40

A random popup appears in Windows 7 titled as Information with a progress bar and a clock. The window sometimes says Please wait a moment..., and the progress bar moves very slowly and disappears.

enter image description here

I don't know the source of this popup. I tried to search regarding this popup on the Internet, and some people had this problem. It also has a question on Yahoo! Answers, but everyone told to scan for malware and viruses.

Is there any way to know the source process for this window/popup?

  • The task manager shows nothing about this window
  • The only tasks that are running are Google Chrome, etc.
  • Right-click and left-click does not work on this window or its title bar.
Excellll
  • 12,627
  • 11
  • 51
  • 78
krg265
  • 511
  • 1
  • 4
  • 8
  • 2
    Since you accepted an answer, can you tell what process it was and if it was malicious ? Thanks. –  Feb 24 '15 at 15:24
  • 1
    This quickly resembles the window that showed when you were mounting a drive using Daemon tools. – Ismael Miguel Feb 24 '15 at 15:43
  • It was not any malicious software but Zemana Antilogger Free. Reinstalling the software solved the issue(For now atleast). – krg265 Feb 24 '15 at 17:18
  • 1
    That looks like it was made with Delphi, using this tool for their exceptions: http://madshi.net/madExceptDescription.htm.. This is the same tool we use for our exception handling where I work. if it was popping up randomly it means the program was getting bugs – Sentient Feb 25 '15 at 19:41

1 Answers1

82

You can identify the application by getting Process Explorer tool from Microsoft SysInternals.

At the toolbar, locate and use the following tool:

enter image description here

If you drag & drop it over unknown window, its process will become highlighted in the list.

What you can do then is to right-click that process and select Check VirusTotal to see whether the image is valid and well-known.

You can also double-click the process to learn about its EXE path, parent process or company who created it.

miroxlav
  • 13,008
  • 6
  • 65
  • 103
  • Works usually. I managed to get one to say csrss.exe this way. – Joshua Feb 23 '15 at 22:25
  • 1
    @Joshua That is the process that started the command. Sometimes you find things like `dllhost.exe /start c:/evil/file/here.exe` or similar. The example given is just an example, but it happens a lot. The `/start` part is mockup. When you see it in the task manager, it is simply a `dllhost.exe` process running. You need to see the full command. – Ismael Miguel Feb 24 '15 at 15:39
  • I'm pretty sure the arguments to the session of csrss.exe that is running the currently logged in session aren't of much use. – Joshua Feb 24 '15 at 17:38
  • 2
    [Process Hacker](http://processhacker.sourceforge.net/) can do this too, and is much more actively maintained. It has every feature of Process Explorer that I know of and then some (speaking as a long term Process Explorer user frustrated with lack of progress). – RomanSt Feb 25 '15 at 01:59