Is this dangerous?

[thebigdishman]

I am puzzled - baffled even. An icon has appeared on my desktop - not your standard link to a program or directory, just a small square icon - not quite always on top. I can drag it around the screen, but it does not have a link and I can't right mouse and delete it. Other than that it appears to be inert. I can best describe it as an orange space invader on a white backgroubnd 17 x 17 pixels. Does anyone have any idea what this could be?

[kgun]

Quote:

Originally Posted by thebigdishman

... I can't right mouse and delete it.

But can you right click it and go to the target where you can delelte it?

1. Do you see something new in running processes?
2. What about: start + run + msconfig
3. System restoration, is that an option?

[spiderbait]

Can you see it from the "desktop" folder using Windows Explorer? That might give you more options to inspect its properties.

[RollerBall]

Are you crazy?

If ANYTHING suddenly appears on your PC that you did not put there you MUST nowadays assume that it is some form of malware.

Your 'icon' is a symptom of something far more sinister and if you can't remove whatever put it there you must do a system restore to before the event.

However as you have been foolish enough to click on the 'icon' you have most likely already set in motion what could ultimately end up destroying the records on your PC which is EXACTLY what happened to a colleague/poster on another forum that I am a member of. He also said it started with an innocuous white icon on his desk top that he clicked on.

My advice to you now is while the system is still running you back up all the key/sensitive/unreplaceable data it contains onto an external disk drive.

Then reformat the hard drive, reinstall your OS and apps and copy back the data. You also need to check that you have high quality protection installed against viruses and trojans - my guess is that currently you do not.

Please take this seriously, especially if your PC contains critical/sensitive data and/or is used for you business. There are a large number of brilliant programmers out there, in Asia, eastern Europe and South America predominantly, for whom the only opportunity to capitalise on their talent is to go over to the dark side. They are coming up the whole time with clever new code to take control over and link up large numbers of individual PCs to gather and feed back information to the 'control' without the owners of the PCs ever knowing. They are finding new ways to install their software - your 'Icon' is such a way - after which an individual infected PC becomes part of such a net. One clever angle is that the software is timed - it doesn't start runing immediately so when you do the checks as advised by the other posters you find nothing suspicious and are lulled into a false sense of security. Then it starts up, days or even weeks later.

My advice is not scare tactics - all this is fully documented on the Web if you care to look.

[kgun]

A fast question. Which web browser do you use?

[thebigdishman]

Hi

Various answers -

Mozilla Firefox v 2.0.0.18 (I downgraded from v.3.) -
Trend Micro PCcillin 2007 current and up to date - and it hasn't spotted anything wrong.
Everything is backed up (it always is).
It isn't visible in my Desktop directory.
I run Evidence Eliminator as a clean out once a week.
Everything I delete is done with the Evidence Eliminator secure deleter, and if that doesn't work I have PGP and Move on Boot as backups.

And finally thanks for all the interest.

[thebigdishman]

... and I only feformatted the drive and reinstalled everything two weeks ago.

[littlegiant]

Yeah I would have to agree with Rollerball... I would have a litter of kittens if I ever saw something like that on one of my computers. Stop everything that you're doing and run a full scan with all your antivirus and antispyware programs. Take a scattershot approach and run several of each. Also make sure your network status icon is displayed in your system tray and watch it for activity unrelated to your browsing/downloading activities. Also you could try downloading and installing Process Explorer and then run it and look for any process running that looks suspicious and doesn't have a description which might help you zero in on what that icon is. Although be careful.. don't just start deleting stuff willy-nilly trying to get rid of it. If you see a process running that is suspicous, google it and read up. e.g. "what is xxxx.exe" And yes, immediately back up everything and prepare for the worst, i.e., wiping out your hard drive and reinstalling Windows.

[claybutler]

Could you do a screen shot for us to see. Don't follow rollerballs advice (yet). That is way over the top. First just find out what it is. Most viruses and malware programs don't really do all that much damage. Most just slow things to a crawl. I'd do a sceenshot and post it on a virus/malware forum.

[pingram3541]

I would also suggest checking your network connections to see if anything suspicious is going on.

netstat -a

Then look for any suspicious ports or connections open.

Good luck.

[Wildman93]

Perhaps time for a Mac?

[Clint1]

I totally agree with RollerBall, except you don't have to be quite that drastic......just yet. I also surprisingly don't see anyone mentioning anti-malware programs. Before you do anything else, run scans with SpyBot, AdAware, and Spyware Terminator, they're all free. Also have the suspect file (and your entire PC) checked at the following places:
Virus Scanner - CA
AhnLab - Antivirus Software and Security Solutions Provider (two areas at the right side of the page)
Antivirus software - BitDefender - The future of security now! (lower left area)
F-Secure Support pages: F-Secure Online Virus Scanner
Virus File Scanner
http://us.mcafee.com/apps/vsfreescan/en-us/
PC Flank: Make sure you're protected on all sides.
PC Pitstop AntiVirus Center
CA Anti-Spyware 2009 LE | Formerly CA eTrust® PestPatrol Anti-Spyware
Scan your files with the best Russian anti-virus on-line!
Free Virus Scan - Free Antivirus Software | Norton Security Scan
Free Virus Scan - Free Antivirus Software
Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA
Free online Trojan Scanner - Scan your system for Trojans

Some of the places only scan single files, some only the entire PC, some both. What you have to remember is that not one single anti-malware program will detect everything. If after all this not a one of these places nor programs find anything, it's probably safe to say the file is ok. If they do find it's malware, then you have to do what's required to clean your PC.

[Peter]

Regarding the MAC comment...

The truth about Mac security—if this “truth” actually has anything to do with the Mac at all—is that the biggest security hole in computing today is usually located between the chair and the keyboard.

Unlock The Truth About Mac Security Risks | Mac|Life

That applies to any computer user really.


What OS and SP are you using? Also as stated a screenshot would help. When you reinstalled what SP were you using then? and did you patch it behind a hardware firewall?

Also things dont appear "by magic" on computers, have you been to any dodgy websites recently, opened unexpected emails, clicked on email links (classic trojan dropper) and something didnt happen that you expected it to?
Check your installed program list for anything installed at around that date.

If you create another user account, does the icon also appear on that accounts desktop?

[1centwiz]

Ok, while I admit that Rollerball has a point, and yes it seems drastic, the idea of having multiple virus programs running on any system is asking for trouble!

If you decide to download multiple virus scanners, uninstall them after using them, one at a time. I just spent 12 hours cleaning a computer that had over 37 viruses/malware/programs and objects on it. She had AVG, Windows Defender, and multiple other "spyware" programs that Dell downloaded for her in May when she first had problems. The problem with that was, two of the "spyware" programs that were supposed to assist in cleaning her computer, actually ended up being MALWARE programs masked as "spyware". Let's all give a cheer for "Dell" lol... and after searching through the registry, not a suggestion for newbies or people that "think" they know what they are deleting, I found Norton and McAfee running on her computer as well! Hmmm maybe a bit of a conflict, you think? I DO!

I agree with looking at your processes and seeking help on the net to make sure that they are valid processes. However, svchost is going to be listed several times depending on what you are running in your services directory. This is especially important if you are running Vista.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) - Safer Networking Forums ~ go here and search out your problem or ask for assistance. They are well trained and very helpful!

Best of luck!

[Clint1]

Quote:

Originally Posted by 1centwiz

Ok, while I admit that Rollerball has a point, and yes it seems drastic, the idea of having multiple virus programs running on any system is asking for trouble!

Yes I agree with that. I didn't say that was a good idea and I don't remember him saying it. They will cause conflicts and not to mention slow a PC way down.

Quote:

If you decide to download multiple virus scanners, uninstall them after using them, one at a time. I just spent 12 hours cleaning a computer that had over 37 viruses/malware/programs and objects on it. She had AVG, Windows Defender, and multiple other "spyware" programs that Dell downloaded for her in May when she first had problems. The problem with that was, two of the "spyware" programs that were supposed to assist in cleaning her computer, actually ended up being MALWARE programs masked as "spyware". Let's all give a cheer for "Dell" lol... and after searching through the registry, not a suggestion for newbies or people that "think" they know what they are deleting, I found Norton and McAfee running on her computer as well! Hmmm maybe a bit of a conflict, you think? I DO!

The programs I mentioned should NOT be uninstalled, they should be installed and kept on every PC as a matter of course, and the HD should be scanned with them on a regular basis. SpySweeper is another one, but it's not free.

Yes, indeed, there are tons of rouge programs out there under the guise of "anti-malware" when they are indeed malware themselves! Do a search for rouge anti-malware (and without the hyphen) at any SE and you'll see thousands of sites listing them.

Quote:

I agree with looking at your processes and seeking help on the net to make sure that they are valid processes. However, svchost is going to be listed several times depending on what you are running in your services directory. This is especially important if you are running Vista.

Yeah, 4 or 5 times on up depending on what Services are disabled. I have every (XP Pro SP3) Service disabled that can be disabled, and I never have more then 5 of them listed, usually 4.

[TrafficProducer]

Another Freeware program thai may fix it is CCleaner - Home

It cleans the Regisrty, temp files and other such junk