This morning IE started acting strange. Computer CPU usage skyrockets, computer slows to a crawl, and when I open a company directory form in IE, one of the fields is being populated with letters, each being typed about 3/4 of a second after the first.
I thought it was stray captured characters from the keyboard, so I exit.
I go to CNN, and again the computer goes slow. Between frames, more characters appear, again being “typed” – this time with words in english. It was quite obvious that it wasn’t meant to be there – it didn’t look like an ad, it was nonsense, and it was slowly being typed. I cut and paste it to Word. I open the directory again, and the characters are being typed again in the same field as before.
This is a sample of the text:
I can’t get the computer to replicate it now.
Since this was being slowly and deliberately “typed”, I thought at first someone had gained remote access to my computer. then I saw the nonsense sentences that remind me of those found at the end of spam messages, and I suspect some form of bot – maybe a spyware bot spamming program that is supposed to send spam from my computer (but that got hozed) ?
Has anyone seen or know of a manefestation that would cause this poltergeistish actvity?
Stats:
Win2000, sp 4
IE 5.5
Running NAV, I updated to the latest and ran a full system scan, no infections found.
Ran ad-aware, found only Alexis and a handful of data mining cookies.
Running behind corporate firewall.
Yep, I immediately called the security group. I was hoping one of them could see it in action. He got there too late, but he fired up NAV, poked around in the registry, and we found nothing too out-of-the-ordinary.
The CPU% skyrocketed, but when I went to see which .EXE was responsible, I just missed it (it was just dropping again). If I can catch it, that may bring me closer to finding what it was.
My wife had something very similar to this just last month on her work computer…networked, behind a firewall. It was spyware. I found the file responsible for eating up her CPU in the Task Manager, so when I ended the task, something in the registry fired it back up automatically. Uh-oh. Luckily on the very next day, we had a network pro coming in to add a printer and software to all of our computers, and I asked him if he knew how to eliminate it. After a good 40 minutes of poking, proding and cleaning, he figured out which files and registries (or changes) needed to be eliminated and fixed. This was his first encounter with this type of spyware too. In the Task Manager, I think the file eating the CPU time was “dyssys.exe” or something close to that.
If any of the people we support described this, I’d check for a wireless keyboard/mouse myself.
With the cpu useage it’s somewhat unlikely to be the cause. Carry on!
This happened to a coworker of mine when she was working on her laptop. Random words and gibberish were appearing with no apparent cause. She was scared speechless, as she though she was being hacked.
Turned out the machine had a built in mic, and speech recognition was on, and was picking up the odd word and background noise, and “typing” it.
Turned the mic off, and no more problem. I’m doubtful that this is the case for this situation, but it is worth a look.
Personally, I would suspect a prank of some sort: One of your office-mates surreptiously installed some sort of back-door program on your computer, and is using it to type freaky things. This would explain why you kept on just missing the culprit program, and why things were being typed a character at a time.
I should have remembered that. :smack: Given the CPU usage and slow, random input, that sounds like a good bet. Here’s a similar story where the speech recognition was to blame.
There’s a few details I left out that make this explanation a long shot.
[ol]
[li]I’ve got administrative rights to all computers in the company plus I’ve got remote access tools. According to the documents I signed, due to the sensitive data I could get hold of, leaving my computer unlocked and unattended is cause for termination. I’m not saying I never forget, but it does make this less likely.[/li][li]Someone else messing with my pc would also be a terminatable offense.[/li][li]The only people who could (technically) and might (because I know them well enough) are all in my department, which is an IS applications department. Though we back up frequently, a computer crash could still really screw up somone’s project due to time lost to reimaging, reinstallations, recovery of backup, and lost work since last backup. Though we do play practical jokes on one another, they usually involve office furniture. Never have I heard of one involving a computer – it would be too dangerous, and we’re all a little too serious about our work to do it. That last phrase makes us sound more dour than we are.[/li][li]Similarly, if I had to get my laptop reimaged, I could be out of work for a day. Since my internal billing rate is about $1000/day (I get nothing close to this, by the way), as are the billing rates of others in the office, I can’t imagine that someone would risk that, either.[/li][li]I’m a supervisor in the dept, and people would likely assume I’d be obligated to do some disciplinary action if I found out who it was (not because it was a practical joke, but because it was a security violation).[/li][li]It wasn’t very funny.*[/li][li]It didn’t work very well.**[/li][li]The text stream, though slow and methodical, was too regular to be being typed by a person.[/li][/ol]
It wasn’t funny in that I showed a couple people, called IS security, started this thread. Not much humor factor. Not like when I actually did pull something like this in the early 1990’s. There was a quite unpleasant woman I worked with who was also quite religious. I on several occasions copied her autoexec.bat file to a different location on the computer and wrote a new one that used phrases like NATAS, and later 666 and SATAN as the prompt, and the last line of the autoexec copying the old one over the modified one. She’d have her computer showing
666 SATAN 666 C:>
facing her in the morning, and if she checked the autoexec file (have someone else check it, that is, she wouldn’t know how to do it, or even what an autoexec file was), it said no such thing! Trouble was, she never noticed it. She wasn’t very observant.
** It’s hard to explain, but this had much more the look of something that was trying to do something else, and text somehow got redirected onto IE. It only happened on two pages, neither of which anyone would have known I was going to. The one in a story on CNN.com wasn’t easy to see – off to the right between a couple of ads. Also, spaces had a wierd little line under them with a dot a couple pixels above. Again, it’s hard to fully explain, but this had the look of some type of error that happened to capture this odd text stream.
If you’re allowed, use AVG as well.
I was cleaning someone else’s computer and AVG found things that NAV didn’t find. Also MS AntiSpyware does a better job of scouring the registry than AdAware.
