I have a problem where a process is constantly doing screen captures, slowing down my system. I have Mcafee latest DAT but it has not able to detect any malware. I installed Rapport software few days back. It has reported that explorer.exe is doing screen captures of the browser and that it has blocked the process from screen capturing the browser pages. When I run Mcafee Rootkit Detective, I see one entry in the hooked export/imports -
Export: Function: ADVAPI32.DLL!RegOpenKeyW => 01890000 + 0xfef
Module path - 01890000 + 0xfef
The PID reported here is related to explorer.exe
Is this a malware, if yes why Mcafee is not detecting it?
Please send us the suspicious sample/files for analysis, in a password-protected ZIP file (password - infected).
You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>
We will forward the samples to senior research engineers for further review and let you know the results.
If you can provide any additional information, please do so.
Thanks Anand. I uploaded the file on WebImmune - Analysis ID: 5833900
According to findings, there is no malware detected. More information on this problem (Apart from the one in the thread above) -
My laptop does not boot up when I switch on the power, unless I press F1 immediately.
The Control-C does not work if there a larger time gap between pressing control and C (It has to be really quick control and C to allow a copy).
Both these problems and the print screen one are connected. Because I had a brief period of time when these problems disappeared together, after I installed a Java update (Or possibly Windows patches). But it has come back and the same trick of updating Java or windows patch do not work this time.