Sign of a virus ?!?! Argh.

[StygianRoarz]

After doing some stuff on my laptop for a few hours, the whole screen will turn a little black and some words will appear.. i ran anti virus scan on it but there is no viruses found..

The following screenshot should help - 

[Tarq57]

Checked your screensaver settings?

[StygianRoarz]

Checked your screensaver settings?

Erm how does that help? Sorry if this sounds like a retarded question 

[Tarq57]

Well, it looks like the sort of thing that might have been installed at some point to prevent excessive time spent in front of the computer. Possibly a screensaver, maybe a program.
But quite possibly it is malicious, thought it worthwhile checking the (maybe) easy and "face value" side of things, first.

[StygianRoarz]

Well, it looks like the sort of thing that might have been installed at some point to prevent excessive time spent in front of the computer. Possibly a screensaver, maybe a program.
But quite possibly it is malicious, thought it worthwhile checking the (maybe) easy and "face value" side of things, first.

Lol icic. Hmms i checked the screensaver settings.. seems alright to me. All the usual settings..

[Pondus]

i ran anti virus scan on it but there is no viruses found..

have you tried scanning with MBAM and SAS.....

[.: L' arc :.]

Step 1: Windows Disk Cleanup Utility ============

1   Press Windows Key + R
2   Type in: cleanmgr
3   Put a check beside: Temporary Internet Files and Temporary Files. Optionally, you may check other options too
4   Click OK

Step 2: avast! Boot Time Scan ============

1   Double click avast! antivirus desktop icon and wait for memory test to complete
2   avast GUI will appear. Right click anywhere on avast!'s window and select Schedule Boot Time Scan...
3   Click Advanced options and select Move infected file to Chest on the first dropdown list and leave the other one as it was. Click Schedule
4   You will be asked for a system restart. Click Yes to do it now or No to let avast wait for you to manually restart your PC
        NOTE: Optionally, you may enable scanning of archive files. If it is enabled, scanning would be more thorough but would take more time

Step 3: Malwarebytes Antimalware (MBAM) ============

1   Download Malwarebyes' Antimalware here
2   Proceed to installing MBAM after downloading
3   On the last dialog box, do not forget to leave Update Malwarebytes' Antimalware and Run Malwarebytes' Antimalware checked
4   Malwabytes' Antimalware GUI would appear, from there select Perform Quick Scan and click Scan
5   When scan is completed, click Show Results
6   Click Remove Selected and then, a notepad file will appear.
7   On the notepad window, click File > Save As and save it on your desktop. You may now close MBAM.

Step 4: Hijack This (HJT) ============

1   Download Trend Micro Hijack This here
2   Install HJT in C:\Program Files\Trend Micro\HijackThis (the location is already displayed by default). Click Install
3   HJT Window will appear. Click Do a system scan and save a logfile. A notepad file will pop-up once the scan is completed
5   Click on the Notepad window and click File > Save As and save the file on your desktop
6   Go back here on your topic and start a reply. On the Reply window, click Additional Options
7   Attach the two .txt files that we created and saved on your desktop (click more attachments to have more slots for attaching files)
        NOTE: Do not have HJT fix anything yet.

[Hermite15]

Tarq57 is right...that's either a screen saver, or something installed as a reminder for a break... and if you never heard of it before, then it's quite possibly malicious.

edit: did you open the console yourself ?

[StygianRoarz]

i ran anti virus scan on it but there is no viruses found..

have you tried scanning with MBAM and SAS.....

Now scanning with MBAM. So far no viruses found though. Whats SAS?

@L'arc: Yeah gonna run Hijackthis after MBAM..

[StygianRoarz]

all attachments... happy looking   . lol.

[.: L' arc :.]

 There it's done. Report: Clean.

 I could not find anything malicious in your HJT log except for deactivated entries which you may fix:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

 To fix them, open HijackThis and select Do a system scan only then put a check beside the entries above. Click Fix checked.

 By the way, are you the one who opened the command prompt window at the back of the "screensaver-thing"?

[StygianRoarz]

There it's done. Report: Clean.

 I could not find anything malicious in your HJT log except for deactivated entries which you may fix:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

 To fix them, open HijackThis and select Do a system scan only then put a check beside the entries above. Click Fix checked.

 By the way, are you the one who opened the command prompt window at the back of the "screensaver-thing"?

Yup i was the one.. ><.  This particular virus (?) seems rather elusive..

[StygianRoarz]

i deleted the 3 selected files but it reappeared in the next scan???!

And it this next scan, the system blocked write access to the following file: notepad C:\windows\system32\drivers\etc\hosts

[YoKenny]

Adobe Reader 8.0 is vulnerable to attack so should be updated to Adobe Reader 9.2.

You need Administrator privilage to write to HOSTS file in Vista.

[Pondus]

Now scanning with MBAM. So far no viruses found though. Whats SAS?

SAS = (SUPERAntiSpyware) http://superantispyware.com/