Mysterious Desktop Notice

Advertise with us
eggtimer rocketry
The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Gary Byrum

Gary Byrum

Overstable By Design
Joined
Aug 4, 2011
Messages
6,330
Reaction score
206
Location
Lincolnton NC
I was hoping somebody out there might recognize this. Recently, This little pop up started appearing on my desktop when I boot up my computer. I don't recognize it and have no idea where it came from. I have 2 virus proggys and neither of them picked up on it. I keep clicking the "NO" option and go on about my business. I'm not going to click yes until I find out if it's safe or not. Please help if you can.

desktop.jpg
 
The wording seems a bit off, plus it doesn't say what is being updated. I wouldn't click on it.

Do you see anything odd if you go to task manager? Can you kill it there or trace where it is located?
 
What AV programs are you running?

As an aside, I would not run two AV programs- that can cause issues in my experience.


Sent from my iPhone using Rocketry Forum
 
Looks like there's is something in your startup items or services. You need to have someone take a look at it. Generally, but not always, it is suspicious when the grammar is a bit off. This may be from a 3rd party application that starts automatically and checks for updates. Certainly if this is supposed to be a message from the OS then it is definitely fake.
 
Sophos and Kaspersky andI don't run both AV programs at the same time. It's OK to run separate. My IT cousin clearly says so. I looked at task manager earlier and I really don't know what to look for. My start up folder looked empty. Clearly, I don't know what I'm doing on that note. I will ask my guru neighbor about it, but I was wondering if anyone else ever saw this before.
 
Looks like a phising scam or malware that might have come in through your browser. Try emptying your browser cache and deleting your temp files (C:\Windows\Temp).
I also run an anti-malware program once a month that has caught stuff that my AV hasn't (maybe because it scans for PUPs [Potentially Unwanted Programs]). Anyways I wouldn't click on "OK". I agree that the odd grammar is usually a giveaway that it's not legit.
 
Gary Byrum said:
Sophos and Kaspersky andI don't run both AV programs at the same time. It's OK to run separate. My IT cousin clearly says so. I looked at task manager earlier and I really don't know what to look for.
Click to expand...

AV products typically but not in every case use scheduled scans and real-time engines to scan on the fly. I would only have one real-time engine running.

Gary Byrum said:
My start up folder looked empty. Clearly, I don't know what I'm doing on that note. I will ask my guru neighbor about it, but I was wondering if anyone else ever saw this before.
Click to expand...

Guiding a non-technical person through this can be a bit tricky as the start-up folder is only one location of a few where yo can have startup items.

There are tools, such as Ccleaner, that have a convenient start-up items list, but this excludes services. The issue with installing applications is that by default some, including Ccleaner add background processes and scheduled tasks. So if you install it you need to stop the crap from running in the background as well as stop them from auto-checking for updates. Then you need to remove the scheduled task from it's list. All of this can be done within the application.

Regardless of what you do make sure you have a back up, as the locations you re ultimately making changes to control the operating system and the environment. I recommend you remove any startup item that has to do with Adobe free products, Java, and any application that you are not using. This is one of the reasons computers slow down over time as you end up with a lot of crap starting and running in the background.

Other than that you want to check your services. Again anything Java, Google, Adobe should all be disabled. Some of these services have been compromised in the past and there is no justifiable reason to have them running, beyond keeping their respective code up to date. However I recommend that you just check for updates manually and forego the auto update approach. YMMV

Having said the above I recommend that you engage a tech to look into your system. If they know what they are doing they will likely not just deal with your immediate concern but they will optimize and clean up your system.
 
Live a little. Click on it and let us know what happens...
 
Rktman said:
Looks like a phising scam or malware that might have come in through your browser. Try emptying your browser cache and deleting your temp files (C:\Windows\Temp).
I also run an anti-malware program once a month that has caught stuff that my AV hasn't (maybe because it scans for PUPs [Potentially Unwanted Programs]). Anyways I wouldn't click on "OK". I agree that the odd grammar is usually a giveaway that it's not legit.
Click to expand...

I emptied the folders you recommended and I still have the same issue. I no longer have MalwareBytes so I can't search for "pups".

Michael, I never have VP's running in the background. Auto updates are always off. I've heard of Ccleaner too. Don't have it. I'll prolly just cheat and let the comp guy next door fix it. Hell, he's the one that built it for me anyway.
 
Slightly off grammar is not always a sign for nefarious software. Lots of legitimate software is written in Asia for example.

You can try a couple of things to find out a bit more about it
1) Press Use the "Windows + Tab" shortcut. Does the Window appear with a title?
2) Use the task manager (Ctrl + Shift + Esc). Does it appear there?
3) Software like https://www.nirsoft.net/utils/winlister.html can help too.


Reinhard
 
I haven't seen that either. a google search of the 'update' version yields that 'galaxy S3' phone had an update version close to that number...3 years ago. sounds fishy to me.
Rex
 
Yeah without a reference to what is being updated, I wouldn't click it. It may be a legit driver and a poorly coded message but don't risk it. What windows version? I am only familiar with up to 7 but click start, then where it says run or search(or it may be an empty space to type in, I use it often but don't know what is says lol) type config.sys. A configuration utility should pop up. From there you can see what programs and services start on startup. A lot you will not recognize but some you will. Turn off any auto updater, and as was mentioned, adobe stuff and the like. Be careful what you disable though, some are system critical and can be a bugger to fix.

Some stuff will be hidden from Ctrl+alt+del and from config sys. I can take you deeper into the rabbit hole but would hate for you to delete or disable something important.
 
Gary Byrum said:
Auto updates are always off.
Click to expand...

You would be surprised on what can sneak into the background, even when you tell the offending application not to install things.

Gary Byrum said:
I'll prolly just cheat and let the comp guy next door fix it. Hell, he's the one that built it for me anyway.
Click to expand...

Sounds like a good plan...good luck.
 
When it pops up, start Windows Task Manager or Process Explorer (if you have that) and see what's running. Then kill the popup and see what goes away.
 
You very well may if you happen to be typing when it pops up. I haven't seen this technique in a while but it used to be rather common.
 
it is almost certainly malware, simply based on the wording. Don't click the cancel button, instead click the close box, and yes, watch task manager closely.


also, before you kill it, sort task manager by CPU, then drag the dialog box around. That might give you more of a clue as to what it is.
 
dhbarr said:
You very well may if you happen to be typing when it pops up. I haven't seen this technique in a while but it used to be rather common.
Click to expand...

This thing pops up while the desktop is setting up. It never comes in at any other time. No chance to click it by accident.

Roy, There's only 2 buttons I can click. Yes & No. That red box with the "X" is not active. So I have been constantly clicking the NO button. I'm leaving well enough alone at this point. Knowing me, I'll find a way to screw things up and be in a serious pickle seeing how my inbox is slammed with work I have to do in the morning. I don't wanna risk not being able to use this thing if I f*** things up.
 
Gary Byrum said:
This thing pops up while the desktop is setting up. It never comes in at any other time. No chance to click it by accident.

Roy, There's only 2 buttons I can click. Yes & No. That red box with the "X" is not active.
Click to expand...

So that's a dead giveaway. I still recommend dragging the box around while watching the CPU% on the Task Manager. Something will go way up as the mouse uses cpu cycles. it might be a system process if it was really nasty, or it might show up as a weird looking task that can be easily killed through the task manager.

So I have been constantly clicking the NO button. I'm leaving well enough alone at this point. Knowing me, I'll find a way to screw things up and be in a serious pickle seeing how my inbox is slammed with work I have to do in the morning. I don't wanna risk not being able to use this thing if I f*** things up.
Click to expand...

Yea, I'd ignore it for now until you get to a point you can play with it.
 
You know you want to... Do it!!!!!!!!

[video=youtube;Yx_fKg2Cn48]https://www.youtube.com/watch?v=Yx_fKg2Cn48[/video]
 
mpitfield said:
I recommend shutting down the computer until you can have someone look at it.
Click to expand...

I agree with this 100%. The longer things are infected the worse it can get.

That said, you might want to try the free version of Malwarebytes. It is usually pretty good at getting rid of crap like this.


Sent from my iPhone using Rocketry Forum
 
sooner.boomer said:
When it pops up, start Windows Task Manager or Process Explorer (if you have that) and see what's running. Then kill the popup and see what goes away.
Click to expand...

I did find the file after a lot of diddling around. I did see it disappear when I closed out the notice, but when the file is present, there was no way to manually remove it.
 
Gary Byrum said:
I did find the file after a lot of diddling around. I did see it disappear when I closed out the notice, but when the file is present, there was no way to manually remove it.
Click to expand...

I hate that with WinBlows. I think there is some sort of Linux root disk (on a CD/DVD these days, used to be a floppy) one could boot up to a Linux system that
could read and write any file system. If one is absolutely sure as to what file is causing the mischief, they could delete it. I only did it one time many years ago
and got away with it. Delete the wrong thing and your system can be hosed. It would be better if you can find an anti-viral/malware software that recognizes it
and destroys it for you. Best of luck. Kurt
 
ksaves2 said:
I hate that with WinBlows. I think there is some sort of Linux root disk (on a CD/DVD these days, used to be a floppy) one could boot up to a Linux system that
could read and write any file system. If one is absolutely sure as to what file is causing the mischief, they could delete it. I only did it one time many years ago
and got away with it. Delete the wrong thing and your system can be hosed. It would be better if you can find an anti-viral/malware software that recognizes it
and destroys it for you. Best of luck. Kurt
Click to expand...

Most linux versions (Debian, Ubuntu, Mint, etc.) come with the ability to boot as a "live" version that is run from a CD/DVD and not actually installed onto the hard drive. This might help you narrow down what's causing your problems, too - https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
 
RoyAtl said:
what was its name? was it indeed 'remote mouse'?
Click to expand...

Well, well well....I finally figured it out. After all this crap I went through and thinking this was some kind of phishing BS, turns out it was a Free YouTube downloader upgrade notice. I right clicked on the mini icon and went straight to where the file was. Had to do an uninstall on it and manually remove the leftover files. Too bad they didn't have sense enough to label the damn notice. I would have upgraded in a skinny minute. I like this downloader and I'll probably go back and DL it again. Hopefully it'll be the latest and greatest without all their stupid upgrade notices.

I really appreciate every ones help here. I didn't know what I was dealing with. I suppose now, my guru neighbor won't have to mess with this.
 

Similar threads

T
Issues with RTX GPS Base unit and Rocket Unit
Replies
2
Views
356
user 30299
U
DRAGON64
Laptop Suggestions - Drop'em Hot Right Here!
2
Replies
47
Views
2K
mooffle
M
neil_w
I suck at knots
2
Replies
51
Views
2K
neil_w
neil_w
M
K.I.S.S. Flight Computer Development.
2 3
Replies
73
Views
3K
Spacedog49Krell
Spacedog49Krell
thecapotc
Airwalker Clone/Spare Parts Build
Replies
11
Views
785
Ronz Rocketz
Ronz Rocketz

Latest posts

Back
Top