Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Background Screen on Desktop Computer when Launched Zoek


  • Please log in to reply
5 replies to this topic

#1 agenthood

agenthood

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:United States
  • Local time:06:58 AM

Posted 13 July 2017 - 06:47 AM

Hi, I hope this is the correct forum for this question.

 

I have a desktop computer that I believe is infected with a virus.  I don't know which viruses at this point.  I was reading the forums here and found out about zoek.   I downloaded it and launched it.  I did not do anything except launch it to see what it looks like and its features.  When I launched it a large background screen came on the machine that looked similar to a description page of network, dns or web domain information.  I should have taken a picture but I didn't.  It referenced information outside the united states (I am in the united states).  I was so surprised.  I didn't know if I had downloaded some bad software or if zoek had some bad software attached to it or if the software was flagging this as a warning.  It finally went away on its own and the desktop background reappeared.  I launched zoek again and this time it showed the typical screen for the software.  I did not take any action with zoek - was just looking at the software.

 

Does anyone know what that was?  Do I need to take action to address this?

 

Thanks



BC AdBot (Login to Remove)

 


#2 midimusicman79

midimusicman79

  • Members
  • 790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:11:58 AM

Posted 13 July 2017 - 10:43 AM

Hi, agenthood!

Zoek is a diagnostic Anti-Malware tool developed by smeenk, who is a Security Colleague from the Netherlands.

It is only used in the Virus, Trojan, Spyware, and Malware Removal Logs Forum, in which members of the Malware Response Team assist users with removing malware from their computer.

When launched for the first time, the said tool actually runs a preparation script before the graphical user interface appears on screen after a noticeable delay.

And during this script, a black command prompt window will pop up in a flash on screen as you described.

You do not have to take any action to adress this, as this is perfectly normal behavior.

Quietman7 will give you recommendations as to how to proceed from here.

Regards,
midimusicman79

Edited by midimusicman79, 14 July 2017 - 06:44 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#3 agenthood

agenthood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:United States
  • Local time:06:58 AM

Posted 13 July 2017 - 12:11 PM

Thanks for that information.  I will add that the background screen was not a command prompt.  It took over the entire background of the desktop screen and the country was Russia not the Netherlands.  So, should I be concerned?



#4 midimusicman79

midimusicman79

  • Members
  • 790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:11:58 AM

Posted 14 July 2017 - 08:01 AM

Hi again, agenthood!
 
You are welcome!

I suppose you downloaded Zoek from the official BC link, here: http://download.bleepingcomputer.com/smeenk/, either by clicking on the exe-file button at the left, or by clicking on the direct link on the MRL Forum.
 
I do not know why, but it does albeit show a HTTP 404 error, though all the links still work anyway.
 
If you are concerned that your computer has a virus, then I would suggest that you start a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs Forum, for assistance by the Malware Response Team.
 
Please follow the instructions in the Malware Removal and Log Section Preparation Guide.
 
Good luck! :)
 
Regards,
midimusicman79

Edited by midimusicman79, 15 July 2017 - 02:05 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#5 agenthood

agenthood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:United States
  • Local time:06:58 AM

Posted 15 July 2017 - 05:43 AM

Yes I downloaded it from a link on this website.  Thanks for your input.  I will start a new topic in the future.  I have scanned with other tools for now.  



#6 midimusicman79

midimusicman79

  • Members
  • 790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:11:58 AM

Posted 15 July 2017 - 06:24 AM

Hi again, agenthood!

 

You are welcome!

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users