Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Moving cursor and noises- suspect Vundo Virus


  • Please log in to reply
4 replies to this topic

#1 paligal

paligal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 08 May 2009 - 05:07 AM

I have an IBM Thinkpad laptop running XP and using Firefox. About 3-4 months ago, I somehow got infected with the Vundo virus. I have no idea how I got it, as I am usually extremely careful, and definitely didn't download a file. I suspect it came from a website I visited. My anti-virus didn't detect or block it when I got it.

Anyway, I removed it using numerous "Vundo Fix" tools and through online help. It is currently not showing up on any of the three anti-virus or malware detection programs I run. However, starting right around when I got the virus, I started having a very annoying thing of my cursor randomly jumping to a different place in a document I am typing, so suddenly I am typing in the middle of where I already typed and I have to go back and erase it. Very annoying. I also have been hearing that noise randomly that you usually hear from Windows when you hit a wrong key. It's an error noise. Well, my computer makes that noise randomly every now and then when I am not clicking on anything or doing anything.

Regarding the cursor issue, I looked everywhere online, and despite the fact that many other people out there also have this problem and say they suspect a virus, the only advice people give is that there must be something wrong with the mouse, or the user is accidentally hitting the mousepad and to turn it off. Well, I turned off the mousepad (using the trackstick- my computer has both) and still have the issue, so I know I am not hitting it, and I don't believe there is anything wrong with the mouse. I noticed in my search that some other people had this problem who also mentioned they had been infected with Vundo. I suspect the virus did something to my computer before I deleted it.

Regarding the error noise (it's like a bonk) randomly happening, I found one post in a forum where someone said it could be caused by spyware/malware running checks on the system in the background. This would support my theory that the Vundo virus, while seeming gone, may actually be living on in my computer.

Has anyone heard of this? And, does anyone have any idea how I can reload my keyboard/mouse driver without losing use of it? I am a total computer novice, so need step by step help if so. Regarding the error noise, does anyone have any thoughts? What should I do? Thanks!!!!!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:48 AM

Posted 09 May 2009 - 08:43 PM

does anyone have any idea how I can reload my keyboard/mouse driver without losing use of it

Simply reinstall it

What malware tools do you use?
we can try some others
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 paligal

paligal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 10 May 2009 - 03:53 AM

Thanks for responding. Dumb question, but if you reinstall, don't you lose use of the keyboard when it uninstalls the old driver? If something goes wrong, do you then have no way to control anything because there is no keyboard driver?

I am using AVG, Adaware, Malwarebytes Anti-Malware, Fix Vundo...

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:48 AM

Posted 10 May 2009 - 07:19 PM

Unless you uninstall it, it just gets overwritten



ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 paligal

paligal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 17 May 2009 - 11:11 PM

Thanks for your help! Ran the program. It detected two things. But I noticed that after I ran it, the laptop still made the random error noise, so that's not fixed...

The program log says (I omitted some of the numbers in the two files because I'm a computer dummy and not sure if that number somehow identifies my machine, and I prefer to protect privacy...Anyway, the two are the same except for the last part anyway):

Memory items scanned : 228
Memory threats detected : 0
Registry items scanned : 6385
Registry threats detected : 2
File items scanned : 60385
File threats detected : 0

Rogue.Component/Trace
HKU\S-1-5-21-2980094091-2777712294-xxxx\Software\Microsoft\CS41275
HKU\S-1-5-21-2980094091-2777712294-xxxx\Software\Microsoft\FIAS4018




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users