Virus / Malware: Explorer window with strange user logged into Hotmail
- by abel
I was looking into a PC, the user of which had complained that he couldn't connect to the internet and that the PC was experiencing random restarts.
The PC runs WinXP SP3. On examination, I found that the Wireless Zero Configuration service was stopped. I enabled that and the internet was back on(The pc connected through wifi). Then I started firefox and browsed to gmail.com. I did not launch any other program, except for a few explorer windows.
It was then I noticed a window had popped up(it was not a pop up). It had the explorer folder icon and instead of explorer folder contents, it showed a hotmail page, with a user named "Homer Stinson" logged in. The titlebar was empty and there were no toolbars. I asked the client whether this was his email id, which he said it was not. I opened task manager, which did not show this explorer window in it's Application tab. I switched back to the 'rogue' window and found that the hotmail settings page was now open, which later changed to the hotmail edit profile page for the same user. I was not clicking anything. Then suddenly the window closed.
I checked the autorun locations, fired up a Malwarebytes Anti Malware scan which gave a clean result. The system also had an updated installation of AVG.
I don't want a solution for this virus(?) problem. I asked this here because I wanted to know if somebody has come across something similar. What kind of malware can this be?
The user had not seen a similar window before and I should have taken screenshots.
(PS:Homer Stinson is an imaginary name. I searched for the other real name with some relevant keywords but could not come up with a virus/malware discussion post.)
UPDATE:
When I checked the PC later a DEP error had popped up closing which restarted the PC.
