Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
So on my friends computer, there's this red dot in the systray. When you right-click it, a windows pops up prompting for a password, the title of the window is password for viewer.
Can't seem to find the name of the program. I can't see anything suspicious in task manager or in services. Is there some program that can give you the path of a window that pops up? That would end the mystery, but I'm not aware of a program like that.
Page 1 of 1
Mysterious program in systray(red dot)
Rate Topic:
Back to top
#2
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,188
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 13 October 2007 - 10:42 AM
Some flavor of VNC?
GL
GL
#3
- Advanced Member
-
- Group: Members
- Posts: 449
- Joined: 11-April 07
Posted 13 October 2007 - 11:40 AM
Quote
Is there some program that can give you the path of a window that pops up? That would end the mystery, but I'm not aware of a program like that.
Yes, Process Explorer can. There is a button in the buttonbar, representing a vizier, which you can drag to the window. Process Explorer will tell you which process owns the window.
#4
- Junior
-
- Group: Members
- Posts: 62
- Joined: 20-June 07
Posted 13 October 2007 - 12:07 PM
This thread suggests it's called "cheater checker viewer":
http://www.hardforum...hp?p=1031533228
Cheater Checker site:
http://www.cheatercheckers.com/
This thread goes into detail about removing it:
http://mytgn.co.uk/f...ad.php?p=301940
PDF with removal details (I don't know if this covers the very latest version):
http://www.spywaresi...aterchecker.pdf
It might be obvious as to who installed it on your system, but be sure to make a record of file timestamps. Then search for files that were created/modified at the same time - maybe they also installed other similar programs or did something which will identify them.
If you can manage to find its config file, you might be able to read it - it has the ability to email logs, so that email address needs to be stored somewhere. Alternatively, leave it running and use a packet sniffer to log the whole email it sends.
It might be best to completely reformat - if the red dot is Cheater Checker you really can't trust your system to be completely free of other similar or worse programs. You should also check the back of your computer to see if there are any hardware keyloggers inbetween the keyboard and PC.
If the presence of Cheater Checker is confirmed, you must also change ALL your passwords - ones that you have actually used since CC was installed, accounts that have the same password, and anything IE or Firefox has saved. You should also change passwords to accounts associated with your email account, since some sites send you your password when requested.
(edit: replace "you"/"your" with "him"/"his")
http://www.hardforum...hp?p=1031533228
Cheater Checker site:
http://www.cheatercheckers.com/
This thread goes into detail about removing it:
http://mytgn.co.uk/f...ad.php?p=301940
PDF with removal details (I don't know if this covers the very latest version):
http://www.spywaresi...aterchecker.pdf
It might be obvious as to who installed it on your system, but be sure to make a record of file timestamps. Then search for files that were created/modified at the same time - maybe they also installed other similar programs or did something which will identify them.
If you can manage to find its config file, you might be able to read it - it has the ability to email logs, so that email address needs to be stored somewhere. Alternatively, leave it running and use a packet sniffer to log the whole email it sends.
It might be best to completely reformat - if the red dot is Cheater Checker you really can't trust your system to be completely free of other similar or worse programs. You should also check the back of your computer to see if there are any hardware keyloggers inbetween the keyboard and PC.
If the presence of Cheater Checker is confirmed, you must also change ALL your passwords - ones that you have actually used since CC was installed, accounts that have the same password, and anything IE or Firefox has saved. You should also change passwords to accounts associated with your email account, since some sites send you your password when requested.
(edit: replace "you"/"your" with "him"/"his")
This post has been edited by SmaugyGrrr: 13 October 2007 - 12:47 PM
Share this topic:
Page 1 of 1