I'm pretty sure that I have one or two virus programs running on my computer. I believe that one does initialize during startup as I have seen a mysterious program icon appear on the main taskbar and in the taskbar tray. I'm quite familiar with controlling what programs run at startup (through start menu, registry run entries, and ini files) but I cannot figure out how this program is able to run and what exactly it's doing. Norton AntiVirus 2002 cannot find a virus or malicious script. The icon and title that appear (only briefly) on the taskbar claims to be the SETI Spy program, but I know that it is not this program as I do not have it installed. The icon that has appeared one time (and only for ten seconds) in the taskbar tray was an icon that looks like the old speaker control icon found on default installations of Windows 95 and 98. The program name associate with this icon claimed to be mIRC. I do not have mIRC or any IRC program installed. The graphics for both of these icons were not of the same quality as the actual program and system icons and I find them to be highly suspect. Also, about five times during the past 3 days, internet explorer windows start appearing at an uncontrolled rate in what would seem to be uncontrolled numbers. The only way I've been able to stop the windows from popping is by pressing ctrl+alt+delete and terminating all internet explorer processes. Looking at the processes list (when pressing ctrl+alt+delete) doesn't reveal any programs that seem suspect or out of the ordinary. ZoneAlarm doesn't report any blocked or attempted internet access or service. This would seem to have all started when I was browsing the web a few days ago looking for security information related to blocking port trojans and loser script bunnies. I happened upon a site that tried to run some quesionable scripts and install a plug-in. I refused the plug-in and scripts and when I closed my browser window I found a program installation file (and exe) sitting on my desktop and a shortcut to it in my start menu. I deleted both files and didn't think to remember their names. Shortly thereafter, this suspicious activity began. Has anybody else experienced anything like this? [ August 28, 2002: Message edited by: Dirk Schreckmann ]
all i can tell you is that many anti-virus programs cant find trojans. there is a free(or free trial) anti-trojan program i used once that found some that the anti-virus programs i tried had missed. i cant remember the name but a google search should turn it up(thats how i found it in the first place)
Dirk, set up ZoneAlarm to get every program that wants Internet access to ask for it. Refuse server access for everything too. Maybe you can trap it in that way. Try a trial version of ZA Pro if there is one, maybe that can catch it. I just noticed that Symantec list some very recently found backdoors on their web site. Keep us informed, please. -Good Luck [ August 29, 2002: Message edited by: Barry Gaunt ]
I've had zone alarm protecting me for years (thanks zone alarm) and I've not noticed any unusual attempts to access the net (which does sort of diminish the possibility that this is a trojan). I did discover an ad-ware program (WURL) on my system that did have an icon in one of its files that looked a bit like the seti@home icon. I removed it with ad-aware. Pretty sneaky that it was trying to pretend to be seti-spy. I've scanned my system with two different trojan scanners and found nothing. Since removing the WURL I haven't had a recurrance of the unlimited browsers popping up. Thanks for the ideas, everyone.