curious about identifying some malware

Hello,

Briefly, I am hoping that you can help me identify the piece of malware that is on my computer.

And I do want to add here, up front... There is no emergency, no crisis, and no wailing at my dire situation. I'm just curious what sort of malware might be on my computer, and how to identify it without access to the internet.

and now the long explanation... (many pardons and thanks for reading)

There are 2 people in our company, me and my boss.
We have 3 computers in our little LAN, and no internet access...
well, my boss has dial-up AOL on his computer, which he is perfectly happy with; but my computer has no internet access of any kind what so ever.

How do I know I have some piece of malware? Well, I'm sure that you know about winternal's process explorer; I open up the folder that contains it, I double click the file ( procexp.exe ) process explorer starts briefly, then closes, and then the file, procexp.exe is deleted from the folder. what is mildly amusing, all you need to do is rename the file to anything, like procexp1.exe, and it works fine, so it is not the brightest piece of malware out there... but with process explorer running, there is nothing out of the ordinary showing up.

Also, my computer has windows 2000 and no service packs ( no internet so who cares sort of thing ). I wanted to install SP4 so I could then install a newer older version of adobe reader... I double click the SP4 install file, a window pops up and says... extracting files to "some folder", with my older computer, this takes one to 2 minutes. So I navigate to that folder in windows, open it up, and I sit and watch the extraction and the destination folder being populated with files. When the extraction is done, SP4 will open 2 DOS boxes and run a couple of batch scripts and install the service pack. The moment the extraction is complete, all of the SP4 files are deleted and disappear, the 2 DOS boxes still pop up, but nothing happens since all of the extracted files were deleted from the destination folder.

Oh, and installing any program of any type no longer works, but I can use any program I want, as long as it does not need to be "installed", like Foxit's pdf reader v230.

The other 2 computers on our very loose unsecured LAN seem unaffected since process explorer works, and installing programs also works just fine.

I know how I got infected... since my boss told me one time that when I'm not here, he uses my computer to offload files from clients' USB thumb drives because it is easy and convenient from my computer, and then he just copies them over to his computer.

I have not done anything about my work computer, and this malware thing for 2 years now, because I simply don't have the time during the work day to wipe and reinstall everything on my old computer, which has a luxurious 4GB main hard drive and 3GB backup drive. I also know that my computer was clean at one time. Two months after I first started working for my boss, the hard drive crashed big time, so being the good new employee that I am, I took the computer home, threw out the old non-functional hard drive and installed the 4GB and 3GB hard drives that were just lying around, since everyone has old spare hard drives just lying around, right? So I personally installed everything on my computer new... and it was only 2 years later when the odd behavior started... so yes, I've been there 4 years now.

So far, whatever I've got is behaving itself. It does not interfere with the normal operations of my computer, which is why I have not bothered to clean it up. It has no where to go because I don't have any internet access, and it just sits there, and only deletes the winternal's process explorer executable file every time I run it, which I do every couple of months or so, just to check up on it.

I convinced my boss to get newer old computers, but I don't want him touching my old computer when I transfer everything over, until I can find out what exactly it is that I have. Also, there is no way in heck that I am taking my work computer home, or any where else with internet, since there will always be other computers on the LAN.

It's kind of funny... over the last year or so, clients have been wanting me to email reports to them... I don't have the internet at work, so I tell them I need to take the reports home, and email them from home. Since I am not letting a USB thumb drive any where near my work computer, I have actually been using 720KB floppy disks to shuttle any files back and forth from work and home. I do check the floppies with an up to date virus scanner, and they come back clean, so I know that the malware ignores floppy disks, and with floppies, if something was being copied to it, it is rather obvious from all of the noise they make.

Anyway, if you're still reading, thanks. I was just hoping to maybe, some how, put a name to this malware, so I can talk to my boss and say... "hey, I've got this malware from a clients USB drive. This is its name, this is what it does, and that is why I need to actually do something about it." But I have no idea how to go about doing that without the internet. If this is not possible, then I'll just wipe it clean and throw away the hard drives when I start using my new work computer.

Thanks,
harmless

 

first of all, i want to thank all of the major geeks that help people with their problems, it is indeed a great service that you provide.

i was just curious about how to identify my malware... but, it is an old computer and an old operating system, and i am just going to trash my old 3GB hard drive when i get my replacement computer in. i just don't have the time at work to fool around and try this and that.

here are some resources that many people might have an interest in:

i found this website about a month ago, AV vendors are finally giving us something that is finally useful:
Live bootable rescue CD's that contain their antivirus software.
you download the iso file, burn it to a CD, boot your computer with the CD, run their software, and clean up your computer.
the website is: Tweaking With Vishal

it lists and has links to 7 major AV vendors where you can download for free, bootable resuce CD's with their AV software on it.
the list is: Kaspersky Rescue CD, BitDefender Rescue CD, AVG Rescue CD, Avira Rescue CD, F-Secure Rescue CD, Panda SafeCD, and Dr.Web LiveCD.

GFI Vipre also has a rescue program that you can download for free:
VIPRE Rescue Program

and though it is not free, safer-networking also sells a bootable live CD
bootable CD with Spybot-S&D

thanks again and hopefully this is useful information to some one.

toodles,
harmless

 

arghh, i knew that... actually, not even sure why i posted. if i would have thought about it, i would have just used one of those bootable iso's, run the programs, and they would tell me what was found, then i could go look it up and see what it does. i'm getting too old for this stuff, and not thinking things through like i used to. guess i've been using a mac for too long, though i'm the one that family will call when bad things happen to their computers.

thanks for replying, and sorry to have bothered you.
harmless