Hidden program running(?) prevents scandisk and defrag from completing

I tried to run a ScanDisk and Defrag tonite so i used CTRL+ALT+DEL in order to stop all programs from running except for Explorer and Systray. Neither Defrag or ScanDisk could run due to something writing to the Hard Drive during the process.

I re-booted in Safe Mode and was able to accomplish both Defrag and ScanDisk but can't seem to figure out what's running in the background but not evident thru CTRL+ALT+DEL. Ran LavaSoft's Ad-aware and tried to scan disk again (after shuttig down all programs thru CTRL+ALT+DEL) but still couldn't get thru it.

Also tried unchecking things in the msconfig's start-up tab but to no avail.

Any suggestions on where to look for what's running in the background?

Thanks.

 

I haven't seen this problem on my 98SE. I did eventually find it on Win95, though. It was Windows messing with the swap file.

If all else fails, you might try setting the swap file to a fixed size. It's accessed through control panel - System - Performance - Virtual Memory.

 

Hi thereuare and welcome to the boards.

When you Ctl+Alt+Delete to bring up the task manager what you see is not all the processes running. There is a bunch of other stuff that runs in the background under a normal boot of Windows.

You did the best thing by booting to Safe Mode to scandisk and defrag. It's the best way to go. Even then you will occaisonally get scandisk cycling, but I find if this happens just reboot into safe mode and restart scandisk. I also have noticed that defrag will restart several times as something always seems to write to the disk part way through. Eventually finishes tho'.

What OS do you have? If you have W98SE, get the ME defragger, it goes much faster than the one supplied in Win98.

 

You may be interested in this freeware utility:

http://home.ptd.net/~don5408/toolbox/enditall/

I've used it for some time now and find it quite handy.

 

Thanks for the suggestions.

My concern is that i'm occaisionally getting a messge "Sasser_d Worm Detected. Click 'SCAN' below to scan your system "

It's not an 'real' message as it comes in a pop-up menu with an IE background screen of all blue. If i just click the "X" in the top right corner sometimes my computer shuts down and re-boots and sometimes it continues as normal.

I thought perhaps that i had some spyware running in the background and that was preventing ScanDisk and Defrag from running. As i said above i ran Lavasoft's Ad-aware and found a few things to remove, but then when i tried to re-run Scandisk it wouldn't complete. I assumed that this was due to some spyware running in the background, but maybe i had a dual problem: 1) spyware causing the 'nag' screeen about and 2) problem with the swap file or cycle.

As i said my main concern was that something (spyware or virus) running in the background, so i'll see if the 'nag' persists since it was hopefully removed with the Ad-aware program.

Thanks again for the help/suggestions.

 

You've found the culprit:

For removal instructions, see below:

http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

 

I dont' think that's it... i think this is a pop-up/nag screen trying to get me to click "OK" to disinfect my computer which in reality will load a bunch of spyware on it.

Even the symantec link above says the sasser worm affects Win2000 and WinXP machines... and i'm on Win98.

 

Hi ..

Here is a little utility that may help you find out what is running....it's freeware and tells you more than what you probably need to know

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

there is a version for Win9x ....

I have seen some screensavers and wallpaper changers trip up a defrag ...but never a scandisk ....good luck

Cheers
Jake

 

Tony,

I agree, it's some sort of spyware that is trying to get me to install more! Afterall, why would a virus tell you "you've been infected... click here to clean." I've found that i can get rid of the blue background screen and the windows pop-up window by using the ESC key, but it's still annoying.

I updated my Ad-aware to the latest version and shortly after running it popped up again

Any other suggestions on where to look? I tried an internet search for various terms but can't find talked about anyplace.

Thanks.

 

Free online scan...

Hi...

A suggestion ....free online scan (something on the order of trendmicro's free scan)

http://www.trojanscan.com/

Also....recent updates to AntiVir virus software are finding things that only spyware programs use to find....(free for personel use)

http://www.free-av.com/

Cheers
Jake

 

You definitely have something starting up on the background doing this. Perhaps if you post a HijackThis log on here? The link is below.

 

Have you run Spybot or Ad-aware?

You may find a file called sysupd.exe in your windows directory, along with a file called _update.dat in your temp directory. Spybot says it is a german dialer or something (deleted it over a week ago, can't remember exactly). Spybot did not flag the _update.dat, but Ad-aware did.

Have you installed a Kazaa codec pack by any chance? Just trying to find where the program came from, as I have seen it on 2 machines. The only common factor I can think of between the two is the codec pack.

Chris

 

Problem on XP too

I have the same problem on an XP computer. I get a pop up message saying:

Virus Warning!!!
Sasser_d Worm Detected
Click OK
to Scan and Disinfect

Below the message is an OK and Cancel button.

After this the user gets redirected to sites prompting the user to but AV software. THe number of pop ups is effectively stopping useful use of the internet.

I am pretty sure this is a IE problem, but at the moment am unable to fix the problem. The only reference I can find to this problem is this thread.

Rob

 

Spyware?

Thats exactly the dialog box I was getting.

I don't know what the thing did, cos me being super paranoid hit ctrl-alt-delete on it to kill the blighter. I don't know why they put a dialog box up though... surely some kind of stealth install would be better for them.

Still, something good came of it - It made me go around and apply the Micro$oft critical updates to all the PCs at work.

Chris

 

Solution

I've just got through to NAI (McAfee's) service desk. They have suggested that this is a symptom of Sasser. However, I've just gone to run the fix on the machine affected and it is already patched with the MS hotfix KB835732. I'm running their stinger program but I don't think this is the problem.

See :
http://vil.nai.com/vil/content/v_125012.htm

For more information

I'll post again when I find a fix

Rob

 

I think I have a solution

I've had a further chat with McAfee support. They were very helpful. They pointed me toward a spy ware type solution, as others have in this thread.

First I removed all the little "helpful" utilities that the user had installed on IE (search bars, smiley face stuff).

I then installed and ran Adaware. It found 242 objects! I've got a similar amount of hits before on another PC, and found that a removal of all the suspicious objects causes more problems than it fixes. So I was a little more cautious.

On review of the objects, three items (each with multiple objects) were listed as Malware and I deleted those three (WinFavorites, Blaze Find, istbar).

However, one item was listed as "Possble Browser Hijack attempt" and the information associated with this item pointed towards a site "www2.flingstone.com" (a site I have no intention of looking at). I think it is very likely that this was the cause of the problem.

I deleted that too. Hopefully that has solved the problem. I don't think I will be sure until I get through a month or two without the problem reappearing.

Rob

 

Well, all four of the entries you mentioned are definately unwanted but,

that's a new one on me. Ad-aware targets unwanted files, folders and registry entries placed on your system by spyware/malware/adware. Removing these entries with an older version of the software that's using newer reference files, or using a newer version with outdated reference files could cause some problems, but I have never experienced problems removing everything it finds and have rarely found anyone that does. I always have and will continue to recommend removing everything found by Ad-aware, and I also recommend configuring it to maximum scanning, which coincides with the recommendations given on the lavasoft forums, techsupportguy forums, computer-cops forums, etc., etc. And I'm not alone here. Many members, to include staff, have recommended removing everything Ad-aware finds, repeatedly.

Hope your problems have gone for good. Very good move getting rid of the extra toolbars and smileys (let me guess, Fun Web Products?). Feel free to post a HJT log for analysis at any time. (suggest starting a new thread though, if inclined to do so)

 

I agree with Dave. Up to date Ad-Aware version with up to date files and removing all items it lists should not cause problems.

What version are you running and what date on the ref files? Also, what scumware removal caused problems?

 

I routinely delete everything Spybot and AdAware checks by default on comps that are not mine, and no one has ever complained of a resulting problem, nor have I experienced any. After you clean up, you may want to run a registry cleaner- do a search on the board, or look in signatures for recommendations.

Could you be seeing Windows Messenger Service ads?
This is a c&p from WelshJim:

http://www.grc.com/stm/shootthemessenger.htm

"What is the Messenger Service?

Starting back with Windows NT, and carried forward into all subsequent operating systems, Microsoft included a simple way for users on a network to send each other short "pop-up" messages. Network administrators might have used it to notify everyone of system-wide events. It was a nice idea, though in its original form it never caught on widely. There is a standard command line program "Net Send ", that can be used to generate these messages, and there's also a GUI (Graphical User Interface) application to do the same.


If you're curious to see the graphical interface: On Windows 2000 or XP, right-click on "My Computer "/ "Manage ". Then under "System Tools" right-click on "Shared Folders ". Choose "All Tasks" and finally "Send Console Message..."


You probably didn't know any of that was there, and neither do most people. It's a never-used feature that has been replaced by the various well known, popular, and feature-rich instant messaging systems. "


Disable in admin tools > services (local)> Messenger

Johanna