IE box on desktop on bootup, software or malware?

Hello, and thanks for the forum. I'm running Win2KPro on Dell, Firefox is default browser, but a few months ago started getting a 3" x 3" IE window fragment in the middle of the desktop - Properties identifies it as res://C:\WINNT\System32\shdoclc.dll/dnserror.htm#http://m3./, not encrypted, unknown protocol, and the rest were "not available." It is the last item that comes up in the boot sequence - after the tray icons, desktop background, desktop icons, etc, and occurs before any keystrokes or mouse clicks. This box cannot be closed by right clicking on it, there is no toolbar button for it, it is not listed in task manager, and the box itself has scroll bars but no X or minimizer in the corner so it sits there, mocking me
;-)

I have done a search of all drives on the PC and nothing comes back that includes text "*m3.*" I have run AdAware and TrendMicro and we are clean; the box is still here (I have downloaded all the things required in the Malware Read This First but I am still missing some pieces (GTI+ I think?) and the Windows update alone took an hour to complete for pete's sake). Google search of http://m3./ doesn't help much. Maybe was a malware or something that the site is down now, I don't know; I definitely do not recall any outright hijacking. Still, feels like I should be able to find an initialization string somewhere and take this command out and solve the issue (Gawd, I miss DOS), but I am so behind the times now I don't know where to look. Any ideas? Thanks in advance.

 

have you try to delete that file in SAFEMODE?

 

It seems to be a desktop item, that might help but i don't know how to fix it.

 

infoseeker, res://C:\WINNT\System32\shdoclc.dll/dnserror.htm# was in regedit as a desktop dll and as a test I took that out to see what would happen and all it did was take the "Action Cancelled" message out of the box and left it white... it has since repaired itself and "Action Cancelled" is back. I will try searching for *m3.* in safemode today though; even though I have unchecked all the Hide Files options, I guess something online could be suppressing it. As a special bonus for me, since I "updated" my Windows 2000 from Microsoft last night, it now takes about 10 minutes to boot up.

 

Perhaps you could check its not an 'Active Desktop' item, or just try turning active desktop off.

Matt

 

WoW!

Matt, I had never even tried right clicking on the desktop before and wasn't sure what you meant but tried that on a hunch at your suggestion, and there it was, checked. So I unchecked it and the box disappeared. Where do things like that come from, does anybody know? Thanks! I am *such* a DOS girl.

(edit) In fact, I explored Customizing my desktop and deleted the .m3 entry altogether. I am still curious how stuff gets there, but am *very* happy it's gone. You rock, Matt. Noodlesis, now we both know. Infoseeker, I tried to make it too hard I think. ;-)

 

Glad that helped.

It may have just been an accidental click on a website (if you right click on a webpage you'll see there is a 'Set As Desktop Item'

OR

It could have been set by some kind of malware or spyware. Just make sure you are protected from this sort of thing by using a decent anti spyware such as windows defender (for realtime protection) or Adaware (for scanning) and you should be fine.

Matt

 

Windows Defender won't install for me; for whatever reason it didn't like my version of Win2K, and even after I tried to update it says I'm missing (I think) GTI+; we will continue to use AdAware then. Bootup is taking even longer now (20-25 minutes), I guess thanks to the update, so that's become my new issue. Oh well, at least the IE box is still gone, and once it's booted up there's no speed problem. LOL, it's always something... Thanks again.

 

WIndows Defender requires XP SP2 as far as I remember, so that may be the problem their.

As for the bootup 20-25 minutes does seem a very long time. Apart from the obvious stuff like cleaning temporary internet files, prefetch, temp files, defragging etc I can't really offer much help on that one.

At least we got one thing sorted

Matt

 

chaslang... are you following me?

 

I see....

(I think)

 

I thought so.

I can't seem to find procexp (from sysinternals) in your listings am I missing it or is it just not added?

Matt

 

Ignore that I found it.......

Matt

 

Thats how I found it lol....

Matt

 

Plan to do a scandisk and defrag and any other things I can think of (never heard of prefetch, guess I'll be learning about that) in just a minute. Thanks for the help re the box.