exe

If you are able to identify a rogue "timer" program, but can't ascertain what other programs or processes it is starting, a handy utility for extracting data from an otherwise uneditable file is "PEEK".

http://members.ping.at/mlubich/peek11.zip

Unzip the download and copy the files PEEK.INF and PEEK.DLL to a temporary folder.
Right click on the PEEK.INF file.
Choose the 'Install' and the system will install PEEK on your computer.
You now have a right-click "Peek" option for any file.
To uninstall PEEK go to the control panel and use the 'Add/Remove Programs' applet and select  PEEK.

download, install and run the freeware personal version of "Adaware" from Lavasoft.  It will identify any rogue Advertising Software or components on your system and allow you to get rid of them.

http://www.lavasoft.de/software/adaware/

Download, unzip, and run (no need to install) the freeware "BHO Demon".  Browser Helper Objects (or BHO's) are small programs that run automatically when you start your Internet Browser, come in many forms including the legitimate Adobe Acrobat Reader, and Norton AntiVirus, but also can be malicious or just a plain nuisance.  This program allows you to enable or disable them.  Take for example Go!Zilla, the downloading utility, which installs a BHO created by Radiate (formerly Aureate Media).  This BHO tracks which advertisements you see as you surf the Web, which may not bother you too much, but it is using up resources.

That said, there is no restriction on what a BHO can do your system.  It can do anything any other program can do ie. read or write (or delete) anything on your system.  Usually, software is installed on your system explicitly by you, but BHO's have a history of being installed without the users knowledge.

With BHO Demon, BHO's are disabled by simply renaming the DLL that houses them.  By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish.

Info:
http://www.definitivesolutions.com/bhodemon.htm

Download (v. 1.0.0.3 25 June 2002)
http://www.definitivesolutions.com/files/bhodmon1.zip
or
http://www.spywareinfo.com/downloads/bhod/bhodmn.zip

You should also run a Full virus scan of your system after updating your AntiVirus software with the latest definition download.  Scan ALL files, memory and boot sector where these are options.

Another useful program for finding things that take over your system is "HiJack This" from:

http://www.spywareinfo.com/downloads.php#det
http://www.spywareinfo.com/~merijn/files/hijackthis.zip 

It will run from any folder without needing installation.  Just unzip it, launch Hijack This, then press "Config" > "Miscellaneous Tools", and press "Generate Startuplist Log"

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.  Maybe this would be better to post here.
0
 
SheharyaarSaahilCommented:
tiacovone,,, its been long time, plzz come back for a moment and close this question now !!!!!!!!
0
 
SheharyaarSaahilCommented:
tiacovone ......... dont u think that this question has become toooooo old..... need to be finalized now :)
0
 
SheharyaarSaahilCommented:
tia,,, may i know what exactly solved the problem for u ?? :)
0
 
BillDLCommented:
I too would like to know this.  Just so that we don't all get the impression that we have wasted our time, or that out time and effort hasn't been appreciated at all.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now