Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange evolving cursor prob. Suspected malware or virus!


  • This topic is locked This topic is locked
89 replies to this topic

#1 blinky88

blinky88

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 14 July 2017 - 06:59 AM

Hi guys,

 

I read the intro on new posts and what i should do before posting here, but i kind of wanted to cut to the chase on the main theory of fixing this problem.

Maybe im missing something simple before i post lots of logs and overanalysing task manager processes and hijackthis logs!  

**(i will upload logs and screenshots next in an hour or so)

 

***** SYMPTOMS *****

1. CURRENTLY, MY MOUSE IS CHANGING OR TWITCHING TO PIXELATED VERSION WHEN OPENING A PROGRAM OR APPLICATION. ORIGINALLY IT DISAPPEARED ON REBOOT, BUT IT COMES BACK A FEW HOURS LATER, (POSSIBLY FUELED BY A HIDDEN OR CORRUPTED PROGRAM?)

2. 2ND CURSOR, BLACK COLOUR STUCK ON SCREEN SOMETIMES (RANDOM BUT GONE FOR NOW)

3. THE SCREEN IS REFRESHING ITSELF OR TWITCHING OCCASIONALLY. 

4. BACKGROUND THEME CHANGED ITSELF. CURRENTLY I CANT FIX THIS...ALL MY ICONS ARE 'INDENTED' FROM EACH SIDE OF THE SCREEN ON THE DESKTOP BACKGROUND.

5. AVAST SHIELDS TURNED OFF RANDOMLY TWICE (SEEMS TO HAVE STOPPED AFTER ALL THE SCANS).

*****

 

My system: 

Lenovo ideapad 310-15ABR  

AMD A12-9700P 7th gen.

RADEON R7

10 COMPUTE CORES 4C+6GS 2.50GHZ

12GB RAM

Windows 10 64bit

 

Over the years, (on 4 laptops) im reasonably tech-savvy, and have always kept a smoothly run pc/laptop. Ultimately, using the below programs (free versions):

the main 4:

Avast. (high heuristics, deep and rootkits enabled)

Ccleaner.

Superantispyware.

Malwarebytes.

 

and others, when i did get more pesky or persistent issues:

Hijackthis.

S and D Spybot. 

Kaspersky AV. (high heuristics and roots)

Hitman Pro.

AVG (only in the past- havent used this in years since everyone complained about removal issues).

 

As far as i know, these are the best of their kind and despite being free versions they have very rarely let me down over the years.... untill now i guess! 

 

The programs above that can be, were run in safemode to ensure max effectiveness.

 

I have tried 2 restore points and this problem has come back. 

 

Tried reinstalling most programs and updating them, manually. including AMD GRAPHICS for the desktop flickering/refreshing issue. 

 

I assume its from a TORRENT file possibly, be it pirate copy of a large game folder... or just music files. ...but i have used file scanner (deep scan) from avast, kaspersky and spybot with no hits. 

 

*I then scanned my external hard drives and did come back with a TROJAN.WIN32, with Kaspersky on my WD 2tb drive, INCLUDING Avast getting 2 files in a torrented game file (see attached screenshots).

*i have NOT scanned my phones yet (on the agenda however).

*i have NOT tried AVG yet.

 

Im reduced to my knees now, as im concerned my system could be compromised at the deepest undetectable level, and i reeeeeally dont want to have to reset this PC, as i have programs i cant get back ...'sigh' :(

 

 

Superrr appreciate any help from you guys... and apologies if im a bit scatty with my procedure or explanations, ha!

Cheers

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 14 July 2017 - 02:25 PM

Hello blinky88 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

===================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Frst.txt
Addition.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 17 July 2017 - 01:28 AM

Hi blinky88

It has been a couple of days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 17 July 2017 - 11:20 AM

Ok thanks mate. 

 

Just give me another day or so, i put a whole week aside for this before, scanning most days of course haha, but right now, im just rebooting regularly limiting my use on this laptop. 

 

thanks for your patience



#5 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 17 July 2017 - 03:16 PM

No problem but please keep meet in touch with what's happening.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 21 July 2017 - 04:41 PM

Hi blinky88

It has been several days since I replied to you and feel that I have given you enough time to reply.

Please send the results of the scans I asked you to run but if I do not hear from you within 24 hours I'll assume that you no longer need help and close this topic.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 06:02 AM

Appreciate it Satchfan, im back! 

 

Farbar is like hijackthis it seems. I thought hijackthis was supposed to be (one of) the best? ...Anyway, i wont question you :) 

Running the scans now, but FRST is taking alot longer than hijackthis, so il leave it running and come back to it in a couple hours.

 

I should add, ive left my WD 2TB ext.hdd plugged in, wifi enabled and torrent is downloading. I hope these dont affect anything too much, if not i thought it would help, as the scans will scan my most popular processes this way. Maybe im wrong.

Also, HMPro, Kaspersky and Avast are running in the background, possibly other security programs, but i think you will see this in the logs and Securitycheck program. 

Torrent wise, ive never had any serious problems like this (well not serious at this stage, but potentially right?) over the years, but i know how fast times are changing... especially due to governments and hackers evolving in the past 5years.. clamping down so to speak, and less trustworthy sources/websites popping up (clone-sites etc.).

 

Cheers



#8 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 10:14 AM

Ive wasted 30minutes looking for Security check LOGS but no idea where theyre stored... i can run it again later either way. just thought it best to send you the 2 different scans together at the same time before shutting down. 

cheers

Attached Files


Edited by blinky88, 22 July 2017 - 10:15 AM.


#9 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 10:27 AM

Tried trawling through event viewer also, but cant find it sorry. il scan it again later ok? cheers



#10 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 22 July 2017 - 11:22 AM

Having glanced briefly at your logs I’m not surprised that you are having problems.

First:

Multiple antiviruses

You have AVG and Kaspersky antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Unless you have paid for Kaspersky I would suggest you uninstall both as Windows Defender is more than capable and less intrusive than either but, it is your choice.

If you uninstalled AVG there will still be some remnants on your computer even after the uninstall so please download and run AVG Removal Tool from here.

===================================================

Next

Spybot Search & Destroy

We no longer recommend this product because of its poor results in testing, therefore I suggest that you uninstall it.

If you don't want to uninstall it then please at least disable Tea Timer while you carry out the rest of my instructions: you can re-enable it when we are finished. Instructions for disabling TeaTimer are here.

If you do decide to uninstall the program, first “Undo” your immunization before uninstalling. You can do that under “Immunization”, by clicking the Undo Immunization button.

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.


Also, if you have any pirated software on your computer please remove it as continuing to help you could be viewed as supporting/condoning this so if you want to continue, I need you to uninstall all the illegal software that you have downloaded or installed.

================================================

When you’ve done all of the above, please try SecurityCheck again and then run FRST again making sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Checkup.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 03:34 PM

As i thought was clear in my original post, i didnt have any other antivirus installed untill *AFTER i had this problem, but i know what you mean, that if theyre all running at the same time they affect each other negatively. 

 

That is why i listed the order of the programs i usually use. (avast/malwbyt/superanti/ccleaner)

Then if a problem persists or hard to remove, i get the other programs and tools to try remove it. (the other programs mentioned earlier)

 

In this case, i disabled avast and hmpro whilst scanning with kaspersky, and so forth with each one etc.

 

I was going to uninstall all these 'extra' programs after i got rid of the problem of course.

 

I havent installed AVG yet or ever on this machine, only downloaded it ready as a last resort ( especially didnt install it due to countless removal complaints online!!).

 

 

Anyway, ok il uninstall spybot, utor and the other programs as they arent helping much anyway clearly.

 

Can you point out what you mean by pirated software? anything downloaded from internet? or only via Utorrent? as some of these games i have bought officially, some online, some in shops back in my home country, but they wouldnt run or install right from CD, so i had to get fixes and files via online sometimes. Battlefield keys and regs i have also.

I understand your position though. thankyou, let me double check all this now.



#12 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 03:40 PM

Oh can i also ask, are you really in Devon? Im from Somerset myself, near Bristol, but living abroad right now. I have family in Devon, who i miss very much lately, ha!. 

 

Anyway, thanks again for being so patient with me :)



#13 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 22 July 2017 - 04:15 PM

Oh i must point out 3 things also...

 

1. new WIN UPDATE - when this came out i think about a month ago or 2months ago, is when i noticed a few 'strange' changes to my system.

Didnt affect me too much, so of course life goes on. It seems since then, little things have changed over time and especially the desktop changing itself and other symptoms (several above) i listed in my original post.

#(Ive been reading other peoples problems who keep referring to win update being the root cause.)

Is it possible the new windows update, or any actually, can have malware in it, or be corrupted somehow? 

 

2. this poor guy seems to be having similar problems that im having, but sounds more progressed than my situation. This troubles me deeply. 

https://www.bleepingcomputer.com/forums/t/652087/everything-is-infected-worst-situation-in-past-10-years/

 

especially as i have noticed i have 3 separate program files' folders also:

Program Files

Program Files x86

ProgramData   (where he says it was originally Program Data - but i cant swear by this myself)

 

*I wont list all the matching problems, ..but this part stands out as most pressing.

 

...either way, i think his thread can be useful to you in more ways than it is to me. 

Is this normal? 

 

3. i think i know the answer but should i consider running ZEMMANA and ADWCLEANER after i uninstall all those programs you mentioned? these 2 programs seem to pop up alot on your forums as being effective. 

 

thanks



#14 satchfan

satchfan

  • Malware Response Team
  • 2,667 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:29 AM

Posted 22 July 2017 - 04:53 PM

Oh can i also ask, are you really in Devon? Im from Somerset myself, near Bristol, but living abroad right now.

Yes, Exeter.

Apologies about AVG, it's Avast.

This may take a few steps as there are definitely problems within you first log that need to be dealt with before we can move forward and deal with remaining ones.

We do recognise symptoms in the logs that we ask for and then deal with them in a certain methodical manner. I need you to not run any scans on your own and stick with this in the order I send the instructions.

Please still follow what I suggested re the antiviruses and then the other instructions here about running SecurityCheck and FRST then send the results.

 

Thanks

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 blinky88

blinky88
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 24 July 2017 - 04:45 PM

Do you mind waiting just a few more days? 

 

  • So far ive uninstalled: Spybot (incl unimmunized), Kaspersky (all), HMpro. 
  • Games and misc: ACIVBF, doomdemo, microsoft365, and a few others.

(i dont see the need to uninstall Malwarebytes, Avast, Superantispyware and CCleaner right away tho, as these are my basics for long-term optimum security... or do you want me to uninstall them?).

 

  • Twice now,within 9hours (see timestamps in both screenshots), the shields have been disabled and chrome wouldnt open any pages, despite internet and wifi working fine.

(i checked this out briefly, and can be fixed with a repair or reinstall of avast. However it could also be due to a virus right?). I just rebooted and it fixed it, ..hmm for now, ha.

 

*****

  • Just to re-iterate, 3 detected INFECTIONS found, but only on my F Drive (external), via Avast and Kaspersky (screenshots in original post):
  1.  HTML:Script-inf
  2.  Win32:Malware gen
  3.  Trojan.Win32.Yakes.Ibcn

 

*****

 

The Yakes trojan seems to be most worrying after googling just a little. 

 

Anyway, il run the scans and get the 3 NEW logs up in the next few days, after uninstalling uTorrent and last few progs.

 

Cheers again :)

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users