There's a new program running in my taskbar. I'm not sure how it got there or what it is.
I can't right-click and close it and it's not appearing in Windows Task Manager under Applications.
The last thing I installed was Gunbound, but I don't think it came from there.

Any help would be great.

Run 'tasklist' from a cmd prompt and copy/paste here :)

Edit: Oh shit guys I think it's spreading. (http://forums.zgeek.com/showthread.php?s=&threadid=14445)

I can't telnet in from work so it'll have to wait.

If it's a virus, then McAfee is sacked! ;)

I have seen that before, but I can't remember what it is. I do have a feeling it is from gunbound though. Instead of looking in the applications, we need to see what processes are running.

I still say you just sneezed on your screen though. Getting a screencap of that booger was quite impressive.

Well that is the AIM icon, but it looks like it is not responding.

Are you sure it's the AIM icon? I thought it looked like this

http://perso.wanadoo.fr/licorneland/images/aim%20aol.jpg

Now you mention it I think you're right, I just cant find the image anywhere.

I don't run AIM at all. Though it was my first thought (i was drunk).
I'll post a list of processes running in about 8 hours, once I'm home.

It looks like the EBAY gift finder.

Have you installed Code composer?

The firgure is on both your and Mister Bishi's avatars, bottem right hand corner. Some strange image infecting virus?

FUCK! Sutter's right - there's some bad voodoo going on in these parts. My biggest fear is that it's going to move out to traffic lights and kill the little red man - well that, and my penis falling off.

Process List.
Get to work! :p

I'm not sure whether it's causing greenman, but you have C-Dilla spyware all up in yo shit.

Just looking for removal info now.

Keep on topic people! If you think posting stupid remarks and images is vital do it in the designated thread (http://forums.zgeek.com/showthread.php?s=&threadid=14445).

Bishi, I didn't thing C-Dilla is spyware, you need it at least to run 3D Studio MAX and similar high-end apps (it's the licensing server for them.) Then again if BlueBoy doesn't have 3DS MAX installed it's a bit suspicious though it is a separate install from MAX and could be left after. You can stop C-Dilla from running by stopping it in Services and setting it to Manual. It should also appear in Add/Remove Programs.

I'd double check KazaaLite.kpp and Speed Up.exe for foul play. And maybe cdac11ba.exe (copy protection shit (http://www.liutilities.com/products/wintaskspro/processlibrary/cdac11ba/))

Indeed many apps use C-Dilla for licensing and copy protection, but it - at least in some cases- is very sneaky in that it doesn't tell the user that it's being installed and tries to evade registry monitoring and anti-spyware apps.

Speed Up comes with K-Lite and just improves a few features, such as the ability to find more sources for a download every 10 secs rather than 5 minutes or whatever it is, I've run both for at least a year and have never seen that wee green fellow.

I have 3d Studio Max installed.

I think I have this: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99906

I was wrong.

I see an entry called DOT with teh value 'Winsys.exe' under HKLM\SOFTWARE\Microsoft/Windows/CurrentVersion/Run

Googling without success. :(

Manual deletion of all winsys.exe related files and registry entries.
Green Man is no more. :D

I was gonna say it looks like FireHart has invaded your pc...

:p

Originally posted by BlueBoy
I was wrong.

I see an entry called DOT with teh value 'Winsys.exe' under HKLM\SOFTWARE\Microsoft/Windows/CurrentVersion/Run

Googling without success. :(

I googled with success and bad news mate: seems that it might be a keylogger (http://www.pestpatrol.com/PestInfo/W/Win-Spy.asp). (though another site does suggest the LOLOL worm which spreads via Kazaa) Change your passwords and other possible authentication tokens immediately. Before you remove the files listed by that site try to see if you can find an email address in any of them...that will most likely be the offender's address.

I saw that page.
I dismissed it as I didn't have any of the offending files apart from Winsys.exe.

heres a quick link to help check out various startup file infos. I consider it invaluable.
Windows Startup Online Repository (http://www.windowsstartup.com/wso/search.php)

edit: btw, it lists winsys.exe as:
winsys.exe Winsys 3 Win-Spy - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it

I'm going to change my passwords tonight just in case.
I didn't do anything except IRC, downlaod stuff from Kazaa and play Gunbound while it was runnning anyway. :)

It's just a thought - but it could have been someone elaborately trying to hack your gunbound account so I would definitely change its password...

They're welcome to it.
Nobody plays as badly as me. :p

Surely a keylogger type creature would try to be a little more inconspicuous?

Originally posted by MisterBishi
Surely a keylogger type creature would try to be a little more inconspicuous?

That's what would be the ideal situation. I've seen a keylogger before which appears in the taskbar. Any sensible spy would try and hide it but a trick that works in one version of Windows might not work in another, hence the program appearing in the taskbar.

Why would any worm or spyware display itself in the taskbar is beyond me. Unless of course its creator was a talentless hack and decided to assign it an icon because he couldn't hide it.

Originally posted by BlueBoy I saw that page.
I dismissed it as I didn't have any of the offending files apart from Winsys.exe.

My interpretation (since it says "if present") was that the list had all known names, winsys.exe being one of them. I hope it's not that thoug but "only" a Kazaa worm etc.

Apologies, posted in wrong thread.

http://forums.zgeek.com/attachment.php?s=&postid=251277