Need help with spyfader

[RAA-Kr1cH]

I'm pretty sure this is the name of the offending program. Every so often (I honestly don't know how often, but I'd say maybe half a dozen times a day that I notice) I get a blank program that pops up in the task bar. There's no text at all, just a generic window looking icon. I figured I'd try to track down exactly what it was, so I opened up the task manager to see if the next time it happened it would show up on the applications list. I launched the bf2142 demo and I noticed a program titled spyfader popped up on the list.

I looked online and got mixed results on what this really is. Apparently theres a similar file called sysfader, but this is definately spyfader, not sys. I ran window's Defender, Avast, AVG, and Blacklight. They all come up as saying my system is clean.

I found something online that suggested restarting my computer in safe mode, then searching the registry for spyfader. I tried that, and got 0 hits.

Any suggestions as to what this is, and how to deal with it would be much appreciated.

 

[YeOldeStonecat]

Try SuperAntispyware...quite a bit more effective than the old standbys..

www.superantispyware.com

 

[RAA-Kr1cH]

Ok, downloaded it and ran it. It did actually find some other stuff, but it doesn't appear that it got the offending file. I'm still seein that blank app loading in the taskbar.

Any idea if this will show up in the processes list in task manager? And also, is there anyway to record my desktop with task manager open? Will fraps do that or do I have to actually have a game running?

Thanks

Eric

 

[Malk-a-mite]

Not a good sign:
http://gladiator-antivirus.com/forum/lofiversion/index.php/t24902.html

Apr 17 2005, 09:15 AM
Final update:

There may well be a legit program called "Sysfader" but some sicko has decided it would be funny to create a virus with the same name. What I HAD was not legit, and it was not harmless. After fighting it for 14 days I lost the battle late Friday.

On Thursday my wife's Desktop shortcuts stopped functioning properly. No matter what she would click on it would open to an open HTML code notepad. That was easy enough to get around by telling the computer to open with IE. This was followed by programs disappearing and home page highjackings. I also lost all restore points as well as Norton's Go Back points. The points were still there but the system refused to restore to any of them. It said there was data missing from the files. It also began running Check Disc every time the computer was signed off. Each time it said that there was a problem with the C drive, but that it fixed it.

Early Friday my DSL was effected and I lost my link to this board and the help which you had been so graciously giving to me. I attempted to re-sync my modem and router for several hours with no luck. I finally decided to bite the bullet and send as much personal info and photos to CD and then re-format my hard drive.

When I put my restore discs in it would go through the motions but then it would come up with an error that it could not find the User Partition. It would attempt to create a new one but that would fail everytime. It was becoming apparent that I was not going to be able to format the hard drive.

Saturday morning I gave up and purchased a new hard drive and installed it. I have been working on getting it all set up since then. What ever this "Sysfader.exe" was, it grew and became destructive as time passed until it finally damaged my system beyond repair.

I do greatly appreciate all of your assistance in trying to identify this thing. What you do is is fantastic. I could never have gone through all of this without your help.

Any other information isn't much more promising:
http://amazingtechs.com/lofiversion/index.php/t27659.html

 

[Lethal]

Check out Autoruns.

http://www.sysinternals.com/Utilities/Autoruns.html

 

[RAA-Kr1cH]

Thanks for the links Malk-a-mite, it was pretty disheartening reading through them, although this doesn't appear to affect my system performance.... yet.

I'm about to run Autoruns and check it out.

Something I found kind of odd. When I ran SUPERantispyware it did find a few trojans which I deleted. BUT the blank program still shows up in the taskbar occasionally, buy spyfader no longer shows in taskmanager. Weird.

I don't have a router between my pc and the net, stupid I know, so I'm going to go out and buy one tonight. I'm really paranoid this might be some kind of keylogger.

 

[RAA-Kr1cH]

I haven't made any progress on this. I don't know why I haven't reinstalled windows, I guess it's my way of saying that this thing hasn't beat me yet. I seriously doubt this will be of any assistance to anyone, but who knows, maybe it'll jog someone's memory. I started timing this, and the blank program pops up in my task bar every 15 minutes.

 

[Malk-a-mite]

If you are seriously worried - drop a hub between your computer and the net (router/ICS PC/whatever) - and fire up the packet sniffer of your choice on another PC.

If you think there is a program that has comprimised your system you need to move to off system utilites to monitor the situation.