Solved

XP home IE6 mystery window named monitor-now runs slowly

Posted on 2007-04-02
10
237 Views
Last Modified: 2013-12-08
Running XP Home, IE 6 all updated.  I saw a very short flash of a very small window flash with the word 'monitor' at the top. The next time, the window had no title.  The computer started running slowly shortly before that.
PC-Cillin Internet Security 2007, Housecall, found nothing. Now I am afraid to reboot.
0
Comment
Question by:shlew
  • 6
  • 3
10 Comments
 
LVL 22

Accepted Solution

by:
RedKelvin earned 500 total points
ID: 18840552
It may have just been a freak event. Backup all of your important data, before rebooting...Just in case.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18840635
Is it only at startup? it could just be the LegalNotice's.

Can we look at a hijackthis log to rule out malware?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

You can either upload the log to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
0
 

Author Comment

by:shlew
ID: 18841566
Not at startup. I am on 24/7.
I ran HijackThis, went to ee-stuff, browsed to the file, clicked on upload but find no activity.
The forum format is new since my last visit so maybe I don't understand, did it upload somewhere and I didn't see it? If so, there must be 3 copies by now...  :-(
 Same with trying to upload it to TomCoyote and related.

I'll try rafb.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:shlew
ID: 18841573
http://rafb.net/p/ie5YtP35.html
finally figured out the paste sequence...
0
 

Author Comment

by:shlew
ID: 18841581
But I don't uderstand why I get invlaid file tpe from ee-stuff for a text file...
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18841773
Thanks for the log, I don't know why it gave you an invalid file, I haven't uploaded for a long time, maybe it needed to be zipped, it's supposed to accept .txt so maybe it's just bug, sorry about that.

Unfortunately, I couldn't find any suspicious entries in the log, but it can happen that nasties hides from the scan.
Can you please try downloading and running SUPERAntispyware, it's a ver good scanner:
http://www.superantispyware.com/


Then after that, please run Combofix, it gives us a log to look at as well.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 

Author Comment

by:shlew
ID: 18846874
While SuperAntispyware is running, I should tell you that, even after finding the conflict between the new Trend 2007 and Spybot seems to have problemetic solutions, I have unwillingly removed Spybot, still slooow, I had discontinued PC-Cillin,-that is turned it off, still rediculously slow.
Windows take minutes to load, move, do anything.
The SuperAntispyware has been running for 1.5 hours and has only just finished scanning the updates file and is starting on PCHealth.
Frustrating.
Any further thoughts?
0
 

Author Comment

by:shlew
ID: 18847013
What about trying a restore point? Or is that going to work if I have a bad guy?
I am afraid to reboot for fear I won't be able to reboot properly!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18847609
I can't blame you for hesitating to boot, when suspicious thing going on.

If the bad guy hasn't affected the System Restore and you go back as far back as before you were infected, then it should be okay.

Also you need to check first that userinit.exe in system32 folder folder is still there so you can log back in.
You also check to make sure there aren't any suspicious entries in your winlogon notify keys,
 It's when a bad files is removed and the related registry entry still intact could cause the bootup problems.
0
 

Author Comment

by:shlew
ID: 18949296
I checked my restore points and still hesitated. So I ran several online scanners-don't remember all of them. There were a few what looked like cookies and one non cookie which I removed. I wish I could remember but have been ill. I did run ComboFix based on your recommendation.

I just wish I could rmemeber what solved it.  Perhaps a combination of things. I usually keep a diary of problems and fixes but that evaporated too.

Points for all the effort and ComboFix.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Render HTML in a desktop app, not using a browser 4 82
cookies analysis tools 2 93
Using icacls to block access to mstsc, cmd & PowerShell 4 142
Soundcloud.com 4 26
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question