7
Since a couple of weeks, when I sit down in the morning and unlock my PC at work, I see a notepad window, complaining that it "Cannot find c:\oracle.message.txt". This is quite unnerving - I thought I had some malware infection, but neither Microsoft Security Essentials nor AVG found anything. Process Explorer shows that notepad is spawned from within svchost.exe, and svchost is "Verified" (that is, Process Explorer checked its digital signature and found it to be legitimate). The particular instance of svchost hosts a number of services which are visible in the screenshot, but none of them seems to be "suspect" - and none of them has anything to do with Oracle. To top it all of, my machine has NEVER had an Oracle installation - the only relevant thing I can find is the Oracle ODBC driver...
What can I do to debug/trace this?
I am a professional developer for two decades now, so feel free to suggest complex solutions, including SoftICE hardware breakpoints if necessary :-)
ttsiodras
Posted 2010-07-02T12:48:07.643
Reputation: 588
Check the command line used to launch the file - this should be accessible in Process Explorer, in process details. – Piskvor left the building – 2010-07-02T13:02:32.910
Solved - it was done via a c:\Windows\Tasks entry. The command line was exactly as specified there, in an action called "Oracle", and the cmd was "c:\windows\notepad.exe c:\oracle.message.txt". Who placed it there, and why, is a mystery beyond my abilities... – ttsiodras – 2010-07-02T14:16:07.247
The image you link to is broken. – Gaff – 2011-09-08T04:05:02.707