0

I appear to have a process or application that sends messages to the OS which cause the browser to pop up with the default page. This can happen dozens of times in a few seconds, but otherwise seems rare. This happens even when now browsers are running, for instance on a clean boot.

I've performed the usual security/adware/malware scans, and uninstalled broswer add ons and plugins. I've removed my chosen browser, only to have those messages cause IE to load up.

I've uninstalled all the programs I installed after this issue started occurring. I've also looked at the process list to see if there are any suspect processes running.

At this point I suspect the only way I'll be able to determine the source of these system calls is to intercept the message itself.

Is there an easy way to do this? I'd need to find out what process is sending the messages.

This is on a windows 7x64 installation.

Improve this question
6
  • 1
    Have you tried using ComboFix to remove unwanted programs?
    – Konrad Gadzina
    Commented Apr 18, 2013 at 17:22
  • @KonradGadzina No, Spybot Search and Destroy is what I used. Is it likely that ComboFix will find something Spybot misses?
    – Adam Davis
    Commented Apr 18, 2013 at 17:28
  • 1
    I've used Spybot long time ago, so I can't compare, but ComboFix was great helping me to cleanup when needed. ^^ Just give it a try, who knows.
    – Konrad Gadzina
    Commented Apr 18, 2013 at 17:46
  • @AdamDavis It is certain that ComboFix will find things Spybot misses.
    – Aaron Miller
    Commented Apr 18, 2013 at 17:54
  • Combofix did not resolve the problem.
    – Adam Davis
    Commented Apr 18, 2013 at 21:33

1 Answer 1

Reset to default
0

Solution:

Apparently there was an additional keyboard attached to this computer, and it has media keys, one of which was getting pressed just enough that desktop vibration would make the contact.

So if this is happening to you, remove all your USB devices just in case some joker attached a USB hub or long uSB cable and hid a pranked keyboard under your desk.

I ended up using Process Monitor and looking at the log immediately prior to the launch of the default browser. I noticed that Explorer.exe was looking up keys in the registry that have to do with buttons on multimedia keyboards (for instance you might have a keyboard with an internet button).

So a key similar to HKLM/software/microsoft/windows/currenversion/explorer/appkey/7 will usually have "association" set to "http". Setting that to "" disables the internet multimedia key.

I don't have a keyboard with that key, but I made the change anyway, as it seems that some process is sending that keypress to the system.

The random windows are no longer popping up, though I'm going to let the system run overnight just in case.

Still means I haven't found the root cause (who is sending that keypress?) but I've found a workaround.

Improve this answer
1
  • On a completely unrelated note, anyone know of any good pranks to pull on coworkers? I need something really, really good...
    – Adam Davis
    Commented May 16, 2013 at 15:07

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .