DonationCoder.com Forum

Main Area and Open Discussion => Living Room => Topic started by: kalos on May 27, 2017, 02:33 PM

Title: How can I identify a flashing DOS window?
Post by: kalos on May 27, 2017, 02:33 PM

hello!

I get randomly a flashing DOS window that I can barely see. Is there a way to identify which process does that?

I did scan my laptop with MalwareBytes and it found nothing, but I am worried.

thanks!

Title: Re: How can I identify a flashing DOS window?
Post by: Shades on May 28, 2017, 02:27 PM

Did you install software recently?

Remove it and try to detect the flashing DOS window again.
- If you do not see this flashing window anymore, it is safe to assume that this software was the culprit. And you should investigate what that latest piece of software is doing in the background. And find alternatives for this piece of software.
- If you keep seeing the flashing DOS window, repeat the step above with the latest software you installed -1

This is the 'elimination' process.

Or you can use:
- JRT (https://www.bleepingcomputer.com/download/junkware-removal-tool/)
- AdwCleaner (https://www.bleepingcomputer.com/download/adwcleaner/)
- RKill (https://www.bleepingcomputer.com/download/rkill/)
- ComboFix (https://www.bleepingcomputer.com/download/combofix/)

Those will kill whatever your antivirus software and/or anti-malware software miss.

Title: Re: How can I identify a flashing DOS window?
Post by: mwb1100 on May 28, 2017, 05:43 PM

This may have some ideas to help:

  - Is there any tool to log create process activity in Windows (https://superuser.com/questions/1044902/is-there-any-tool-to-log-create-process-activity-in-windows)

Title: Re: How can I identify a flashing DOS window?
Post by: x16wda on May 29, 2017, 11:58 AM

This may have some ideas to help:

  - Is there any tool to log create process activity in Windows (https://superuser.com/questions/1044902/is-there-any-tool-to-log-create-process-activity-in-windows)

-mwb1100 (May 28, 2017, 05:43 PM)

Sysmon would work but has a huge log for you to dig through. I have used the History feature in System Explorer (http://systemexplorer.net) to find that type of info before, it's less to dig through and may be enough. Sample of the display (which can also be saved in a history text file):

[ You are not allowed to view attachments ]

Title: Re: How can I identify a flashing DOS window?
Post by: kalos on May 29, 2017, 04:41 PM

I think the mysterious DOS flashing window must be one of these:
officebackgroundtaskhandler.exe
ipoint.exe
conhost.exe

I do think that I get this annoying DOS flashing window after I opted to install some MS Office updates.

Any hint?

Title: Re: How can I identify a flashing DOS window?
Post by: wraith808 on May 29, 2017, 05:40 PM

officebackgroundtaskhandler.exe

-kalos (May 29, 2017, 04:41 PM)

This does create a command window when it's updating.

Title: Re: How can I identify a flashing DOS window?
Post by: mrHappy on May 30, 2017, 02:50 AM

stumbled upon this https://www.ghacks.net/2017/05/30/what-is-that-popup-on-windows-10-that-disappears-after-a-split-second/ (https://www.ghacks.net/2017/05/30/what-is-that-popup-on-windows-10-that-disappears-after-a-split-second/)

And since you mention officebackgroundtaskhandler.exe I'm guessing it's exactly this you're seeing.

Title: Re: How can I identify a flashing DOS window?
Post by: wraith808 on May 30, 2017, 08:11 AM

Nice.  Thanks!  It has a couple of solutions also.

Title: Re: How can I identify a flashing DOS window?
Post by: mouser on May 30, 2017, 01:40 PM

Was just coming to post the link but mrHappy beat me to it!

Title: Re: How can I identify a flashing DOS window?
Post by: kalos on May 30, 2017, 05:27 PM

So is there a fix, is it a virus?

It could also be wmiprvse.exe and livecomm.exe?

Title: Re: How can I identify a flashing DOS window?
Post by: mwb1100 on May 30, 2017, 06:19 PM

So is there a fix, is it a virus?

-kalos (May 30, 2017, 05:27 PM)

Dd you read the linked article from Mr. Happy's post?