----- Original Message -----
From: "Lee Sharp" <leesharp at hal dash pc dot org>
> Aware, and Rootkit Revealer all show nothing. Scanning under safe mode
> still shows nothing. In desperation I scanned (With an older virus list)
> with UBCD 4 Win, and still nothing. I have already lost money on this
> job, but I want to KNOW what is doing this... Any thoughts?
www.sysinternals.com has two tool named process explorer and filemon.
They can show what processes do what to which files. Copy in a bunch of
jpgs, observe which process deletes them, find the executable with process
explorer, then use PE to kill it. And remember to keep a copy of it (the
nastyware) for later analysis.
Don't be too surprised if it's antivirus (sigh). Some of the less
intelligent ones sometimes are a little too 'smart'. Like deleting all
zipfiles with certain names, or deleting gifs with a certain size, or
'protecting' the machine against a JPG decoder bug.
(There's only one o in lose)