Unknown Application secretly opens/closes IE window

Unknown Application secretly opens/closes IE window

I have IE Privacy Keeper installed and set to Auto Clean Up when the last Internet Explorer window is closed and set to show the “Cleaning up …” message. When I first connect to the Internet via my ISP (Wal-Mart Connect) and before I open any Internet Explorer window, the “Cleaning up …” message from IE Privacy Keeper flashes on my screen. This tell me that some application on my hard drive has secretly opened an Internet Explorer window and then closed that window within the span of a few seconds, presumably to pass information stored on my computer to someone connected to the Internet.

I’ve read and performed the How to: Spyware, Trojan And Virus Removal (http://forums.majorgeeks.com/showthread.php?t=35407) with no luck on fixing the problem. Please tell me how I can find out which application(s) on my hard drive are secretly opening an Internet Explorer window and then closing that window. Thanks.

 

Welcome

It is very important that you at least try to do everything in the READ ME. If you still have a problem then do the following:

Please try to turn OFF any applications that are not needed It makes it much easier to look at the HJT log.
Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

Good Luck

 

Re: Unknown (ATWOLA?) Application secretly opens/closes IE window

Hi TOT,

After my Internet Explorer secretly opened and closed, I checked my cookies folder. The only cookie that appeard at the time of the secret opening and closing is something called "ATWOLA." A google search indicates that ATWOLA has the ability to track your personal preferences and Web surfing habits through the use of your IP address and is placed in your cookies when you visit the authors Web site. In addition, ATWOLA appears to be related to AOL. The domain name ATWOLA.com is owned by AOL Time Warner. Occasionally, my Norton Internet Security catches someone in Virginia using an AOL IP address trying to access my harddrive via a trojan horse. I don't know if these are related.

I can easily remove the ATWOLA cookie. If there is an easy way to discover the application that is causing my computer (when first connected to the Internet) to visit the "authors Web site" to receive the ATWOLA cookie, please let me know. Otherwise, I will provide you with an HJT log.

Thanks.

 

If you have done all the READ ME then provide a log as instructed.

 

Hi TOT,

I completed Major Geek’s Basic spyware, Trojan and virus removal directions and attached my HiJack This log.

For the spyware, Trojan and virus removal directions, my computer cannot log onto the Internet in Safe Mode so I ran the online scans in normal mode. Only three of the scans turned up anything and the below are the notes from those scans. (Please let me know the ramifications of deleting KILLAPPS.EXE)

Lately, my computer has been very sluggish; it takes forever to start up. I may have too many applications loading on start up. If so, please suggest which ones I may remove. In addition, my Norton Internet Security has been blocking back door Trojan horses viruses. I think I allowed something to be installed onto my hard drive that draws Trojan horse virus attacks.


***** a² Report scan results
Filename: C:\Restore\WINDOWS\SYSTEM32\KILLAPPS.EXE; Diagnosis: not-a-virus:RiskWare.Tool.KillApp.b
Filename: C:\WINDOWS\system32\KILLAPPS.EXE; Diagnosis: not-a-virus:RiskWare.Tool.KillApp.b
 Malware killapps.exe deleted


***** avast! Virus Cleaner Tool scan results
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (134833 files, 0 infected, 10979.0s).
Drives scanned: C:


***** BitDefender Online Scanner results
Identified Viruses 0
Infected Files 0
Suspect Files 1
Warnings 0
Disinfected 0
Deleted Files 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\60815CAE.htm
Suspected of: JS.Exploit.DialogArg.B
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\60815CAE.htm
Disinfection failed
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\60815CAE.htm
 Deleted