AutoHotkey Community

I curse myself for blocking it now, cause that would really have helped alot - the link just said "www.paypal.com" but computers don't go to links like that for nothing, we all know that and I strongly doubt that paypal would use that kind of "advertisement"



I am, its a home PC



Yes thats hypotheical possible, although i think the chance of something like that happening is VERY slim.And the strange thing was, that the program was NOT running at all (when i checked after firewall prompting). I checked my running processes to see if it somehow failed to closed correctly, but no nothing. (I was playing a game full screen with a minimum of app running in the back, at the time)

I know it must have been running when it wanted to launch mozilla, otherwise the firewall would be bugged (and lets just exclude that one)
So something must have launched it, as a background process and then tell it to go to these pages.

I searched my registry for "paypal" and it found nothing. Since I have a firewall running (and its prompting both in and outgoing "firsttimers") the chances of someone remotely activating the application are slim to zero.

So status is that :
1 : the exe file have been checked, dobbelt checked, and its not infected, bugged or corrupted.

2 : No "weird" strings have been found in the exe file(at least not in Unicode)

3 : SmartGui.exe was not running (under my authority) when it happened

4. I searched my registry for "paypal" and found 0 items

next we have story's about how gnomes, and midgets might be taking over my desktop and turn it into a waffle bakery

I mean this its hopeless, there is no chance of ever getting to know what did this, someone did it and whoever that was he/she must truly be a mastermind.

If anyone has any idea to as what more can be done to figure out what caused this problem, please add it.

1. Though both the exes are now decidedly proven same, but to negate the doubt raised about having questionable code in compiled file and not in posted code, just run the file with the command line parameter 'GiveMeSource' to get the source to the file you hold.

2. From my little knowledge about these things, I know that some malwares disguise themselves as another process (process injection/hijacking). Though most of them masquerade as browsers, its not difficult to assume that one could code something that uses a random process (as lexiKos mentioned).

best regards.

_________________

Buckie :

to find more information :
- google tcpview (from former sysinternals, now microsoft) and run it to identify process connecting to paypal by PID (process ID)
- google procexp (from former sysinternals, now microsoft) and run it to
have exact location of the process associated to PID on disk, to see if it's your real browser + check the PPID (Parent PID) to identify the process which really launched the PID identified process
- google listdlls (from former sysinternals, now microsoft) and run it to
have a list of dlls visible by the processes of PID and PPID identifiers
- google HijackThis (by Merijn, should be @ http://www.merijn.org/files/hijackthis.zip) to check if browser config has been tampered with
- google online scanner to find (for instance) this or that to scan your PC... Remember that some AV see things others don't see => the more you run, the better will be the info

I've exhausted the main ideas for now, and, we're becoming off-topic in this forum named - Bug Reports -

Good luck

it would be as simple as compiling the following script and naming it SmartGUI.exe........

_________________

ʞɔпɟ əɥʇ ʇɐɥʍ

since topic about smartGUI is already started i would like to add something.
I run Win XP, SP2 and on my system smartGUI is not working properly, for example, a bug: when i try to open a script from a menubar, application's controls freez, meaning app. is working, but it's controls turn into dummies. However, on Vista same version works just fine. Any sollutions?