- Mar 10, 2007
- 3,515
- 478
- 126
First, allow me to attempt to explain how my computer is acting weird. The hourglass icon next to my mouse is flickering in a constant, rhythmic timing. Also, under my Task Manager Process list, I have one instance of rundll32.exe *32 running. However, like clockwork, another rundll32 *32 appears and disappears within seconds. The only difference between the two is the description of the one that appears says Windows Host Process (rundll32) whereas the one that is always on there says nothing. The time in which the second process appears is always under 30 seconds but randomly appears within that time frame.
Now how it started. My friend sent me a link to download a video from multiupload. Since he normally sends me amusing videos here and there, I thought nothing of it and downloaded the video. When I opened the rar file, I noticed it said the video was a .mov but when I scanned the file prior to opening it, it said it was called capture_223.scr.mov - the actual file listed under Windows Vista just said .mov and not .scr.mov even though the icon was the old Quicktime Movie Player icon (I use VLC for .mov files so it should have been the orange pylon).
Anyways, a temporary lapse in good judgement led to me opening the video. After a second of nothing happening, I quickly opened my task manager because I felt something wasn't right about this file and sure enough, Capture223.scr was running under the processes. I quickly ended the process and am currently scanning my entire computer with Ad-Aware, Spybot, and Avast. Since I ended the process the hourglass described above has not stopped since I ended the process and it sounded like my DVD drive was trying to run a disk for almost three minutes after opening the file.
Lastly, when I tried to go back to the file location to check the exact name and description under the properties, the file was gone. I checked under my recent items, found the video file, and tried to open the file location, but my computer says the file has moved and the shortcut is no longer valid.
Is there any way to find out where the file has gone based off an old shortcut and what does anyone make of my hourglass icon flickering next to my mouse?
Any information is greatly appreciated.
Edit: I just looked under my msconfig layout and found there is a new process running under Startup labeled MS Essentials. It's a rundll32.exe file run out of my AppData/Roaming folder. What little I know about the rundll32 file from searching around is that if it's running out of your System32 folder, you are fine, but if it's running from anywhere else, it's a trojan. Should I physically Shift+Delete this file or let me antivirus handle it (assuming Avast finds it malicious)?
Second edit: I just created a Registry edit text file for everyone to look at as some additional data:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\\PROGRA~2\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"MS Essentials"="C:\\Users\\Stg\\AppData\\Roaming\\rundll32.exe"
Now how it started. My friend sent me a link to download a video from multiupload. Since he normally sends me amusing videos here and there, I thought nothing of it and downloaded the video. When I opened the rar file, I noticed it said the video was a .mov but when I scanned the file prior to opening it, it said it was called capture_223.scr.mov - the actual file listed under Windows Vista just said .mov and not .scr.mov even though the icon was the old Quicktime Movie Player icon (I use VLC for .mov files so it should have been the orange pylon).
Anyways, a temporary lapse in good judgement led to me opening the video. After a second of nothing happening, I quickly opened my task manager because I felt something wasn't right about this file and sure enough, Capture223.scr was running under the processes. I quickly ended the process and am currently scanning my entire computer with Ad-Aware, Spybot, and Avast. Since I ended the process the hourglass described above has not stopped since I ended the process and it sounded like my DVD drive was trying to run a disk for almost three minutes after opening the file.
Lastly, when I tried to go back to the file location to check the exact name and description under the properties, the file was gone. I checked under my recent items, found the video file, and tried to open the file location, but my computer says the file has moved and the shortcut is no longer valid.
Is there any way to find out where the file has gone based off an old shortcut and what does anyone make of my hourglass icon flickering next to my mouse?
Any information is greatly appreciated.
Edit: I just looked under my msconfig layout and found there is a new process running under Startup labeled MS Essentials. It's a rundll32.exe file run out of my AppData/Roaming folder. What little I know about the rundll32 file from searching around is that if it's running out of your System32 folder, you are fine, but if it's running from anywhere else, it's a trojan. Should I physically Shift+Delete this file or let me antivirus handle it (assuming Avast finds it malicious)?
Second edit: I just created a Registry edit text file for everyone to look at as some additional data:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\\PROGRA~2\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"MS Essentials"="C:\\Users\\Stg\\AppData\\Roaming\\rundll32.exe"
Last edited:
Facebook
Twitter