Jump to content

Unknown program in alt+tab immediately closing as soon as I see it. Am I being paranoid, or?


Recommended Posts

Posted

When playing game, I noticed that sometimes when I alt+tab there's a program that quickly closes almost as soon as I actually see the window switching screen. I can't get a good look at it, but I'm pretty sure it has no logo nor any name. It also doesn't have any sort of "body" (the window is just thin and transparent). I haven't really installed anything since I started having this problem. The only things I have were Vortex (a mod manager from nexusmods) and the Bethesda launcher, both of which, I think, had proper digital signatures and Kaspersky didn't pick anything up when installing. I also downloaded a .jpg or .png, but I don't think those contain malware (I can see file extensions/whether a file is an .exe, so I would've been able to tell if it was a program). Lastly, I did around 2-3 scans with Kaspersky SC Free since this started and it found some files it couldn't process in WinSxS (both are in a microsoft edge first time installer, which has a digital signature), but nothing malicious. I've been checking Glasswire (an internet connection monitoring software) from time to time. I don't see any suspicious programs connecting to the internet at the same times the window appears and closes, nor any seriously suspicious programs. I did notice my internet degrading at times for no real reason, but that could easily just be my bad inernet. My only idea was that it could be Wallpaper Engine, since I remember Steam asking whether I wanted to use local data or cloud data randomly, I chose local data. I don't remember if I did this before or after, but it was at around the same time the problem started occurring. I have no idea if WE is actually the culprit or not though. No one's tried to log into any accounts or anything either. Is it malware or something else? Is there any way to find out? I also did a scan with a second opinion scanner and it only got some tracking cookies, nothing malicious.

Igor Kurzin
Posted

Hi BigHotStud,
Can be something 'legal' working in the background. 

You can try to find out what it is by disabling other processes (start up tasks). 

1.Start in Clean boot:

https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
2.Disable scheduled tasks:

- go to c:\windows\system32\tasks

- create a folder with any name (e.g. 'Test')

-  move all the contents of c:\windows\system32\tasks to this new folder

- restart PC

  • Like 1
Posted
1 hour ago, Igor Kurzin said:

Hi BigHotStud,
Can be something 'legal' working in the background. 

You can try to find out what it is by disabling other processes (start up tasks). 

1.Start in Clean boot:

https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
2.Disable scheduled tasks:

- go to c:\windows\system32\tasks

- create a folder with any name (e.g. 'Test')

-  move all the contents of c:\windows\system32\tasks to this new folder

- restart PC

I think that might be the case, since I haven't really installed anything that'd be malicious (the only thing I can think of is the Bethesda launcher, but I'm 60% sure it was the official one), plus, two good antivirus engines didn't pick anything malicious up. I'm going to try disabling the "legal" program that I think is the main perpetrator for a day or so and see if that changes anything.

I'm not really comfortable tampering with system32, since I don't want to mess my system up. Is there any other way to find out what program it might be?

Igor Kurzin
Posted

Yes, you can manage scheduled tasks this way: press Start -> type taskschd.msc -> press Enter. Select Task Scheduler Library. You can analyze the tasks and press 'Disable' on the right. 

Posted (edited)
On 4/22/2022 at 7:51 AM, Igor Kurzin said:

Yes, you can manage scheduled tasks this way: press Start -> type taskschd.msc -> press Enter. Select Task Scheduler Library. You can analyze the tasks and press 'Disable' on the right. 

Hello again, sorry that it took so long to get back to you. I had the application I suspected closed for the last two days or so and I've stopped noticing the window. I did notice an invisible, unnamed window open and close as soon as I went into the task witcher, but I also closed a program immediately before that and it was much slower than the one I kept seeing, so it could've been just task switcher bugging out. I've done several more scans with Kaspersky and it hasn't picked anything up. Glasswire doesn't pick up any suspicious connections either.

I looked through taskscheduler and I found some that didn't have an author or had a very weird author like system32/{name}/{name}. Here they are:

CDSSync

Schedule Scan

RunUpdateNotificationMgr

MsCtfMonitor

MaintenanceTasks

SpeechModelDownloadTask

SpaceManagerTask

UpdateUserPictureTask

BackgroundUploadTask

NetworkStateChangeTask

StartComponentCleanup

LoginCheck

Registration

SystemSoundsService

Logon

Notifications

ScanForUpdatesAsUser

ScanForUpdates

SmartRetry

FODCleanupTask

Diagnostics

StorageSense

dusmtask

DXGIAdapterCache

RegisterDevicePeriodic24

RegisterDeviceProtectionStateChanged

RegisterUserDevice

Device

Device User

CreateObjectTask

Pre-staged app cleanup

Backup

Microsoft Compatibility Appraiser

ProgramDataUpdater

RegisterDeviceLocationRightsChange

Do any of these raise any red flags? Am I safe?

Edited by BigHotStud
Changed some wording.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...