What they heck is Tukan?
February 7, 2010 8:48 AM   Subscribe

Periodically, when booting my wife's XP laptop, an application called Tukan launches. I can't figure out what it is or how it is spawned.

In the Task Manager, the task appears on the Applications tab just as Tukan. It appears as a minimized window and when I click on it, you see the animation of a window maximizing but nothing appears. If I right-click on it, no context menu appears. I can end it through the Task Manager and it does not re-appear until a reboot occurs. But, it doesn't always launch on a reboot.

I have searched the hard drive, examined the start-up folder, searched the registry, examined all the items in the Run nodes of the registry, have examined the config files through sysedit, I have stopped and started many processes and I just can't find anything.

I can't find anything relevant on the Internet. Only hit at McAfee was a red haring as Tukan appeared as a first name sent in an email from a virus.

Do you have any suggestions? Thanks!
posted by GregWithLime to Computers & Internet (13 answers total) 5 users marked this as a favorite
If you go to Start ->Run, type in "msconfig" and then look at the Startup tab, do you see it listed in there? That should give the path to where the files are located, and you can uncheck it from starting there as well.
posted by kellyblah at 9:17 AM on February 7, 2010

AMAZINGLY, this question appears as the 2nd Google item under "Tukan application" - and the question is only 10 minutes old!!!

BTW, Spybot offers the ability to control what can & can't load at startup. If installed, it would allow you to also see where on your disk it is loading from.

This seems unlikely to be the source, as it's a programming analysis framework, but FWIW:

Sorry I can't be more help.

(Purely FYI: "red haring herring")
posted by IAmBroom at 9:20 AM on February 7, 2010

Autoruns from sysinternals is a very comprehensive way of getting everything that is launched at startup.
You can also use another sysinternals tool Process Explorer to find out the name of the executable that launched it.
Random googling does fine the name tukan on a few virus lists, but it's not necessarily a virus - If you don't have a virus scanner installed, you could always grab the free Microsoft security essentials which will do a reasonable job of detecting most common threats for free.
posted by samj at 9:24 AM on February 7, 2010

Oops, yes of course, the fish herring. I guess I am too harried this morning. :)
posted by GregWithLime at 9:25 AM on February 7, 2010

Avast is installed on the laptop and no help with msconfig. Will look into Process Explorer. Thanks!
posted by GregWithLime at 9:34 AM on February 7, 2010

The absolute best utility you can put on your computer is CCleaner. It's free, it has been around a long time (it used to be called Crap Cleaner), and it works perfectly.

Install it (be careful with the options when you install, as it tries to install Yahoo! toolbar - just uncheck that option), and go to the "Startup" tab. It will show you everything that launches at startup and give you the option to stop or delete the process.

It also rocks at cleaning all your surfing temp files. I run it everytime I quit a surfing session.

It's registry cleaner is top-notch, too.
posted by Benny Andajetz at 10:09 AM on February 7, 2010 [4 favorites]

There are some pieces of malware that change their name to a random string on install. Are you able to stop the process using the task manager, and does it re-spawn? Try uisng a different av program to see if you get different results.
posted by theora55 at 1:20 PM on February 7, 2010

If you can't find anything in the obvious startup folders.. then the first thing I'd do is run a rootkit scan (my favorite rootkit tool is GMER ). GMER will do a quick scan and let you know if any running programs or processes are behaving suspiciously. If GMER lists anything highlighted in red (or as "suspicious"), the next thing I'd do is download and run ComboFix. ComboFix is like the Delta Force of spyware tools. The only thing Chuck Norris is scared of is ComboFix. It's that good.

It's been my experience that the above 2 tools will find 99% of infections (or atleast give me some indication/information for better Google searching.) At which point I'll usually turn to MalwareBytes, SuperAntiSpyware or ESET NOD32 Online Scanner.
posted by jmnugent at 1:44 PM on February 7, 2010 [1 favorite]

Hmm, Tukan is some kind of radio analyzer. Do you have this hardware in the machine?

Whats the execuatables name? You can do a find on your drive, find it, and delete/rename it.

Seconding using Autoruns to see whats coming up at boot time and process explorer to examine the process when its running.
posted by damn dirty ape at 4:22 PM on February 7, 2010

Right-click on Tukan in the Applications tab and select Go To Process. That will show you the executable name. Reboot in Safe Mode and search the hard disk for that executable, then rename it as whatever.exe.renamed. While you're still in Safe Mode, search the registry for the original executable name. If you're not seeing anything appropriate in the usual Run keys (either under HKLM or HKCU) then it might have installed itself in one of the Policy keys.
posted by flabdablet at 6:10 PM on February 7, 2010

Thanks for all the responses. I don't know the executable's name as it comes up in Task Manager as an application. So, the title bar text just appears as Tukan. No strange hardware on this computer and no new hardware was added for quite a while.

I was not aware of the right-click option with Applications in the Task Manager. I will definitely give that a shot when Tukan next appears and will report my findings back here.
posted by GregWithLime at 8:45 AM on February 10, 2010

The file is being spawned by a Roxio helper file. I don't find it listed anywhere on Roxio's web site. But, I removed the one Roxio component loading at start-up and Tukan since has not loaded.

I will post more if it returns. Thanks to flabdablet for the tip.
posted by GregWithLime at 4:10 PM on February 14, 2010

If you want no-bullshit CD and DVD burning without stupid licensing restrictions or mystery meat popup windows or idiot disk indexers that slow your box to a crawl, ditch Roxio and Nero and all the other commercial crap altogether, and install InfraRecorder instead. Sweet, clean, easy, reliable, Just Works.
posted by flabdablet at 6:44 PM on February 14, 2010

« Older How to treat dog ringworm at home?   |   But what if I actually get SICK!?!? Newer »
This thread is closed to new comments.